Examples with OAuthServiceException org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException used on opensource projects

Example 41 with OAuthServiceException

use of org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException in project cxf by apache.

the class AbstractOAuthDataProvider method convertSingleScopeToPermission.

protected void convertSingleScopeToPermission(Client client, String scope, List<OAuthPermission> perms) {
    OAuthPermission permission = permissionMap.get(scope);
    if (permission == null) {
        throw new OAuthServiceException("Unexpected scope: " + scope);
    }
    perms.add(permission);
}

Example 42 with OAuthServiceException

use of org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException in project cxf by apache.

the class AuthorizationCodeGrantService method createGrant.

protected Response createGrant(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preauthorizedToken) {
    // in this flow the code is still created, the preauthorized token
    // will be retrieved by the authorization code grant handler
    ServerAuthorizationCodeGrant grant = null;
    try {
        grant = getGrantRepresentation(state, client, requestedScope, approvedScope, userSubject, preauthorizedToken);
    } catch (OAuthServiceException ex) {
        return createErrorResponse(state.getState(), state.getRedirectUri(), OAuthConstants.ACCESS_DENIED);
    }
    String grantCode = processCodeGrant(client, grant.getCode(), grant.getSubject());
    if (state.getRedirectUri() == null) {
        OOBAuthorizationResponse bean = new OOBAuthorizationResponse();
        bean.setClientId(client.getClientId());
        bean.setClientDescription(client.getApplicationDescription());
        bean.setAuthorizationCode(grantCode);
        bean.setUserId(userSubject.getLogin());
        bean.setExpiresIn(grant.getExpiresIn());
        return deliverOOBResponse(bean);
    } else if (isFormResponse(state)) {
        FormAuthorizationResponse bean = new FormAuthorizationResponse();
        bean.setAuthorizationCode(grantCode);
        bean.setExpiresIn(grant.getExpiresIn());
        bean.setState(state.getState());
        bean.setRedirectUri(state.getRedirectUri());
        return createHtmlResponse(bean);
    } else {
        // return the code by appending it as a query parameter to the redirect URI
        UriBuilder ub = getRedirectUriBuilder(state.getState(), state.getRedirectUri());
        ub.queryParam(OAuthConstants.AUTHORIZATION_CODE_VALUE, grantCode);
        return Response.seeOther(ub.build()).build();
    }
}

Example 43 with OAuthServiceException

use of org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException in project cxf by apache.

the class TokenRevocationService method handleTokenRevocation.

/**
 * Processes a token revocation request
 * @param params the form parameters representing the access token grant
 * @return Access Token or the error
 */
@POST
@Consumes("application/x-www-form-urlencoded")
@Produces("application/json")
public Response handleTokenRevocation(MultivaluedMap<String, String> params) {
    // Make sure the client is authenticated
    Client client = authenticateClientIfNeeded(params);
    String token = params.getFirst(OAuthConstants.TOKEN_ID);
    if (token == null) {
        return createErrorResponse(params, OAuthConstants.UNSUPPORTED_TOKEN_TYPE);
    }
    String tokenTypeHint = params.getFirst(OAuthConstants.TOKEN_TYPE_HINT);
    if (tokenTypeHint != null && !OAuthConstants.ACCESS_TOKEN.equals(tokenTypeHint) && !OAuthConstants.REFRESH_TOKEN.equals(tokenTypeHint)) {
        return createErrorResponseFromErrorCode(OAuthConstants.UNSUPPORTED_TOKEN_TYPE);
    }
    try {
        getDataProvider().revokeToken(client, token, tokenTypeHint);
    } catch (OAuthServiceException ex) {
    // Spec: The authorization server responds with HTTP status code 200 if the
    // token has been revoked successfully or if the client submitted an
    // invalid token
    }
    return Response.ok().build();
}

Example 44 with OAuthServiceException

use of org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException in project cxf by apache.

the class AbstractHawkAccessTokenValidator method validateAccessToken.

public AccessTokenValidation validateAccessToken(MessageContext mc, String authScheme, String authSchemeData, MultivaluedMap<String, String> extraProps) throws OAuthServiceException {
    Map<String, String> schemeParams = getSchemeParameters(authSchemeData);
    AccessTokenValidation atv = getAccessTokenValidation(mc, authScheme, authSchemeData, extraProps, schemeParams);
    if (isRemoteSignatureValidation()) {
        return atv;
    }
    String macKey = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_KEY);
    String macAlgo = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_ALGORITHM);
    HttpRequestProperties httpProps = null;
    if (extraProps != null && extraProps.containsKey(HTTP_VERB) && extraProps.containsKey(HTTP_URI)) {
        httpProps = new HttpRequestProperties(URI.create(extraProps.getFirst(HTTP_URI)), extraProps.getFirst(HTTP_VERB));
    } else {
        httpProps = new HttpRequestProperties(mc.getUriInfo().getRequestUri(), mc.getHttpServletRequest().getMethod());
    }
    HawkAuthorizationScheme macAuthInfo = new HawkAuthorizationScheme(httpProps, schemeParams);
    String normalizedString = macAuthInfo.getNormalizedRequestString();
    try {
        HmacAlgorithm hmacAlgo = HmacAlgorithm.toHmacAlgorithm(macAlgo);
        byte[] serverMacData = HmacUtils.computeHmac(macKey, hmacAlgo.getJavaName(), normalizedString);
        String clientMacString = schemeParams.get(OAuthConstants.HAWK_TOKEN_SIGNATURE);
        byte[] clientMacData = Base64Utility.decode(clientMacString);
        boolean validMac = MessageDigest.isEqual(serverMacData, clientMacData);
        if (!validMac) {
            AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(OAuthConstants.HAWK_AUTHORIZATION_SCHEME));
        }
    } catch (Base64Exception e) {
        throw new OAuthServiceException(OAuthConstants.SERVER_ERROR, e);
    }
    validateTimestampNonce(macKey, macAuthInfo.getTimestamp(), macAuthInfo.getNonce());
    return atv;
}

Example 45 with OAuthServiceException

use of org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException in project cxf by apache.

the class HawkAccessTokenValidator method getAccessTokenValidation.

protected AccessTokenValidation getAccessTokenValidation(MessageContext mc, String authScheme, String authSchemeData, MultivaluedMap<String, String> extraProps, Map<String, String> schemeParams) {
    String macKey = schemeParams.get(OAuthConstants.HAWK_TOKEN_ID);
    ServerAccessToken accessToken = dataProvider.getAccessToken(macKey);
    if (!(accessToken instanceof HawkAccessToken)) {
        throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
    }
    HawkAccessToken macAccessToken = (HawkAccessToken) accessToken;
    AccessTokenValidation atv = new AccessTokenValidation(macAccessToken);
    // OAuth2 Pop token introspection will likely support returning a JWE-encrypted key
    if (!isRemoteSignatureValidation() || mc.getSecurityContext().isSecure()) {
        atv.getExtraProps().put(OAuthConstants.HAWK_TOKEN_KEY, macAccessToken.getMacKey());
        atv.getExtraProps().put(OAuthConstants.HAWK_TOKEN_ALGORITHM, macAccessToken.getMacAlgorithm());
    }
    return atv;
}