Examples with UserSubject org.apache.cxf.rs.security.oauth2.common.UserSubject used on opensource projects

Search in sources :

Example 16 with UserSubject

use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.

the class TokenIntrospectionService method getTokenIntrospection.

@POST
@Produces({ MediaType.APPLICATION_JSON })
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public TokenIntrospection getTokenIntrospection(@Encoded MultivaluedMap<String, String> params) {
    checkSecurityContext();
    String tokenId = params.getFirst(OAuthConstants.TOKEN_ID);
    ServerAccessToken at = dataProvider.getAccessToken(tokenId);
    if (at == null || OAuthUtils.isExpired(at.getIssuedAt(), at.getExpiresIn())) {
        return new TokenIntrospection(false);
    }
    TokenIntrospection response = new TokenIntrospection(true);
    response.setClientId(at.getClient().getClientId());
    if (!at.getScopes().isEmpty()) {
        response.setScope(OAuthUtils.convertPermissionsToScope(at.getScopes()));
    }
    UserSubject userSubject = at.getSubject();
    if (userSubject != null) {
        response.setUsername(at.getSubject().getLogin());
        if (userSubject.getId() != null) {
            response.setSub(userSubject.getId());
        }
    }
    if (!StringUtils.isEmpty(at.getAudiences())) {
        response.setAud(at.getAudiences());
    }
    if (at.getIssuer() != null) {
        response.setIss(at.getIssuer());
    }
    response.setIat(at.getIssuedAt());
    if (at.getExpiresIn() > 0) {
        response.setExp(at.getIssuedAt() + at.getExpiresIn());
    }
    response.setTokenType(at.getTokenType());
    if (reportExtraTokenProperties) {
        response.getExtensions().putAll(at.getExtraProperties());
    }
    return response;
}
Also used : TokenIntrospection(org.apache.cxf.rs.security.oauth2.common.TokenIntrospection) ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces) Consumes(javax.ws.rs.Consumes)

Example 17 with UserSubject

use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.

the class OAuthUtils method createSubject.

public static UserSubject createSubject(SecurityContext securityContext) {
    List<String> roleNames = Collections.emptyList();
    if (securityContext instanceof LoginSecurityContext) {
        roleNames = new ArrayList<>();
        Set<Principal> roles = ((LoginSecurityContext) securityContext).getUserRoles();
        for (Principal p : roles) {
            roleNames.add(p.getName());
        }
    }
    UserSubject subject = new UserSubject(securityContext.getUserPrincipal().getName(), roleNames);
    Message m = JAXRSUtils.getCurrentMessage();
    if (m != null && m.get(AuthenticationMethod.class) != null) {
        subject.setAuthenticationMethod(m.get(AuthenticationMethod.class));
    }
    return subject;
}
Also used : UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject) Message(org.apache.cxf.message.Message) LoginSecurityContext(org.apache.cxf.security.LoginSecurityContext) AuthenticationMethod(org.apache.cxf.rs.security.oauth2.common.AuthenticationMethod) X500Principal(javax.security.auth.x500.X500Principal) Principal(java.security.Principal)

Example 18 with UserSubject

use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.

the class JPACodeDataProviderTest method addClient.

private Client addClient(String clientId, String userLogin) {
    Client c = new Client();
    c.setRedirectUris(Collections.singletonList("http://client/redirect"));
    c.setClientId(clientId);
    c.setResourceOwnerSubject(new UserSubject(userLogin));
    getProvider().setClient(c);
    return c;
}
Also used : UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject) Client(org.apache.cxf.rs.security.oauth2.common.Client)

Example 19 with UserSubject

use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.

the class JPAOAuthDataProviderTest method testAddGetDeleteClients.

@Test
public void testAddGetDeleteClients() {
    Client c = addClient("12345", "alice");
    Client c2 = addClient("56789", "alice");
    Client c3 = addClient("09876", "bob");
    List<Client> aliceClients = getProvider().getClients(new UserSubject("alice"));
    assertNotNull(aliceClients);
    assertEquals(2, aliceClients.size());
    compareClients(c, aliceClients.get(0).getClientId().equals("12345") ? aliceClients.get(0) : aliceClients.get(1));
    compareClients(c2, aliceClients.get(0).getClientId().equals("56789") ? aliceClients.get(0) : aliceClients.get(1));
    List<Client> bobClients = getProvider().getClients(new UserSubject("bob"));
    assertNotNull(bobClients);
    assertEquals(1, bobClients.size());
    Client bobClient = bobClients.get(0);
    compareClients(c3, bobClient);
    List<Client> allClients = getProvider().getClients(null);
    assertNotNull(allClients);
    assertEquals(3, allClients.size());
    getProvider().removeClient(c.getClientId());
    getProvider().removeClient(c2.getClientId());
    getProvider().removeClient(c3.getClientId());
    allClients = getProvider().getClients(null);
    assertNotNull(allClients);
    assertEquals(0, allClients.size());
}
Also used : UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject) Client(org.apache.cxf.rs.security.oauth2.common.Client) Test(org.junit.Test)

Example 20 with UserSubject

use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.

the class JPAOAuthDataProviderTest method addClient.

protected Client addClient(String clientId, String userLogin) {
    Client c = new Client();
    c.setRedirectUris(Collections.singletonList("http://client/redirect"));
    c.setClientId(clientId);
    c.setClientSecret("123");
    c.setResourceOwnerSubject(new UserSubject(userLogin));
    getProvider().setClient(c);
    return c;
}
Also used : UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject) Client(org.apache.cxf.rs.security.oauth2.common.Client)

Aggregations

UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)29 Client (org.apache.cxf.rs.security.oauth2.common.Client)17 ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)10 OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)8 ArrayList (java.util.ArrayList)7 OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)7 AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)6 LinkedList (java.util.LinkedList)5 ServerAuthorizationCodeGrant (org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant)5 SecurityContext (org.apache.cxf.security.SecurityContext)5 ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)4 OAuthAuthorizationData (org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData)4 Principal (java.security.Principal)3 Map (java.util.Map)3 Message (org.apache.cxf.message.Message)3 Test (org.junit.Test)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2 IOException (java.io.IOException)2 Instant (java.time.Instant)2 HashMap (java.util.HashMap)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial