Search in sources :

Example 1 with DigestCodeVerifier

use of org.apache.cxf.rs.security.oauth2.grants.code.DigestCodeVerifier in project cxf by apache.

the class OIDCFlowTest method testAuthorizationCodeFlowWithPKCE.

@org.junit.Test
public void testAuthorizationCodeFlowWithPKCE() throws Exception {
    String address = "https://localhost:" + port + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", null);
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    // Get Authorization Code
    AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
    parameters.setConsumerId("consumer-id");
    parameters.setScope(OidcUtils.OPENID_SCOPE);
    parameters.setResponseType(OAuthConstants.CODE_RESPONSE_TYPE);
    parameters.setPath("authorize/");
    String codeVerifier = Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
    CodeVerifierTransformer transformer = new DigestCodeVerifier();
    parameters.setCodeChallenge(transformer.transformCodeVerifier(codeVerifier));
    parameters.setCodeChallengeMethod(transformer.getChallengeMethod());
    String location = OAuth2TestUtils.getLocation(client, parameters);
    String code = OAuth2TestUtils.getSubstring(location, "code");
    assertNotNull(code);
    // Now get the access token
    client = WebClient.create(address, "consumer-id", "this-is-a-secret", null);
    ClientAccessToken accessToken = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code, "consumer-id", null, codeVerifier);
    assertNotNull(accessToken.getTokenKey());
    if (isAccessTokenInJWTFormat()) {
        validateAccessToken(accessToken.getTokenKey());
    }
}
Also used : CodeVerifierTransformer(org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer) DigestCodeVerifier(org.apache.cxf.rs.security.oauth2.grants.code.DigestCodeVerifier) ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken) AuthorizationCodeParameters(org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters) WebClient(org.apache.cxf.jaxrs.client.WebClient)

Example 2 with DigestCodeVerifier

use of org.apache.cxf.rs.security.oauth2.grants.code.DigestCodeVerifier in project meecrowave by apache.

the class OAuth2Configurer method preCompute.

// TODO: still some missing configuration for jwt etc to add/wire from OAuth2Options
@PostConstruct
private void preCompute() {
    configuration = builder.getExtension(OAuth2Options.class);
    final Function<JwtClaims, JwtClaims> customizeClaims = configuration.isUseJwtFormatForAccessTokens() ? claims -> {
        if (claims.getIssuer() == null) {
            claims.setIssuer(configuration.getJwtIssuer());
        }
        return claims;
    } : identity();
    AbstractOAuthDataProvider provider;
    switch(configuration.getProvider().toLowerCase(ENGLISH)) {
        case "jpa":
            {
                if (!configuration.isAuthorizationCodeSupport()) {
                    // else use code impl
                    final JPAOAuthDataProvider jpaProvider = new JPAOAuthDataProvider() {

                        @Override
                        protected JwtClaims createJwtAccessToken(final ServerAccessToken at) {
                            return customizeClaims.apply(super.createJwtAccessToken(at));
                        }

                        @Override
                        protected ServerAccessToken createNewAccessToken(final Client client, final UserSubject userSub) {
                            final ServerAccessToken token = super.createNewAccessToken(client, userSub);
                            forwardClaims(client, userSub, token);
                            return token;
                        }
                    };
                    jpaProvider.setEntityManagerFactory(JPAAdapter.createEntityManagerFactory(configuration));
                    provider = jpaProvider;
                    break;
                }
            }
        case "jpa-code":
            {
                final JPACodeDataProvider jpaProvider = new JPACodeDataProvider() {

                    @Override
                    protected JwtClaims createJwtAccessToken(final ServerAccessToken at) {
                        return customizeClaims.apply(super.createJwtAccessToken(at));
                    }

                    @Override
                    protected ServerAccessToken createNewAccessToken(final Client client, final UserSubject userSub) {
                        final ServerAccessToken token = super.createNewAccessToken(client, userSub);
                        forwardClaims(client, userSub, token);
                        return token;
                    }
                };
                jpaProvider.setEntityManagerFactory(JPAAdapter.createEntityManagerFactory(configuration));
                provider = jpaProvider;
                break;
            }
        case "jcache":
            if (!configuration.isAuthorizationCodeSupport()) {
                // else use code impl
                jCacheConfigurer.doSetup(configuration);
                try {
                    provider = new JCacheOAuthDataProvider(configuration.getJcacheConfigUri(), bus, configuration.isJcacheStoreJwtKeyOnly()) {

                        @Override
                        protected JwtClaims createJwtAccessToken(final ServerAccessToken at) {
                            return customizeClaims.apply(super.createJwtAccessToken(at));
                        }

                        @Override
                        protected ServerAccessToken createNewAccessToken(final Client client, final UserSubject userSub) {
                            final ServerAccessToken token = super.createNewAccessToken(client, userSub);
                            forwardClaims(client, userSub, token);
                            return token;
                        }
                    };
                } catch (final Exception e) {
                    throw new IllegalStateException(e);
                }
                break;
            }
        case "jcache-code":
            jCacheConfigurer.doSetup(configuration);
            try {
                provider = new JCacheCodeDataProvider(configuration, bus) {

                    @Override
                    protected JwtClaims createJwtAccessToken(final ServerAccessToken at) {
                        return customizeClaims.apply(super.createJwtAccessToken(at));
                    }

                    @Override
                    protected ServerAccessToken createNewAccessToken(final Client client, final UserSubject userSub) {
                        final ServerAccessToken token = super.createNewAccessToken(client, userSub);
                        forwardClaims(client, userSub, token);
                        return token;
                    }
                };
            } catch (final Exception e) {
                throw new IllegalStateException(e);
            }
            break;
        case "encrypted":
            if (!configuration.isAuthorizationCodeSupport()) {
                // else use code impl
                provider = new DefaultEncryptingOAuthDataProvider(new SecretKeySpec(configuration.getEncryptedKey().getBytes(StandardCharsets.UTF_8), configuration.getEncryptedAlgo())) {

                    @Override
                    protected JwtClaims createJwtAccessToken(final ServerAccessToken at) {
                        return customizeClaims.apply(super.createJwtAccessToken(at));
                    }

                    @Override
                    protected ServerAccessToken createNewAccessToken(final Client client, final UserSubject userSub) {
                        final ServerAccessToken token = super.createNewAccessToken(client, userSub);
                        forwardClaims(client, userSub, token);
                        return token;
                    }
                };
                break;
            }
        case "encrypted-code":
            provider = new DefaultEncryptingCodeDataProvider(new SecretKeySpec(configuration.getEncryptedKey().getBytes(StandardCharsets.UTF_8), configuration.getEncryptedAlgo())) {

                @Override
                protected JwtClaims createJwtAccessToken(final ServerAccessToken at) {
                    return customizeClaims.apply(super.createJwtAccessToken(at));
                }

                @Override
                protected ServerAccessToken createNewAccessToken(final Client client, final UserSubject userSub) {
                    final ServerAccessToken token = super.createNewAccessToken(client, userSub);
                    forwardClaims(client, userSub, token);
                    return token;
                }
            };
            break;
        default:
            throw new IllegalArgumentException("Unsupported oauth2 provider: " + configuration.getProvider());
    }
    final RefreshTokenGrantHandler refreshTokenGrantHandler = new RefreshTokenGrantHandler() {

        @Override
        public ServerAccessToken createAccessToken(final Client client, final MultivaluedMap<String, String> params) throws OAuthServiceException {
            final ServerAccessToken accessToken = super.createAccessToken(client, params);
            forwardClaims(client, accessToken.getSubject(), accessToken);
            return accessToken;
        }
    };
    refreshTokenGrantHandler.setDataProvider(provider);
    refreshTokenGrantHandler.setUseAllClientScopes(configuration.isUseAllClientScopes());
    refreshTokenGrantHandler.setPartialMatchScopeValidation(configuration.isPartialMatchScopeValidation());
    final ResourceOwnerLoginHandler loginHandler = configuration.isJaas() ? new JAASResourceOwnerLoginHandler() {

        @Override
        public UserSubject createSubject(final Client client, final String name, final String password) {
            final UserSubject subject = super.createSubject(client, name, password);
            forwardRolesAsClaims(subject);
            return subject;
        }
    } : (client, name, password) -> {
        try {
            request.login(name, password);
            try {
                final Principal pcp = request.getUserPrincipal();
                return doCreateUserSubject(pcp);
            } finally {
                request.logout();
            }
        } catch (final ServletException e) {
            throw new AuthenticationException(e.getMessage());
        }
    };
    final List<AccessTokenGrantHandler> handlers = new ArrayList<>();
    handlers.add(refreshTokenGrantHandler);
    handlers.add(new ClientCredentialsGrantHandler() {

        @Override
        protected ServerAccessToken doCreateAccessToken(final Client client, final UserSubject subject, final String requestedGrant, final List<String> requestedScopes, final List<String> audiences) {
            final ServerAccessToken serverAccessToken = super.doCreateAccessToken(client, subject, requestedGrant, requestedScopes, audiences);
            forwardClaims(client, subject, serverAccessToken);
            return serverAccessToken;
        }
    });
    handlers.add(new ResourceOwnerGrantHandler() {

        {
            setLoginHandler(loginHandler);
        }

        @Override
        protected ServerAccessToken doCreateAccessToken(final Client client, final UserSubject subject, final String requestedGrant, final List<String> requestedScopes, final List<String> audiences) {
            final ServerAccessToken serverAccessToken = super.doCreateAccessToken(client, subject, requestedGrant, requestedScopes, audiences);
            forwardClaims(client, subject, serverAccessToken);
            return serverAccessToken;
        }
    });
    handlers.add(new AuthorizationCodeGrantHandler() {

        @Override
        public ServerAccessToken createAccessToken(final Client client, final MultivaluedMap<String, String> params) throws OAuthServiceException {
            if (configuration.isUseS256CodeChallenge()) {
                setCodeVerifierTransformer(new DigestCodeVerifier());
            }
            return super.createAccessToken(client, params);
        }

        @Override
        protected ServerAccessToken doCreateAccessToken(final Client client, final UserSubject subject, final String requestedGrant, final List<String> requestedScopes, final List<String> audiences) {
            final ServerAccessToken serverAccessToken = super.doCreateAccessToken(client, subject, requestedGrant, requestedScopes, audiences);
            forwardClaims(client, subject, serverAccessToken);
            return serverAccessToken;
        }
    });
    handlers.add(new JwtBearerGrantHandler() {

        @Override
        protected ServerAccessToken doCreateAccessToken(final Client client, final UserSubject subject, final String requestedGrant, final List<String> requestedScopes, final List<String> audiences) {
            final ServerAccessToken serverAccessToken = super.doCreateAccessToken(client, subject, requestedGrant, requestedScopes, audiences);
            forwardClaims(client, subject, serverAccessToken);
            return serverAccessToken;
        }
    });
    provider.setUseJwtFormatForAccessTokens(configuration.isUseJwtFormatForAccessTokens());
    provider.setAccessTokenLifetime(configuration.getAccessTokenLifetime());
    provider.setRefreshTokenLifetime(configuration.getRefreshTokenLifetime());
    provider.setRecycleRefreshTokens(configuration.isRecycleRefreshTokens());
    provider.setSupportPreauthorizedTokens(configuration.isSupportPreauthorizedTokens());
    ofNullable(configuration.getRequiredScopes()).map(s -> asList(s.split(","))).ifPresent(provider::setRequiredScopes);
    ofNullable(configuration.getDefaultScopes()).map(s -> asList(s.split(","))).ifPresent(provider::setDefaultScopes);
    ofNullable(configuration.getInvisibleToClientScopes()).map(s -> asList(s.split(","))).ifPresent(provider::setInvisibleToClientScopes);
    ofNullable(configuration.getJwtAccessTokenClaimMap()).map(s -> new Properties() {

        {
            try {
                load(new StringReader(s));
            } catch (IOException e) {
                throw new IllegalArgumentException("Bad claim map configuration, use properties syntax");
            }
        }
    }).ifPresent(m -> provider.setJwtAccessTokenClaimMap(new HashMap<>(Map.class.cast(m))));
    final OAuthDataProvider dataProvider;
    if (configuration.isRefreshToken()) {
        dataProvider = new RefreshTokenEnabledProvider(provider);
        if (provider.getInvisibleToClientScopes() == null) {
            provider.setInvisibleToClientScopes(new ArrayList<>());
        }
        provider.getInvisibleToClientScopes().add(OAuthConstants.REFRESH_TOKEN_SCOPE);
    } else {
        dataProvider = provider;
    }
    handlers.stream().filter(AbstractGrantHandler.class::isInstance).forEach(h -> {
        final AbstractGrantHandler handler = AbstractGrantHandler.class.cast(h);
        handler.setDataProvider(dataProvider);
        handler.setCanSupportPublicClients(configuration.isCanSupportPublicClients());
        handler.setPartialMatchScopeValidation(configuration.isPartialMatchScopeValidation());
    });
    abstractTokenServiceConsumer = s -> {
        // this is used @RequestScoped so ensure it is not slow for no reason
        s.setCanSupportPublicClients(configuration.isCanSupportPublicClients());
        s.setBlockUnsecureRequests(configuration.isBlockUnsecureRequests());
        s.setWriteCustomErrors(configuration.isWriteCustomErrors());
        s.setWriteOptionalParameters(configuration.isWriteOptionalParameters());
        s.setDataProvider(dataProvider);
    };
    tokenServiceConsumer = s -> {
        // this is used @RequestScoped so ensure it is not slow for no reason
        abstractTokenServiceConsumer.accept(s);
        s.setGrantHandlers(handlers);
    };
    final List<String> noConsentScopes = ofNullable(configuration.getScopesRequiringNoConsent()).map(s -> asList(s.split(","))).orElse(null);
    // we prefix them oauth2.cxf. but otherwise it is the plain cxf config
    securityProperties = ofNullable(builder.getProperties()).map(Properties::stringPropertyNames).orElse(emptySet()).stream().filter(s -> s.startsWith("oauth2.cxf.rs.security.")).collect(toMap(s -> s.substring("oauth2.cxf.".length()), s -> builder.getProperties().getProperty(s)));
    final JoseSessionTokenProvider sessionAuthenticityTokenProvider = new JoseSessionTokenProvider() {

        @Override
        public String createSessionToken(final MessageContext mc, final MultivaluedMap<String, String> params, final UserSubject subject, final OAuthRedirectionState secData) {
            // CXF-8368
            secData.setClientCodeChallenge(params.getFirst(OAuthConstants.AUTHORIZATION_CODE_CHALLENGE));
            return super.createSessionToken(mc, params, subject, secData);
        }
    };
    sessionAuthenticityTokenProvider.setMaxDefaultSessionInterval(configuration.getMaxDefaultSessionInterval());
    // TODO: other configs
    redirectionBasedGrantServiceConsumer = s -> {
        s.setDataProvider(dataProvider);
        s.setBlockUnsecureRequests(configuration.isBlockUnsecureRequests());
        s.setWriteOptionalParameters(configuration.isWriteOptionalParameters());
        s.setUseAllClientScopes(configuration.isUseAllClientScopes());
        s.setPartialMatchScopeValidation(configuration.isPartialMatchScopeValidation());
        s.setUseRegisteredRedirectUriIfPossible(configuration.isUseRegisteredRedirectUriIfPossible());
        s.setMaxDefaultSessionInterval(configuration.getMaxDefaultSessionInterval());
        s.setMatchRedirectUriWithApplicationUri(configuration.isMatchRedirectUriWithApplicationUri());
        s.setScopesRequiringNoConsent(noConsentScopes);
        s.setSessionAuthenticityTokenProvider(sessionAuthenticityTokenProvider);
        s.setCanSupportPublicClients(configuration.isCanSupportPublicClients());
    };
}
Also used : JCacheOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.JCacheOAuthDataProvider) ServletException(javax.servlet.ServletException) AccessTokenService(org.apache.cxf.rs.security.oauth2.services.AccessTokenService) SecretKeySpec(javax.crypto.spec.SecretKeySpec) JAXRSUtils(org.apache.cxf.jaxrs.utils.JAXRSUtils) ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) Collectors.toMap(java.util.stream.Collectors.toMap) AbstractTokenService(org.apache.cxf.rs.security.oauth2.services.AbstractTokenService) JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) ClientCredentialsGrantHandler(org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler) Arrays.asList(java.util.Arrays.asList) Map(java.util.Map) JCacheCodeDataProvider(org.apache.meecrowave.oauth2.provider.JCacheCodeDataProvider) RefreshTokenEnabledProvider(org.apache.meecrowave.oauth2.data.RefreshTokenEnabledProvider) AuthorizationCodeGrantHandler(org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrantHandler) DefaultEncryptingCodeDataProvider(org.apache.cxf.rs.security.oauth2.grants.code.DefaultEncryptingCodeDataProvider) JwtBearerGrantHandler(org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler) ResourceOwnerLoginHandler(org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerLoginHandler) ENGLISH(java.util.Locale.ENGLISH) AuthenticationMethod(org.apache.cxf.rs.security.oauth2.common.AuthenticationMethod) ResourceOwnerGrantHandler(org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler) JPACodeDataProvider(org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider) StandardCharsets(java.nio.charset.StandardCharsets) OAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider) List(java.util.List) Principal(java.security.Principal) AbstractGrantHandler(org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler) PostConstruct(javax.annotation.PostConstruct) Function.identity(java.util.function.Function.identity) ApplicationScoped(javax.enterprise.context.ApplicationScoped) PASSWORD(org.apache.cxf.rs.security.oauth2.common.AuthenticationMethod.PASSWORD) AccessTokenGrantHandler(org.apache.cxf.rs.security.oauth2.provider.AccessTokenGrantHandler) Meecrowave(org.apache.meecrowave.Meecrowave) Bus(org.apache.cxf.Bus) JAASResourceOwnerLoginHandler(org.apache.cxf.rs.security.oauth2.grants.owner.JAASResourceOwnerLoginHandler) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) RefreshTokenGrantHandler(org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler) AuthorizationCodeGrantService(org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService) HashMap(java.util.HashMap) Function(java.util.function.Function) ArrayList(java.util.ArrayList) Inject(javax.inject.Inject) AbstractOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider) HttpServletRequest(javax.servlet.http.HttpServletRequest) AuthenticationException(org.apache.cxf.interceptor.security.AuthenticationException) MessageContext(org.apache.cxf.jaxrs.ext.MessageContext) DefaultEncryptingOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.DefaultEncryptingOAuthDataProvider) PlainCodeVerifier(org.apache.cxf.rs.security.oauth2.grants.code.PlainCodeVerifier) JoseSessionTokenProvider(org.apache.cxf.rs.security.oauth2.provider.JoseSessionTokenProvider) Client(org.apache.cxf.rs.security.oauth2.common.Client) GenericPrincipal(org.apache.catalina.realm.GenericPrincipal) Properties(java.util.Properties) JPAOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.JPAOAuthDataProvider) Collections.emptySet(java.util.Collections.emptySet) Message(org.apache.cxf.message.Message) Optional.ofNullable(java.util.Optional.ofNullable) IOException(java.io.IOException) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) Consumer(java.util.function.Consumer) StringReader(java.io.StringReader) PhaseInterceptorChain(org.apache.cxf.phase.PhaseInterceptorChain) OAuthConstants(org.apache.cxf.rs.security.oauth2.utils.OAuthConstants) UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject) DigestCodeVerifier(org.apache.cxf.rs.security.oauth2.grants.code.DigestCodeVerifier) Collections(java.util.Collections) OAuthRedirectionState(org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState) AbstractGrantHandler(org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler) JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) JPAOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.JPAOAuthDataProvider) AuthenticationException(org.apache.cxf.interceptor.security.AuthenticationException) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) JPACodeDataProvider(org.apache.cxf.rs.security.oauth2.grants.code.JPACodeDataProvider) ResourceOwnerLoginHandler(org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerLoginHandler) JAASResourceOwnerLoginHandler(org.apache.cxf.rs.security.oauth2.grants.owner.JAASResourceOwnerLoginHandler) JoseSessionTokenProvider(org.apache.cxf.rs.security.oauth2.provider.JoseSessionTokenProvider) ServletException(javax.servlet.ServletException) SecretKeySpec(javax.crypto.spec.SecretKeySpec) Client(org.apache.cxf.rs.security.oauth2.common.Client) JCacheCodeDataProvider(org.apache.meecrowave.oauth2.provider.JCacheCodeDataProvider) OAuthRedirectionState(org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState) DefaultEncryptingOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.DefaultEncryptingOAuthDataProvider) RefreshTokenGrantHandler(org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler) RefreshTokenEnabledProvider(org.apache.meecrowave.oauth2.data.RefreshTokenEnabledProvider) ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) JCacheOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.JCacheOAuthDataProvider) Collectors.toMap(java.util.stream.Collectors.toMap) Map(java.util.Map) HashMap(java.util.HashMap) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) DefaultEncryptingCodeDataProvider(org.apache.cxf.rs.security.oauth2.grants.code.DefaultEncryptingCodeDataProvider) AccessTokenGrantHandler(org.apache.cxf.rs.security.oauth2.provider.AccessTokenGrantHandler) Properties(java.util.Properties) UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject) ResourceOwnerGrantHandler(org.apache.cxf.rs.security.oauth2.grants.owner.ResourceOwnerGrantHandler) StringReader(java.io.StringReader) MessageContext(org.apache.cxf.jaxrs.ext.MessageContext) AbstractOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider) DigestCodeVerifier(org.apache.cxf.rs.security.oauth2.grants.code.DigestCodeVerifier) JwtBearerGrantHandler(org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler) AuthorizationCodeGrantHandler(org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrantHandler) IOException(java.io.IOException) ServletException(javax.servlet.ServletException) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) AuthenticationException(org.apache.cxf.interceptor.security.AuthenticationException) IOException(java.io.IOException) ClientCredentialsGrantHandler(org.apache.cxf.rs.security.oauth2.grants.clientcred.ClientCredentialsGrantHandler) JCacheOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.JCacheOAuthDataProvider) OAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider) AbstractOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider) DefaultEncryptingOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.DefaultEncryptingOAuthDataProvider) JPAOAuthDataProvider(org.apache.cxf.rs.security.oauth2.provider.JPAOAuthDataProvider) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) JAASResourceOwnerLoginHandler(org.apache.cxf.rs.security.oauth2.grants.owner.JAASResourceOwnerLoginHandler) Principal(java.security.Principal) GenericPrincipal(org.apache.catalina.realm.GenericPrincipal) PostConstruct(javax.annotation.PostConstruct)

Aggregations

DigestCodeVerifier (org.apache.cxf.rs.security.oauth2.grants.code.DigestCodeVerifier)2 IOException (java.io.IOException)1 StringReader (java.io.StringReader)1 StandardCharsets (java.nio.charset.StandardCharsets)1 Principal (java.security.Principal)1 ArrayList (java.util.ArrayList)1 Arrays.asList (java.util.Arrays.asList)1 Collections (java.util.Collections)1 Collections.emptySet (java.util.Collections.emptySet)1 HashMap (java.util.HashMap)1 List (java.util.List)1 ENGLISH (java.util.Locale.ENGLISH)1 Map (java.util.Map)1 Optional.ofNullable (java.util.Optional.ofNullable)1 Properties (java.util.Properties)1 Consumer (java.util.function.Consumer)1 Function (java.util.function.Function)1 Function.identity (java.util.function.Function.identity)1 Collectors.toMap (java.util.stream.Collectors.toMap)1 PostConstruct (javax.annotation.PostConstruct)1