use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.
the class DirectAuthorizationService method authorize.
@POST
@Consumes("application/x-www-form-urlencoded")
@Produces("text/html")
public Response authorize(MultivaluedMap<String, String> params) {
SecurityContext sc = getAndValidateSecurityContext(params);
Client client = getClient(params);
// Create a UserSubject representing the end user
UserSubject userSubject = createUserSubject(sc, params);
AccessTokenRegistration reg = new AccessTokenRegistration();
reg.setClient(client);
reg.setGrantType(OAuthConstants.DIRECT_TOKEN_GRANT);
reg.setSubject(userSubject);
String providedScope = params.getFirst(OAuthConstants.SCOPE);
List<String> requestedScope = OAuthUtils.getRequestedScopes(client, providedScope, useAllClientScopes, partialMatchScopeValidation);
reg.setRequestedScope(requestedScope);
reg.setApprovedScope(requestedScope);
ServerAccessToken token = getDataProvider().createAccessToken(reg);
ClientAccessToken clientToken = OAuthUtils.toClientAccessToken(token, isWriteOptionalParameters());
return Response.ok(clientToken).build();
}
use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.
the class DirectAuthorizationService method createUserSubject.
protected UserSubject createUserSubject(SecurityContext securityContext, MultivaluedMap<String, String> params) {
UserSubject subject = null;
if (subjectCreator != null) {
subject = subjectCreator.createUserSubject(getMessageContext(), params);
if (subject != null) {
return subject;
}
}
subject = getMessageContext().getContent(UserSubject.class);
if (subject != null) {
return subject;
}
return OAuthUtils.createSubject(securityContext);
}
use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.
the class ImplicitGrantService method createAuthorizationData.
@Override
protected OAuthAuthorizationData createAuthorizationData(Client client, MultivaluedMap<String, String> params, String redirectUri, UserSubject subject, List<OAuthPermission> requestedPerms, List<OAuthPermission> alreadyAuthorizedPerms, boolean authorizationCanBeSkipped) {
OAuthAuthorizationData data = super.createAuthorizationData(client, params, redirectUri, subject, requestedPerms, alreadyAuthorizedPerms, authorizationCanBeSkipped);
data.setImplicitFlow(true);
return data;
}
use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.
the class RedirectionBasedGrantService method createAuthorizationData.
/**
* Create the authorization challenge data
*/
protected OAuthAuthorizationData createAuthorizationData(Client client, MultivaluedMap<String, String> params, String redirectUri, UserSubject subject, List<OAuthPermission> requestedPerms, List<OAuthPermission> alreadyAuthorizedPerms, boolean authorizationCanBeSkipped) {
OAuthAuthorizationData secData = new OAuthAuthorizationData();
secData.setState(params.getFirst(OAuthConstants.STATE));
secData.setRedirectUri(redirectUri);
secData.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE));
secData.setNonce(params.getFirst(OAuthConstants.NONCE));
secData.setClientId(client.getClientId());
secData.setResponseType(params.getFirst(OAuthConstants.RESPONSE_TYPE));
if (requestedPerms != null && !requestedPerms.isEmpty()) {
StringBuilder builder = new StringBuilder();
for (OAuthPermission perm : requestedPerms) {
builder.append(perm.getPermission() + " ");
}
secData.setProposedScope(builder.toString().trim());
}
if (!authorizationCanBeSkipped) {
secData.setPermissions(requestedPerms);
secData.setAlreadyAuthorizedPermissions(alreadyAuthorizedPerms);
secData.setHidePreauthorizedScopesInForm(hidePreauthorizedScopesInForm);
secData.setApplicationName(client.getApplicationName());
secData.setApplicationWebUri(client.getApplicationWebUri());
secData.setApplicationDescription(client.getApplicationDescription());
secData.setApplicationLogoUri(client.getApplicationLogoUri());
secData.setApplicationCertificates(client.getApplicationCertificates());
Map<String, String> extraProperties = client.getProperties();
secData.setExtraApplicationProperties(extraProperties);
secData.setApplicationRegisteredDynamically(client.isRegisteredDynamically());
secData.setSupportSinglePageApplications(supportSinglePageApplications);
String replyTo = getMessageContext().getUriInfo().getAbsolutePathBuilder().path("decision").build().toString();
secData.setReplyTo(replyTo);
personalizeData(secData, subject);
addAuthenticityTokenToSession(secData, params, subject);
}
return secData;
}
use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.
the class JwtTokenUtils method createAccessTokenFromJwt.
public static ServerAccessToken createAccessTokenFromJwt(JoseJwtConsumer consumer, String jose, ClientRegistrationProvider clientProvider, Map<String, String> claimsMap) {
JwtClaims claims = consumer.getJwtToken(jose).getClaims();
// 'client_id' or 'cid', default client_id
String clientIdClaimName = JwtTokenUtils.getClaimName(OAuthConstants.CLIENT_ID, OAuthConstants.CLIENT_ID, claimsMap);
String clientId = claims.getStringProperty(clientIdClaimName);
Client c = clientProvider.getClient(clientId);
long issuedAt = claims.getIssuedAt();
long lifetime = claims.getExpiryTime() - issuedAt;
BearerAccessToken at = new BearerAccessToken(c, jose, lifetime, issuedAt);
List<String> audiences = claims.getAudiences();
if (audiences != null && !audiences.isEmpty()) {
at.setAudiences(claims.getAudiences());
}
String issuer = claims.getIssuer();
if (issuer != null) {
at.setIssuer(issuer);
}
Object scope = claims.getClaim(OAuthConstants.SCOPE);
if (scope != null) {
String[] scopes = scope instanceof String ? scope.toString().split(" ") : CastUtils.cast((List<?>) scope).toArray(new String[] {});
List<OAuthPermission> perms = new LinkedList<OAuthPermission>();
for (String s : scopes) {
if (!StringUtils.isEmpty(s)) {
perms.add(new OAuthPermission(s.trim()));
}
}
at.setScopes(perms);
}
final String usernameProp = "username";
String usernameClaimName = JwtTokenUtils.getClaimName(usernameProp, usernameProp, claimsMap);
String username = claims.getStringProperty(usernameClaimName);
String subject = claims.getSubject();
if (username != null) {
UserSubject userSubject = new UserSubject(username);
if (subject != null) {
userSubject.setId(subject);
}
at.setSubject(userSubject);
} else if (subject != null) {
at.setSubject(new UserSubject(subject));
}
String grantType = claims.getStringProperty(OAuthConstants.GRANT_TYPE);
if (grantType != null) {
at.setGrantType(grantType);
}
String grantCode = claims.getStringProperty(OAuthConstants.AUTHORIZATION_CODE_GRANT);
if (grantCode != null) {
at.setGrantCode(grantCode);
}
String codeVerifier = claims.getStringProperty(OAuthConstants.AUTHORIZATION_CODE_VERIFIER);
if (codeVerifier != null) {
at.setClientCodeVerifier(codeVerifier);
}
String nonce = claims.getStringProperty(OAuthConstants.NONCE);
if (nonce != null) {
at.setNonce(nonce);
}
Map<String, String> extraProperties = CastUtils.cast((Map<?, ?>) claims.getClaim("extra_properties"));
if (extraProperties != null) {
at.getExtraProperties().putAll(extraProperties);
Map<String, Object> cnfClaim = CastUtils.cast((Map<?, ?>) claims.getClaim(JwtConstants.CLAIM_CONFIRMATION));
if (cnfClaim != null) {
Object certCnf = cnfClaim.get(JoseConstants.HEADER_X509_THUMBPRINT_SHA256);
if (certCnf != null) {
at.getExtraProperties().put(JoseConstants.HEADER_X509_THUMBPRINT_SHA256, certCnf.toString());
}
}
}
return at;
}
Aggregations