Example 11 with OAuthServiceException
use of org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException in project cxf by apache.
the class AbstractTokenService method getClient.
protected Client getClient(String clientId, String clientSecret, MultivaluedMap<String, String> params) {
if (clientId == null) {
reportInvalidRequestError("Client ID is null");
return null;
}
Client client = null;
try {
client = getValidClient(clientId, clientSecret, params);
} catch (OAuthServiceException ex) {
LOG.warning("No valid client found for clientId: " + clientId);
if (ex.getError() != null) {
reportInvalidClient(ex.getError());
return null;
}
}
if (client == null) {
LOG.warning("No valid client found for clientId: " + clientId);
reportInvalidClient();
}
return client;
}
Also used :
OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)
Client(org.apache.cxf.rs.security.oauth2.common.Client)
Example 12 with OAuthServiceException
use of org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException in project cxf by apache.
the class AccessTokenService method handleTokenRequest.
/**
* Processes an access token request
* @param params the form parameters representing the access token grant
* @return Access Token or the error
*/
@POST
@Consumes("application/x-www-form-urlencoded")
@Produces("application/json")
public Response handleTokenRequest(MultivaluedMap<String, String> params) {
// Make sure the client is authenticated
Client client = authenticateClientIfNeeded(params);
if (!OAuthUtils.isGrantSupportedForClient(client, isCanSupportPublicClients(), params.getFirst(OAuthConstants.GRANT_TYPE))) {
LOG.log(Level.FINE, "The grant type {} is not supported for the client", params.getFirst(OAuthConstants.GRANT_TYPE));
return createErrorResponse(params, OAuthConstants.UNAUTHORIZED_CLIENT);
}
try {
checkAudience(client, params);
} catch (OAuthServiceException ex) {
return super.createErrorResponseFromBean(ex.getError());
}
// Find the grant handler
AccessTokenGrantHandler handler = findGrantHandler(params);
if (handler == null) {
LOG.fine("No Grant Handler found");
return createErrorResponse(params, OAuthConstants.UNSUPPORTED_GRANT_TYPE);
}
// Create the access token
ServerAccessToken serverToken = null;
try {
serverToken = handler.createAccessToken(client, params);
} catch (WebApplicationException ex) {
throw ex;
} catch (RuntimeException ex) {
// This is done to bypass a Check-Style
// restriction on a number of return statements
OAuthServiceException oauthEx = ex instanceof OAuthServiceException ? (OAuthServiceException) ex : new OAuthServiceException(ex);
return handleException(oauthEx, OAuthConstants.INVALID_GRANT);
}
if (serverToken == null) {
LOG.fine("No access token was created");
return createErrorResponse(params, OAuthConstants.INVALID_GRANT);
}
// Extract the information to be of use for the client
ClientAccessToken clientToken = OAuthUtils.toClientAccessToken(serverToken, isWriteOptionalParameters());
processClientAccessToken(clientToken, serverToken);
// Return it to the client
return Response.ok(clientToken).header(HttpHeaders.CACHE_CONTROL, "no-store").header("Pragma", "no-cache").build();
}
Also used :
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
WebApplicationException(javax.ws.rs.WebApplicationException)
OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)
AccessTokenGrantHandler(org.apache.cxf.rs.security.oauth2.provider.AccessTokenGrantHandler)
ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)
Client(org.apache.cxf.rs.security.oauth2.common.Client)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
Example 13 with OAuthServiceException
use of org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException in project cxf by apache.
the class RedirectionBasedGrantService method startAuthorization.
protected Response startAuthorization(MultivaluedMap<String, String> params, UserSubject userSubject, Client client, String redirectUri) {
// Enforce the client confidentiality requirements
if (!OAuthUtils.isGrantSupportedForClient(client, canSupportPublicClient(client), supportedGrantType)) {
LOG.fine("The grant type is not supported");
return createErrorResponse(params, redirectUri, OAuthConstants.UNAUTHORIZED_CLIENT);
}
// Check response_type
String responseType = params.getFirst(OAuthConstants.RESPONSE_TYPE);
if (responseType == null || !getSupportedResponseTypes().contains(responseType)) {
LOG.fine("The response type is null or not supported");
return createErrorResponse(params, redirectUri, OAuthConstants.UNSUPPORTED_RESPONSE_TYPE);
}
// Get the requested scopes
String providedScope = params.getFirst(OAuthConstants.SCOPE);
List<String> requestedScope = null;
List<OAuthPermission> requestedPermissions = null;
try {
requestedScope = OAuthUtils.getRequestedScopes(client, providedScope, useAllClientScopes, partialMatchScopeValidation);
requestedPermissions = getDataProvider().convertScopeToPermissions(client, requestedScope);
} catch (OAuthServiceException ex) {
LOG.log(Level.FINE, "Error processing scopes", ex);
return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_SCOPE);
}
// Validate the audience
String clientAudience = params.getFirst(OAuthConstants.CLIENT_AUDIENCE);
// in the list of Client audiences set at the Client registration time.
if (!OAuthUtils.validateAudience(clientAudience, client.getRegisteredAudiences())) {
LOG.fine("Error validating audience parameter");
return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_REQUEST);
}
// Request a new grant only if no pre-authorized token is available
ServerAccessToken preAuthorizedToken = null;
if (canAccessTokenBeReturned(responseType)) {
preAuthorizedToken = getDataProvider().getPreauthorizedToken(client, requestedScope, userSubject, supportedGrantType);
}
List<OAuthPermission> alreadyAuthorizedPerms = null;
boolean preAuthorizationComplete = false;
if (preAuthorizedToken != null) {
alreadyAuthorizedPerms = preAuthorizedToken.getScopes();
preAuthorizationComplete = OAuthUtils.convertPermissionsToScopeList(alreadyAuthorizedPerms).containsAll(requestedScope);
}
Response finalResponse = null;
try {
final boolean authorizationCanBeSkipped = preAuthorizationComplete || canAuthorizationBeSkipped(params, client, userSubject, requestedScope, requestedPermissions);
// Populate the authorization challenge data
OAuthAuthorizationData data = createAuthorizationData(client, params, redirectUri, userSubject, requestedPermissions, alreadyAuthorizedPerms, authorizationCanBeSkipped);
if (authorizationCanBeSkipped) {
getMessageContext().put(AUTHORIZATION_REQUEST_PARAMETERS, params);
List<OAuthPermission> approvedScopes = preAuthorizationComplete ? preAuthorizedToken.getScopes() : requestedPermissions;
finalResponse = createGrant(data, client, requestedScope, OAuthUtils.convertPermissionsToScopeList(approvedScopes), userSubject, preAuthorizedToken);
} else {
if (preAuthorizedToken != null) {
data.setPreauthorizedTokenKey(preAuthorizedToken.getTokenKey());
}
finalResponse = Response.ok(data).build();
}
} catch (OAuthServiceException ex) {
finalResponse = createErrorResponse(params, redirectUri, ex.getError().getError());
}
return finalResponse;
}
Also used :
Response(javax.ws.rs.core.Response)
OAuthPermission(org.apache.cxf.rs.security.oauth2.common.OAuthPermission)
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)
OAuthAuthorizationData(org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData)
Example 14 with OAuthServiceException
use of org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException in project cxf by apache.
the class CodeGrantEncryptingDataProvider method createCodeGrant.
@Override
public ServerAuthorizationCodeGrant createCodeGrant(AuthorizationCodeRegistration reg) throws OAuthServiceException {
ServerAuthorizationCodeGrant grant = new ServerAuthorizationCodeGrant(reg.getClient(), 123);
grant.setAudience(reg.getAudience());
String encrypted = ModelEncryptionSupport.encryptCodeGrant(grant, key);
grant.setCode(encrypted);
grants.add(encrypted);
return grant;
}
Also used :
ServerAuthorizationCodeGrant(org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant)
Example 15 with OAuthServiceException
use of org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException in project cxf by apache.
the class EncryptingDataProvider method refreshAccessToken.
@Override
public ServerAccessToken refreshAccessToken(Client client, String refreshToken, List<String> requestedScopes) throws OAuthServiceException {
String encrypted = refreshTokens.remove(refreshToken);
ServerAccessToken token = ModelEncryptionSupport.decryptAccessToken(this, encrypted, key);
tokens.remove(token.getTokenKey());
// create a new refresh token
createRefreshToken(token);
// possibly update other token properties
encryptAccessToken(token);
return token;
}
Also used :
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
Aggregations
OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)37
ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)12
WebClient (org.apache.cxf.jaxrs.client.WebClient)11
Test (org.junit.Test)8
HashMap (java.util.HashMap)6
IOException (java.io.IOException)4
OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)4
UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)4
ArrayList (java.util.ArrayList)3
Base64Exception (org.apache.cxf.common.util.Base64Exception)3
Consumer (org.apache.cxf.rs.security.oauth2.client.Consumer)3
AccessTokenValidation (org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation)3
OAuthError (org.apache.cxf.rs.security.oauth2.common.OAuthError)3
InputStream (java.io.InputStream)2
List (java.util.List)2
Map (java.util.Map)2
Consumes (javax.ws.rs.Consumes)2
POST (javax.ws.rs.POST)2
ProcessingException (javax.ws.rs.ProcessingException)2
Produces (javax.ws.rs.Produces)2
