use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.
the class AbstractImplicitGrantService method getClientAccessToken.
protected ClientAccessToken getClientAccessToken(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) {
ServerAccessToken token = null;
if (preAuthorizedToken == null) {
AccessTokenRegistration reg = createTokenRegistration(state, client, requestedScope, approvedScope, userSubject);
token = getDataProvider().createAccessToken(reg);
} else {
token = preAuthorizedToken;
if (state.getNonce() != null) {
JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.NONCE, state.getNonce());
}
}
ClientAccessToken clientToken = OAuthUtils.toClientAccessToken(token, isWriteOptionalParameters());
processClientAccessToken(clientToken, token);
return clientToken;
}
use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.
the class AbstractImplicitGrantService method prepareFormResponse.
protected AbstractFormImplicitResponse prepareFormResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) {
ClientAccessToken clientToken = getClientAccessToken(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);
FormTokenResponse bean = new FormTokenResponse();
bean.setResponseType(OAuthConstants.TOKEN_RESPONSE_TYPE);
bean.setRedirectUri(state.getRedirectUri());
bean.setState(state.getState());
bean.setAccessToken(clientToken.getTokenKey());
bean.setAccessTokenType(clientToken.getTokenType());
bean.setAccessTokenExpiresIn(clientToken.getExpiresIn());
bean.getParameters().putAll(clientToken.getParameters());
return bean;
}
use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.
the class AbstractImplicitGrantService method prepareRedirectResponse.
protected StringBuilder prepareRedirectResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) {
ClientAccessToken clientToken = getClientAccessToken(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);
// return the token by appending it as a fragment parameter to the redirect URI
StringBuilder sb = getUriWithFragment(state.getRedirectUri());
sb.append(OAuthConstants.ACCESS_TOKEN).append("=").append(clientToken.getTokenKey());
sb.append("&");
sb.append(OAuthConstants.ACCESS_TOKEN_TYPE).append("=").append(clientToken.getTokenType());
if (isWriteOptionalParameters()) {
sb.append("&").append(OAuthConstants.ACCESS_TOKEN_EXPIRES_IN).append("=").append(clientToken.getExpiresIn());
if (!StringUtils.isEmpty(clientToken.getApprovedScope())) {
sb.append("&").append(OAuthConstants.SCOPE).append("=").append(HttpUtils.queryEncode(clientToken.getApprovedScope()));
}
for (Map.Entry<String, String> entry : clientToken.getParameters().entrySet()) {
sb.append("&").append(entry.getKey()).append("=").append(HttpUtils.queryEncode(entry.getValue()));
}
}
if (clientToken.getRefreshToken() != null) {
processRefreshToken(sb, clientToken.getRefreshToken());
}
finalizeResponse(sb, state);
return sb;
}
use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.
the class AbstractImplicitGrantService method createTokenRegistration.
protected AccessTokenRegistration createTokenRegistration(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject) {
AccessTokenRegistration reg = new AccessTokenRegistration();
reg.setClient(client);
reg.setGrantType(super.getSupportedGrantType());
reg.setResponseType(state.getResponseType());
reg.setSubject(userSubject);
reg.setRequestedScope(requestedScope);
reg.setApprovedScope(getApprovedScope(requestedScope, approvedScope));
reg.setAudiences(Collections.singletonList(state.getAudience()));
reg.setNonce(state.getNonce());
reg.getExtraProperties().putAll(state.getExtraProperties());
return reg;
}
use of org.apache.cxf.rs.security.oauth2.common.UserSubject in project cxf by apache.
the class AuthorizationCodeGrantService method createGrant.
protected Response createGrant(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preauthorizedToken) {
// in this flow the code is still created, the preauthorized token
// will be retrieved by the authorization code grant handler
ServerAuthorizationCodeGrant grant = null;
try {
grant = getGrantRepresentation(state, client, requestedScope, approvedScope, userSubject, preauthorizedToken);
} catch (OAuthServiceException ex) {
return createErrorResponse(state.getState(), state.getRedirectUri(), OAuthConstants.ACCESS_DENIED);
}
String grantCode = processCodeGrant(client, grant.getCode(), grant.getSubject());
if (state.getRedirectUri() == null) {
OOBAuthorizationResponse bean = new OOBAuthorizationResponse();
bean.setClientId(client.getClientId());
bean.setClientDescription(client.getApplicationDescription());
bean.setAuthorizationCode(grantCode);
bean.setUserId(userSubject.getLogin());
bean.setExpiresIn(grant.getExpiresIn());
return deliverOOBResponse(bean);
} else if (isFormResponse(state)) {
FormAuthorizationResponse bean = new FormAuthorizationResponse();
bean.setAuthorizationCode(grantCode);
bean.setExpiresIn(grant.getExpiresIn());
bean.setState(state.getState());
bean.setRedirectUri(state.getRedirectUri());
return createHtmlResponse(bean);
} else {
// return the code by appending it as a query parameter to the redirect URI
UriBuilder ub = getRedirectUriBuilder(state.getState(), state.getRedirectUri());
ub.queryParam(OAuthConstants.AUTHORIZATION_CODE_VALUE, grantCode);
return Response.seeOther(ub.build()).build();
}
}
Aggregations