Search in sources :

Example 31 with UserSubject

use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.

the class JCacheOAuthDataProviderTest method addClient.

private Client addClient(String clientId, String userLogin) {
    Client c = new Client();
    c.setRedirectUris(Collections.singletonList("http://client/redirect"));
    c.setClientId(clientId);
    c.setClientSecret("123");
    c.setResourceOwnerSubject(new UserSubject(userLogin));
    provider.setClient(c);
    return c;
}
Also used : UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject) Client(org.apache.cxf.rs.security.oauth2.common.Client)

Example 32 with UserSubject

use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.

the class JPAOAuthDataProviderTest method testAddGetDeleteMultipleAccessToken.

/**
 * Checks that having multiple token each with its own
 * userSubject (but having same login) works.
 */
@Test
public void testAddGetDeleteMultipleAccessToken() {
    Client c = addClient("101", "bob");
    AccessTokenRegistration atr = new AccessTokenRegistration();
    atr.setClient(c);
    atr.setApprovedScope(Collections.singletonList("a"));
    atr.setSubject(c.getResourceOwnerSubject());
    ServerAccessToken at = getProvider().createAccessToken(atr);
    at = getProvider().getAccessToken(at.getTokenKey());
    AccessTokenRegistration atr2 = new AccessTokenRegistration();
    atr2.setClient(c);
    atr2.setApprovedScope(Collections.singletonList("a"));
    atr2.setSubject(new TestingUserSubject(c.getResourceOwnerSubject().getLogin()));
    ServerAccessToken at2 = getProvider().createAccessToken(atr2);
    at2 = getProvider().getAccessToken(at2.getTokenKey());
    assertNotNull(at.getSubject().getId());
    assertTrue(at.getSubject() instanceof UserSubject);
    assertNotNull(at2.getSubject().getId());
    assertTrue(at2.getSubject() instanceof TestingUserSubject);
    assertEquals(at.getSubject().getLogin(), at2.getSubject().getLogin());
    assertNotEquals(at.getSubject().getId(), at2.getSubject().getId());
}
Also used : ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject) Client(org.apache.cxf.rs.security.oauth2.common.Client) AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration) Test(org.junit.Test)

Example 33 with UserSubject

use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.

the class CryptoUtilsTest method prepareTokenRegistration.

private AccessTokenRegistration prepareTokenRegistration() {
    AccessTokenRegistration atr = new AccessTokenRegistration();
    Client regClient = p.getClient("1");
    atr.setClient(regClient);
    atr.setGrantType("code");
    atr.setAudiences(Collections.singletonList("http://localhost"));
    UserSubject endUser = new UserSubject("Barry", "BarryId");
    atr.setSubject(endUser);
    endUser.setRoles(Collections.singletonList("role1"));
    return atr;
}
Also used : UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject) Client(org.apache.cxf.rs.security.oauth2.common.Client) AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)

Example 34 with UserSubject

use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.

the class CryptoUtilsTest method testClientJSON.

@Test
public void testClientJSON() throws Exception {
    Client c = new Client("client", "secret", true);
    c.setSubject(new UserSubject("subject", "id"));
    JSONProvider<Client> jsonp = new JSONProvider<Client>();
    jsonp.setMarshallAsJaxbElement(true);
    jsonp.setUnmarshallAsJaxbElement(true);
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    jsonp.writeTo(c, Client.class, new Annotation[] {}, MediaType.APPLICATION_JSON_TYPE, new MetadataMap<String, Object>(), bos);
    String encrypted = CryptoUtils.encryptSequence(bos.toString(), p.key);
    String decrypted = CryptoUtils.decryptSequence(encrypted, p.key);
    Client c2 = jsonp.readFrom(Client.class, Client.class, new Annotation[] {}, MediaType.APPLICATION_JSON_TYPE, new MetadataMap<String, String>(), new ByteArrayInputStream(decrypted.getBytes()));
    assertEquals(c.getClientId(), c2.getClientId());
    assertEquals(c.getClientSecret(), c2.getClientSecret());
    assertTrue(c2.isConfidential());
    assertEquals("subject", c2.getSubject().getLogin());
    assertEquals("id", c2.getSubject().getId());
}
Also used : UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject) ByteArrayInputStream(java.io.ByteArrayInputStream) JSONProvider(org.apache.cxf.jaxrs.provider.json.JSONProvider) ByteArrayOutputStream(java.io.ByteArrayOutputStream) Client(org.apache.cxf.rs.security.oauth2.common.Client) Test(org.junit.Test)

Example 35 with UserSubject

use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.

the class OidcAuthorizationCodeService method canAuthorizationBeSkipped.

@Override
protected boolean canAuthorizationBeSkipped(MultivaluedMap<String, String> params, Client client, UserSubject userSubject, List<String> requestedScope, List<OAuthPermission> permissions) {
    List<String> promptValues = OidcUtils.getPromptValues(params);
    if (promptValues.contains(OidcUtils.PROMPT_CONSENT_VALUE)) {
        // Displaying the consent screen is preferred by the client
        return false;
    }
    // Check the pre-configured consent
    boolean preConfiguredConsentForScopes = super.canAuthorizationBeSkipped(params, client, userSubject, requestedScope, permissions);
    if (!preConfiguredConsentForScopes && promptValues.contains(OidcUtils.PROMPT_NONE_VALUE)) {
        // An error is returned if client does not have pre-configured consent for the requested scopes/claims
        LOG.log(Level.FINE, "Prompt 'none' request can not be met");
        throw new OAuthServiceException(new OAuthError(OidcUtils.CONSENT_REQUIRED_ERROR));
    }
    return preConfiguredConsentForScopes;
}
Also used : OAuthError(org.apache.cxf.rs.security.oauth2.common.OAuthError) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)

Aggregations

UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)29 Client (org.apache.cxf.rs.security.oauth2.common.Client)17 ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)10 OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)8 ArrayList (java.util.ArrayList)7 OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)7 AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)6 LinkedList (java.util.LinkedList)5 ServerAuthorizationCodeGrant (org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant)5 SecurityContext (org.apache.cxf.security.SecurityContext)5 ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)4 OAuthAuthorizationData (org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData)4 Principal (java.security.Principal)3 Map (java.util.Map)3 Message (org.apache.cxf.message.Message)3 Test (org.junit.Test)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2 IOException (java.io.IOException)2 Instant (java.time.Instant)2 HashMap (java.util.HashMap)2