Example 1 with RefreshToken
use of org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken in project cxf by apache.
the class OAuthClientUtils method fromMapToClientToken.
public static ClientAccessToken fromMapToClientToken(Map<String, String> map, String defaultTokenType) {
if (map.containsKey(OAuthConstants.ACCESS_TOKEN)) {
String tokenType = map.remove(OAuthConstants.ACCESS_TOKEN_TYPE);
if (tokenType == null) {
tokenType = defaultTokenType;
}
if (tokenType != null) {
ClientAccessToken token = new ClientAccessToken(tokenType, map.remove(OAuthConstants.ACCESS_TOKEN));
String refreshToken = map.remove(OAuthConstants.REFRESH_TOKEN);
if (refreshToken != null) {
token.setRefreshToken(refreshToken);
}
String expiresInStr = map.remove(OAuthConstants.ACCESS_TOKEN_EXPIRES_IN);
if (expiresInStr != null) {
token.setExpiresIn(Long.parseLong(expiresInStr));
}
String issuedAtStr = map.remove(OAuthConstants.ACCESS_TOKEN_ISSUED_AT);
token.setIssuedAt(issuedAtStr != null ? Long.parseLong(issuedAtStr) : System.currentTimeMillis() / 1000);
String scope = map.remove(OAuthConstants.SCOPE);
if (scope != null) {
token.setApprovedScope(scope);
}
token.setParameters(map);
return token;
}
}
return null;
}
Also used :
ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)
Example 2 with RefreshToken
use of org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken in project cxf by apache.
the class OAuthInvoker method performInvocation.
@Override
protected Object performInvocation(Exchange exchange, final Object serviceObject, Method m, Object[] paramArray) throws Exception {
Message inMessage = exchange.getInMessage();
ClientTokenContext tokenContext = inMessage.getContent(ClientTokenContext.class);
try {
if (tokenContext != null) {
StaticClientTokenContext.setClientTokenContext(tokenContext);
}
return super.performInvocation(exchange, serviceObject, m, paramArray);
} catch (InvocationTargetException ex) {
if (tokenContext != null && ex.getCause() instanceof NotAuthorizedException && !inMessage.containsKey(OAUTH2_CALL_RETRIED)) {
ClientAccessToken accessToken = tokenContext.getToken();
String refreshToken = accessToken.getRefreshToken();
if (refreshToken != null) {
accessToken = OAuthClientUtils.refreshAccessToken(accessTokenServiceClient, consumer, accessToken);
validateRefreshedToken(tokenContext, accessToken);
MessageContext mc = new MessageContextImpl(inMessage);
((ClientTokenContextImpl) tokenContext).setToken(accessToken);
clientTokenContextManager.setClientTokenContext(mc, tokenContext);
// retry
inMessage.put(OAUTH2_CALL_RETRIED, true);
return super.performInvocation(exchange, serviceObject, m, paramArray);
}
}
throw ex;
} finally {
if (tokenContext != null) {
StaticClientTokenContext.removeClientTokenContext();
}
}
}
Also used :
Message(org.apache.cxf.message.Message)
ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)
NotAuthorizedException(javax.ws.rs.NotAuthorizedException)
MessageContext(org.apache.cxf.jaxrs.ext.MessageContext)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
MessageContextImpl(org.apache.cxf.jaxrs.ext.MessageContextImpl)
Example 3 with RefreshToken
use of org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken in project cxf by apache.
the class AbstractOAuthDataProvider method doRefreshAccessToken.
protected ServerAccessToken doRefreshAccessToken(Client client, RefreshToken oldRefreshToken, List<String> restrictedScopes) {
ServerAccessToken at = createNewAccessToken(client, oldRefreshToken.getSubject());
at.setAudiences(oldRefreshToken.getAudiences() != null ? new ArrayList<String>(oldRefreshToken.getAudiences()) : null);
at.setGrantType(oldRefreshToken.getGrantType());
at.setGrantCode(oldRefreshToken.getGrantCode());
at.setSubject(oldRefreshToken.getSubject());
at.setNonce(oldRefreshToken.getNonce());
at.setClientCodeVerifier(oldRefreshToken.getClientCodeVerifier());
if (restrictedScopes.isEmpty()) {
at.setScopes(oldRefreshToken.getScopes() != null ? new ArrayList<OAuthPermission>(oldRefreshToken.getScopes()) : null);
} else {
List<OAuthPermission> theNewScopes = convertScopeToPermissions(client, restrictedScopes);
if (oldRefreshToken.getScopes().containsAll(theNewScopes)) {
at.setScopes(theNewScopes);
} else {
throw new OAuthServiceException("Invalid scopes");
}
}
return at;
}
Also used :
OAuthPermission(org.apache.cxf.rs.security.oauth2.common.OAuthPermission)
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
ArrayList(java.util.ArrayList)
Example 4 with RefreshToken
use of org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken in project cxf by apache.
the class DefaultEHCacheOAuthDataProvider method getRefreshTokens.
@Override
public List<RefreshToken> getRefreshTokens(Client c, UserSubject sub) {
List<String> keys = CastUtils.cast(refreshTokenCache.getKeys());
List<RefreshToken> tokens = new ArrayList<>(keys.size());
for (String key : keys) {
RefreshToken token = getRefreshToken(key);
if (isTokenMatched(token, c, sub)) {
tokens.add(token);
}
}
return tokens;
}
Also used :
RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)
ArrayList(java.util.ArrayList)
Example 5 with RefreshToken
use of org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken in project cxf by apache.
the class JCacheOAuthDataProviderTest method testAddGetDeleteRefreshToken.
@Ignore
@Test
public void testAddGetDeleteRefreshToken() {
Client c = addClient("101", "bob");
AccessTokenRegistration atr = new AccessTokenRegistration();
atr.setClient(c);
atr.setApprovedScope(Arrays.asList("a", "refreshToken"));
atr.setSubject(c.getResourceOwnerSubject());
ServerAccessToken at = provider.createAccessToken(atr);
ServerAccessToken at2 = provider.getAccessToken(at.getTokenKey());
assertEquals(at.getTokenKey(), at2.getTokenKey());
List<OAuthPermission> scopes = at2.getScopes();
assertNotNull(scopes);
assertEquals(2, scopes.size());
OAuthPermission perm = scopes.get(0);
assertEquals("a", perm.getPermission());
OAuthPermission perm2 = scopes.get(1);
assertEquals("refreshToken", perm2.getPermission());
RefreshToken rt = provider.getRefreshToken(at2.getRefreshToken());
assertNotNull(rt);
assertEquals(at2.getTokenKey(), rt.getAccessTokens().get(0));
List<RefreshToken> tokens = provider.getRefreshTokens(c, c.getResourceOwnerSubject());
assertNotNull(tokens);
assertEquals(1, tokens.size());
assertEquals(rt.getTokenKey(), tokens.get(0).getTokenKey());
provider.revokeToken(c, rt.getTokenKey(), OAuthConstants.REFRESH_TOKEN);
assertNull(provider.getRefreshToken(rt.getTokenKey()));
}
Also used :
OAuthPermission(org.apache.cxf.rs.security.oauth2.common.OAuthPermission)
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
RefreshToken(org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)
Client(org.apache.cxf.rs.security.oauth2.common.Client)
AccessTokenRegistration(org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)
Ignore(org.junit.Ignore)
Test(org.junit.Test)
Aggregations
RefreshToken (org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken)13
ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)10
Client (org.apache.cxf.rs.security.oauth2.common.Client)6
OAuthPermission (org.apache.cxf.rs.security.oauth2.common.OAuthPermission)5
ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)4
AccessTokenRegistration (org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration)3
Test (org.junit.Test)3
AccessToken (com.nimbusds.oauth2.sdk.token.AccessToken)2
BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)2
TypelessAccessToken (com.nimbusds.oauth2.sdk.token.TypelessAccessToken)2
ArrayList (java.util.ArrayList)2
WebClient (org.apache.cxf.jaxrs.client.WebClient)2
Consumer (org.apache.cxf.rs.security.oauth2.client.Consumer)2
AccessTokenGrant (org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant)2
RefreshTokenGrant (org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrant)2
OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)2
OidcValidationException (org.codice.ddf.security.oidc.validator.OidcValidationException)2
File (java.io.File)1
InvocationTargetException (java.lang.reflect.InvocationTargetException)1
MalformedURLException (java.net.MalformedURLException)1
