Examples with UserSubject org.apache.cxf.rs.security.oauth2.common.UserSubject used on opensource projects

Example 1 with UserSubject

use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.

the class AccessTokenIntrospectionClient method convertIntrospectionToValidation.

private AccessTokenValidation convertIntrospectionToValidation(TokenIntrospection response) {
    AccessTokenValidation atv = new AccessTokenValidation();
    atv.setInitialValidationSuccessful(response.isActive());
    if (response.getClientId() != null) {
        atv.setClientId(response.getClientId());
    }
    if (response.getIat() != null) {
        atv.setTokenIssuedAt(response.getIat());
    } else {
        Instant now = Instant.now();
        atv.setTokenIssuedAt(now.toEpochMilli());
    }
    if (response.getExp() != null) {
        atv.setTokenLifetime(response.getExp() - atv.getTokenIssuedAt());
    }
    if (!StringUtils.isEmpty(response.getAud())) {
        atv.setAudiences(response.getAud());
    }
    if (response.getIss() != null) {
        atv.setTokenIssuer(response.getIss());
    }
    if (response.getScope() != null) {
        String[] scopes = response.getScope().split(" ");
        List<OAuthPermission> perms = new LinkedList<OAuthPermission>();
        for (String s : scopes) {
            if (!StringUtils.isEmpty(s)) {
                perms.add(new OAuthPermission(s.trim()));
            }
        }
        atv.setTokenScopes(perms);
    }
    if (response.getUsername() != null) {
        atv.setTokenSubject(new UserSubject(response.getUsername()));
    }
    atv.getExtraProps().putAll(response.getExtensions());
    return atv;
}

Example 2 with UserSubject

use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.

the class OAuthRequestFilter method createSecurityContext.

protected SecurityContext createSecurityContext(HttpServletRequest request, AccessTokenValidation accessTokenV) {
    UserSubject resourceOwnerSubject = accessTokenV.getTokenSubject();
    UserSubject clientSubject = accessTokenV.getClientSubject();
    final UserSubject theSubject = OAuthRequestFilter.this.useUserSubject ? resourceOwnerSubject : clientSubject;
    return new SecurityContext() {

        public Principal getUserPrincipal() {
            return theSubject != null ? new SimplePrincipal(theSubject.getLogin()) : null;
        }

        public boolean isUserInRole(String role) {
            if (theSubject == null) {
                return false;
            }
            return theSubject.getRoles().contains(role);
        }
    };
}

Example 3 with UserSubject

use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.

the class AbstractGrantHandler method doCreateAccessToken.

protected ServerAccessToken doCreateAccessToken(Client client, UserSubject subject, String requestedGrant, List<String> requestedScopes, List<String> audiences) {
    ServerAccessToken token = getPreAuthorizedToken(client, subject, requestedGrant, requestedScopes, audiences);
    if (token != null) {
        return token;
    }
    // Delegate to the data provider to create the one
    AccessTokenRegistration reg = new AccessTokenRegistration();
    reg.setClient(client);
    reg.setGrantType(requestedGrant);
    reg.setSubject(subject);
    reg.setRequestedScope(requestedScopes);
    reg.setApprovedScope(getApprovedScopes(client, subject, requestedScopes));
    reg.setAudiences(audiences);
    return dataProvider.createAccessToken(reg);
}

Example 4 with UserSubject

use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.

the class JwtBearerGrantHandler method createAccessToken.

@Override
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
    String assertion = params.getFirst(Constants.CLIENT_GRANT_ASSERTION_PARAM);
    if (assertion == null) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
    try {
        JwsJwtCompactConsumer jwsReader = getJwsReader(assertion);
        JwtToken jwtToken = jwsReader.getJwtToken();
        validateSignature(new JwsHeaders(jwtToken.getJwsHeaders()), jwsReader.getUnsignedEncodedSequence(), jwsReader.getDecodedSignature());
        validateClaims(client, jwtToken.getClaims());
        UserSubject grantSubject = new UserSubject(jwtToken.getClaims().getSubject());
        return doCreateAccessToken(client, grantSubject, Constants.JWT_BEARER_GRANT, OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE)));
    } catch (OAuthServiceException ex) {
        throw ex;
    } catch (Exception ex) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT, ex);
    }
}

Example 5 with UserSubject

use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.

the class ResourceOwnerGrantHandler method createAccessToken.

public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
    String ownerName = params.getFirst(OAuthConstants.RESOURCE_OWNER_NAME);
    String ownerPassword = params.getFirst(OAuthConstants.RESOURCE_OWNER_PASSWORD);
    if (ownerName == null || ownerPassword == null) {
        throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_REQUEST));
    }
    UserSubject subject = loginHandler.createSubject(client, ownerName, ownerPassword);
    if (subject == null) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
    return doCreateAccessToken(client, subject, params);
}