use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.
the class JCacheOAuthDataProviderTest method addClient.
private Client addClient(String clientId, String userLogin) {
Client c = new Client();
c.setRedirectUris(Collections.singletonList("http://client/redirect"));
c.setClientId(clientId);
c.setClientSecret("123");
c.setResourceOwnerSubject(new UserSubject(userLogin));
provider.setClient(c);
return c;
}
use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.
the class JPAOAuthDataProviderTest method testAddGetDeleteMultipleAccessToken.
/**
* Checks that having multiple token each with its own
* userSubject (but having same login) works.
*/
@Test
public void testAddGetDeleteMultipleAccessToken() {
Client c = addClient("101", "bob");
AccessTokenRegistration atr = new AccessTokenRegistration();
atr.setClient(c);
atr.setApprovedScope(Collections.singletonList("a"));
atr.setSubject(c.getResourceOwnerSubject());
ServerAccessToken at = getProvider().createAccessToken(atr);
at = getProvider().getAccessToken(at.getTokenKey());
AccessTokenRegistration atr2 = new AccessTokenRegistration();
atr2.setClient(c);
atr2.setApprovedScope(Collections.singletonList("a"));
atr2.setSubject(new TestingUserSubject(c.getResourceOwnerSubject().getLogin()));
ServerAccessToken at2 = getProvider().createAccessToken(atr2);
at2 = getProvider().getAccessToken(at2.getTokenKey());
assertNotNull(at.getSubject().getId());
assertTrue(at.getSubject() instanceof UserSubject);
assertNotNull(at2.getSubject().getId());
assertTrue(at2.getSubject() instanceof TestingUserSubject);
assertEquals(at.getSubject().getLogin(), at2.getSubject().getLogin());
assertNotEquals(at.getSubject().getId(), at2.getSubject().getId());
}
use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.
the class CryptoUtilsTest method prepareTokenRegistration.
private AccessTokenRegistration prepareTokenRegistration() {
AccessTokenRegistration atr = new AccessTokenRegistration();
Client regClient = p.getClient("1");
atr.setClient(regClient);
atr.setGrantType("code");
atr.setAudiences(Collections.singletonList("http://localhost"));
UserSubject endUser = new UserSubject("Barry", "BarryId");
atr.setSubject(endUser);
endUser.setRoles(Collections.singletonList("role1"));
return atr;
}
use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.
the class CryptoUtilsTest method testClientJSON.
@Test
public void testClientJSON() throws Exception {
Client c = new Client("client", "secret", true);
c.setSubject(new UserSubject("subject", "id"));
JSONProvider<Client> jsonp = new JSONProvider<Client>();
jsonp.setMarshallAsJaxbElement(true);
jsonp.setUnmarshallAsJaxbElement(true);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
jsonp.writeTo(c, Client.class, new Annotation[] {}, MediaType.APPLICATION_JSON_TYPE, new MetadataMap<String, Object>(), bos);
String encrypted = CryptoUtils.encryptSequence(bos.toString(), p.key);
String decrypted = CryptoUtils.decryptSequence(encrypted, p.key);
Client c2 = jsonp.readFrom(Client.class, Client.class, new Annotation[] {}, MediaType.APPLICATION_JSON_TYPE, new MetadataMap<String, String>(), new ByteArrayInputStream(decrypted.getBytes()));
assertEquals(c.getClientId(), c2.getClientId());
assertEquals(c.getClientSecret(), c2.getClientSecret());
assertTrue(c2.isConfidential());
assertEquals("subject", c2.getSubject().getLogin());
assertEquals("id", c2.getSubject().getId());
}
use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.
the class OidcAuthorizationCodeService method canAuthorizationBeSkipped.
@Override
protected boolean canAuthorizationBeSkipped(MultivaluedMap<String, String> params, Client client, UserSubject userSubject, List<String> requestedScope, List<OAuthPermission> permissions) {
List<String> promptValues = OidcUtils.getPromptValues(params);
if (promptValues.contains(OidcUtils.PROMPT_CONSENT_VALUE)) {
// Displaying the consent screen is preferred by the client
return false;
}
// Check the pre-configured consent
boolean preConfiguredConsentForScopes = super.canAuthorizationBeSkipped(params, client, userSubject, requestedScope, permissions);
if (!preConfiguredConsentForScopes && promptValues.contains(OidcUtils.PROMPT_NONE_VALUE)) {
// An error is returned if client does not have pre-configured consent for the requested scopes/claims
LOG.log(Level.FINE, "Prompt 'none' request can not be met");
throw new OAuthServiceException(new OAuthError(OidcUtils.CONSENT_REQUIRED_ERROR));
}
return preConfiguredConsentForScopes;
}
Aggregations