Example 21 with UserSubject
use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.
the class CryptoUtilsTest method compareAccessTokens.
private void compareAccessTokens(ServerAccessToken token, ServerAccessToken token2) {
assertEquals(token.getTokenKey(), token2.getTokenKey());
assertEquals(token.getTokenType(), token2.getTokenType());
assertEquals(token.getIssuedAt(), token2.getIssuedAt());
assertEquals(token.getExpiresIn(), token2.getExpiresIn());
Client regClient1 = token.getClient();
Client regClient2 = token2.getClient();
assertEquals(regClient1.getClientId(), regClient2.getClientId());
assertNull(regClient2.getApplicationDescription());
UserSubject endUser1 = token.getSubject();
UserSubject endUser2 = token2.getSubject();
assertEquals(endUser1.getLogin(), endUser2.getLogin());
assertEquals(endUser1.getId(), endUser2.getId());
assertEquals(endUser1.getRoles(), endUser2.getRoles());
assertEquals(token.getRefreshToken(), token2.getRefreshToken());
assertEquals(token.getAudiences(), token2.getAudiences());
assertEquals(token.getGrantType(), token2.getGrantType());
assertEquals(token.getParameters(), token2.getParameters());
List<OAuthPermission> permissions = token.getScopes();
List<OAuthPermission> permissions2 = token2.getScopes();
assertEquals(1, permissions.size());
assertEquals(1, permissions2.size());
OAuthPermission perm1 = permissions.get(0);
OAuthPermission perm2 = permissions2.get(0);
assertEquals(perm1.getPermission(), perm2.getPermission());
assertEquals(perm1.getDescription(), perm2.getDescription());
RefreshToken refreshToken = ModelEncryptionSupport.decryptRefreshToken(p, token2.getRefreshToken(), p.key);
assertEquals(1200L, refreshToken.getExpiresIn());
}
Also used :
OAuthPermission(org.apache.cxf.rs.security.oauth2.common.OAuthPermission)
RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)
UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject)
Client(org.apache.cxf.rs.security.oauth2.common.Client)
Example 22 with UserSubject
use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.
the class OidcHybridService method prepareRedirectResponse.
@Override
protected StringBuilder prepareRedirectResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) {
ServerAuthorizationCodeGrant codeGrant = prepareHybrideCode(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);
StringBuilder sb = super.prepareRedirectResponse(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);
if (codeGrant != null) {
sb.append("&");
sb.append(OAuthConstants.AUTHORIZATION_CODE_VALUE).append("=").append(codeGrant.getCode());
}
return sb;
}
Also used :
ServerAuthorizationCodeGrant(org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant)
Example 23 with UserSubject
use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.
the class OidcHybridService method prepareHybrideCode.
protected ServerAuthorizationCodeGrant prepareHybrideCode(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) {
ServerAuthorizationCodeGrant codeGrant = null;
if (state.getResponseType() != null && state.getResponseType().startsWith(OAuthConstants.CODE_RESPONSE_TYPE)) {
codeGrant = codeService.getGrantRepresentation(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);
JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.AUTHORIZATION_CODE_VALUE, codeGrant.getCode());
}
return codeGrant;
}
Also used :
ServerAuthorizationCodeGrant(org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant)
Example 24 with UserSubject
use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.
the class OidcImplicitService method canAuthorizationBeSkipped.
@Override
protected boolean canAuthorizationBeSkipped(MultivaluedMap<String, String> params, Client client, UserSubject userSubject, List<String> requestedScope, List<OAuthPermission> permissions) {
List<String> promptValues = OidcUtils.getPromptValues(params);
if (promptValues.contains(OidcUtils.PROMPT_CONSENT_VALUE)) {
// Displaying the consent screen is preferred by the client
return false;
}
// Check the pre-configured consent
boolean preConfiguredConsentForScopes = super.canAuthorizationBeSkipped(params, client, userSubject, requestedScope, permissions);
if (!preConfiguredConsentForScopes && promptValues.contains(OidcUtils.PROMPT_NONE_VALUE)) {
// An error is returned if client does not have pre-configured consent for the requested scopes/claims
LOG.log(Level.FINE, "Prompt 'none' request can not be met");
throw new OAuthServiceException(new OAuthError(OidcUtils.CONSENT_REQUIRED_ERROR));
}
return preConfiguredConsentForScopes;
}
Also used :
OAuthError(org.apache.cxf.rs.security.oauth2.common.OAuthError)
OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)
Example 25 with UserSubject
use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.
the class CallbackHandlerLoginHandler method createSubject.
@Override
public UserSubject createSubject(Client client, String user, String pass) {
Document doc = DOMUtils.getEmptyDocument();
UsernameToken token = new UsernameToken(false, doc, WSS4JConstants.PASSWORD_TEXT);
token.setName(user);
token.setPassword(pass);
Credential credential = new Credential();
credential.setUsernametoken(token);
RequestData data = new RequestData();
data.setMsgContext(PhaseInterceptorChain.getCurrentMessage());
data.setCallbackHandler(callbackHandler);
UsernameTokenValidator validator = new UsernameTokenValidator();
try {
credential = validator.validate(credential, data);
UserSubject subject = new UserSubject();
subject.setLogin(user);
return subject;
} catch (Exception ex) {
throw ExceptionUtils.toInternalServerErrorException(ex, null);
}
}
Also used :
Credential(org.apache.wss4j.dom.validate.Credential)
UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject)
UsernameTokenValidator(org.apache.wss4j.dom.validate.UsernameTokenValidator)
RequestData(org.apache.wss4j.dom.handler.RequestData)
UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken)
Document(org.w3c.dom.Document)
Aggregations
UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)29
Client (org.apache.cxf.rs.security.oauth2.common.Client)17
ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)10
OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)8
ArrayList (java.util.ArrayList)7
OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)7
AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)6
LinkedList (java.util.LinkedList)5
ServerAuthorizationCodeGrant (org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant)5
SecurityContext (org.apache.cxf.security.SecurityContext)5
ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)4
OAuthAuthorizationData (org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData)4
Principal (java.security.Principal)3
Map (java.util.Map)3
Message (org.apache.cxf.message.Message)3
Test (org.junit.Test)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
IOException (java.io.IOException)2
Instant (java.time.Instant)2
HashMap (java.util.HashMap)2
