Examples with OAuthServiceException org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException used on opensource projects

Example 6 with OAuthServiceException

use of org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException in project cxf by apache.

the class JwtBearerGrantHandler method createAccessToken.

@Override
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
    String assertion = params.getFirst(Constants.CLIENT_GRANT_ASSERTION_PARAM);
    if (assertion == null) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
    try {
        JwsJwtCompactConsumer jwsReader = getJwsReader(assertion);
        JwtToken jwtToken = jwsReader.getJwtToken();
        validateSignature(new JwsHeaders(jwtToken.getJwsHeaders()), jwsReader.getUnsignedEncodedSequence(), jwsReader.getDecodedSignature());
        validateClaims(client, jwtToken.getClaims());
        UserSubject grantSubject = new UserSubject(jwtToken.getClaims().getSubject());
        return doCreateAccessToken(client, grantSubject, Constants.JWT_BEARER_GRANT, OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE)));
    } catch (OAuthServiceException ex) {
        throw ex;
    } catch (Exception ex) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT, ex);
    }
}

Example 7 with OAuthServiceException

use of org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException in project cxf by apache.

the class ResourceOwnerGrantHandler method createAccessToken.

public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) throws OAuthServiceException {
    String ownerName = params.getFirst(OAuthConstants.RESOURCE_OWNER_NAME);
    String ownerPassword = params.getFirst(OAuthConstants.RESOURCE_OWNER_PASSWORD);
    if (ownerName == null || ownerPassword == null) {
        throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_REQUEST));
    }
    UserSubject subject = loginHandler.createSubject(client, ownerName, ownerPassword);
    if (subject == null) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
    }
    return doCreateAccessToken(client, subject, params);
}

Example 8 with OAuthServiceException

use of org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException in project cxf by apache.

the class AbstractOAuthDataProvider method doRefreshAccessToken.

protected ServerAccessToken doRefreshAccessToken(Client client, RefreshToken oldRefreshToken, List<String> restrictedScopes) {
    ServerAccessToken at = createNewAccessToken(client, oldRefreshToken.getSubject());
    at.setAudiences(oldRefreshToken.getAudiences() != null ? new ArrayList<String>(oldRefreshToken.getAudiences()) : null);
    at.setGrantType(oldRefreshToken.getGrantType());
    at.setGrantCode(oldRefreshToken.getGrantCode());
    at.setSubject(oldRefreshToken.getSubject());
    at.setNonce(oldRefreshToken.getNonce());
    at.setClientCodeVerifier(oldRefreshToken.getClientCodeVerifier());
    if (restrictedScopes.isEmpty()) {
        at.setScopes(oldRefreshToken.getScopes() != null ? new ArrayList<OAuthPermission>(oldRefreshToken.getScopes()) : null);
    } else {
        List<OAuthPermission> theNewScopes = convertScopeToPermissions(client, restrictedScopes);
        if (oldRefreshToken.getScopes().containsAll(theNewScopes)) {
            at.setScopes(theNewScopes);
        } else {
            throw new OAuthServiceException("Invalid scopes");
        }
    }
    return at;
}

Example 9 with OAuthServiceException

use of org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException in project cxf by apache.

the class DefaultEHCacheOAuthDataProvider method getAccessToken.

@Override
public ServerAccessToken getAccessToken(String accessToken) throws OAuthServiceException {
    ServerAccessToken at = null;
    if (isUseJwtFormatForAccessTokens() && isStoreJwtTokenKeyOnly()) {
        String jose = getCacheValue(accessTokenCache, accessToken, String.class);
        if (jose != null) {
            JoseJwtConsumer theConsumer = jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer;
            at = JwtTokenUtils.createAccessTokenFromJwt(theConsumer, jose, this, super.getJwtAccessTokenClaimMap());
        }
    } else {
        at = getCacheValue(accessTokenCache, accessToken, ServerAccessToken.class);
    }
    return at;
}

Example 10 with OAuthServiceException

use of org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException in project cxf by apache.

the class AbstractAccessTokenValidator method getAccessTokenValidation.

/**
 * Get the access token
 */
protected AccessTokenValidation getAccessTokenValidation(String authScheme, String authSchemeData, MultivaluedMap<String, String> extraProps) {
    AccessTokenValidation accessTokenV = null;
    if (dataProvider == null && tokenHandlers.isEmpty()) {
        throw ExceptionUtils.toInternalServerErrorException(null, null);
    }
    if (maxValidationDataCacheSize > 0) {
        accessTokenV = accessTokenValidations.get(authSchemeData);
    }
    ServerAccessToken localAccessToken = null;
    if (accessTokenV == null) {
        // Get the registered handler capable of processing the token
        AccessTokenValidator handler = findTokenValidator(authScheme);
        if (handler != null) {
            try {
                // Convert the HTTP Authorization scheme data into a token
                accessTokenV = handler.validateAccessToken(getMessageContext(), authScheme, authSchemeData, extraProps);
            } catch (OAuthServiceException ex) {
                AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(authScheme), realm);
            } catch (RuntimeException ex) {
                AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(authScheme), realm);
            }
        }
        // Default processing if no registered providers available
        if (accessTokenV == null && dataProvider != null && authScheme.equals(DEFAULT_AUTH_SCHEME)) {
            try {
                localAccessToken = dataProvider.getAccessToken(authSchemeData);
            } catch (OAuthServiceException ex) {
            // to be handled next
            }
            if (localAccessToken == null) {
                AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(authScheme), realm);
            }
            accessTokenV = new AccessTokenValidation(localAccessToken);
        }
    }
    if (accessTokenV == null) {
        AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
    }
    // Check if token is still valid
    if (OAuthUtils.isExpired(accessTokenV.getTokenIssuedAt(), accessTokenV.getTokenLifetime())) {
        if (localAccessToken != null) {
            removeAccessToken(localAccessToken);
        } else if (maxValidationDataCacheSize > 0) {
            accessTokenValidations.remove(authSchemeData);
        }
        AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
    }
    if (maxValidationDataCacheSize > 0) {
        if (accessTokenValidations.size() >= maxValidationDataCacheSize) {
            // or delete the ones expiring sooner than others, etc
            accessTokenValidations.clear();
        }
        accessTokenValidations.put(authSchemeData, accessTokenV);
    }
    return accessTokenV;
}