Example 6 with BearerAccessToken
use of org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken in project cxf by apache.
the class JwtTokenUtils method createAccessTokenFromJwt.
public static ServerAccessToken createAccessTokenFromJwt(JoseJwtConsumer consumer, String jose, ClientRegistrationProvider clientProvider, Map<String, String> claimsMap) {
JwtClaims claims = consumer.getJwtToken(jose).getClaims();
// 'client_id' or 'cid', default client_id
String clientIdClaimName = JwtTokenUtils.getClaimName(OAuthConstants.CLIENT_ID, OAuthConstants.CLIENT_ID, claimsMap);
String clientId = claims.getStringProperty(clientIdClaimName);
Client c = clientProvider.getClient(clientId);
long issuedAt = claims.getIssuedAt();
long lifetime = claims.getExpiryTime() - issuedAt;
BearerAccessToken at = new BearerAccessToken(c, jose, lifetime, issuedAt);
List<String> audiences = claims.getAudiences();
if (audiences != null && !audiences.isEmpty()) {
at.setAudiences(claims.getAudiences());
}
String issuer = claims.getIssuer();
if (issuer != null) {
at.setIssuer(issuer);
}
Object scope = claims.getClaim(OAuthConstants.SCOPE);
if (scope != null) {
String[] scopes = scope instanceof String ? scope.toString().split(" ") : CastUtils.cast((List<?>) scope).toArray(new String[] {});
List<OAuthPermission> perms = new LinkedList<OAuthPermission>();
for (String s : scopes) {
if (!StringUtils.isEmpty(s)) {
perms.add(new OAuthPermission(s.trim()));
}
}
at.setScopes(perms);
}
final String usernameProp = "username";
String usernameClaimName = JwtTokenUtils.getClaimName(usernameProp, usernameProp, claimsMap);
String username = claims.getStringProperty(usernameClaimName);
String subject = claims.getSubject();
if (username != null) {
UserSubject userSubject = new UserSubject(username);
if (subject != null) {
userSubject.setId(subject);
}
at.setSubject(userSubject);
} else if (subject != null) {
at.setSubject(new UserSubject(subject));
}
String grantType = claims.getStringProperty(OAuthConstants.GRANT_TYPE);
if (grantType != null) {
at.setGrantType(grantType);
}
String grantCode = claims.getStringProperty(OAuthConstants.AUTHORIZATION_CODE_GRANT);
if (grantCode != null) {
at.setGrantCode(grantCode);
}
String codeVerifier = claims.getStringProperty(OAuthConstants.AUTHORIZATION_CODE_VERIFIER);
if (codeVerifier != null) {
at.setClientCodeVerifier(codeVerifier);
}
String nonce = claims.getStringProperty(OAuthConstants.NONCE);
if (nonce != null) {
at.setNonce(nonce);
}
Map<String, String> extraProperties = CastUtils.cast((Map<?, ?>) claims.getClaim("extra_properties"));
if (extraProperties != null) {
at.getExtraProperties().putAll(extraProperties);
Map<String, Object> cnfClaim = CastUtils.cast((Map<?, ?>) claims.getClaim(JwtConstants.CLAIM_CONFIRMATION));
if (cnfClaim != null) {
Object certCnf = cnfClaim.get(JoseConstants.HEADER_X509_THUMBPRINT_SHA256);
if (certCnf != null) {
at.getExtraProperties().put(JoseConstants.HEADER_X509_THUMBPRINT_SHA256, certCnf.toString());
}
}
}
return at;
}
Also used :
OAuthPermission(org.apache.cxf.rs.security.oauth2.common.OAuthPermission)
JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims)
LinkedList(java.util.LinkedList)
UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject)
BearerAccessToken(org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken)
Client(org.apache.cxf.rs.security.oauth2.common.Client)
Example 7 with BearerAccessToken
use of org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken in project cxf by apache.
the class TokenGrantHandlerTest method testSimpleGrantSupported.
@Test
public void testSimpleGrantSupported() {
SimpleGrantHandler handler = new SimpleGrantHandler();
handler.setDataProvider(new OAuthDataProviderImpl());
ServerAccessToken t = handler.createAccessToken(createClient("a"), createMap("a"));
assertTrue(t instanceof BearerAccessToken);
}
Also used :
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
BearerAccessToken(org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken)
Test(org.junit.Test)
Aggregations
BearerAccessToken (org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken)7
ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)5
Test (org.junit.Test)5
AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
ByteArrayOutputStream (java.io.ByteArrayOutputStream)2
KeyPair (java.security.KeyPair)2
KeyPairGenerator (java.security.KeyPairGenerator)2
PrivateKey (java.security.PrivateKey)2
PublicKey (java.security.PublicKey)2
JSONProvider (org.apache.cxf.jaxrs.provider.json.JSONProvider)2
OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)2
LinkedList (java.util.LinkedList)1
SecretKey (javax.crypto.SecretKey)1
JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)1
Client (org.apache.cxf.rs.security.oauth2.common.Client)1
UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)1
KeyProperties (org.apache.cxf.rt.security.crypto.KeyProperties)1
