Example 11 with SecurityContext
use of org.apache.cxf.security.SecurityContext in project cxf by apache.
the class DirectAuthorizationService method getAndValidateSecurityContext.
protected SecurityContext getAndValidateSecurityContext(MultivaluedMap<String, String> params) {
SecurityContext securityContext = (SecurityContext) getMessageContext().get(SecurityContext.class.getName());
if (securityContext == null || securityContext.getUserPrincipal() == null) {
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
checkTransportSecurity();
return securityContext;
}
Also used :
SecurityContext(org.apache.cxf.security.SecurityContext)
Example 12 with SecurityContext
use of org.apache.cxf.security.SecurityContext in project cxf by apache.
the class RedirectionBasedGrantService method getAndValidateSecurityContext.
protected SecurityContext getAndValidateSecurityContext(MultivaluedMap<String, String> params) {
SecurityContext securityContext = (SecurityContext) getMessageContext().get(SecurityContext.class.getName());
if (securityContext == null || securityContext.getUserPrincipal() == null) {
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
checkTransportSecurity();
return securityContext;
}
Also used :
SecurityContext(org.apache.cxf.security.SecurityContext)
Example 13 with SecurityContext
use of org.apache.cxf.security.SecurityContext in project cxf by apache.
the class RedirectionBasedGrantService method startAuthorization.
/**
* Starts the authorization process
*/
protected Response startAuthorization(MultivaluedMap<String, String> params) {
// Make sure the end user has authenticated, check if HTTPS is used
SecurityContext sc = getAndValidateSecurityContext(params);
Client client = getClient(params.getFirst(OAuthConstants.CLIENT_ID), params);
// Create a UserSubject representing the end user
UserSubject userSubject = createUserSubject(sc, params);
if (authorizationFilter != null) {
params = authorizationFilter.process(params, userSubject, client);
}
// Validate the provided request URI, if any, against the ones Client provided
// during the registration
String redirectUri = validateRedirectUri(client, params.getFirst(OAuthConstants.REDIRECT_URI));
return startAuthorization(params, userSubject, client, redirectUri);
}
Also used :
UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject)
SecurityContext(org.apache.cxf.security.SecurityContext)
Client(org.apache.cxf.rs.security.oauth2.common.Client)
Example 14 with SecurityContext
use of org.apache.cxf.security.SecurityContext in project cxf by apache.
the class RedirectionBasedGrantService method completeAuthorization.
/**
* Completes the authorization process
*/
protected Response completeAuthorization(MultivaluedMap<String, String> params) {
// Make sure the end user has authenticated, check if HTTPS is used
SecurityContext securityContext = getAndValidateSecurityContext(params);
UserSubject userSubject = createUserSubject(securityContext, params);
// Make sure the session is valid
String sessionTokenParamName = params.getFirst(OAuthConstants.SESSION_AUTHENTICITY_TOKEN_PARAM_NAME);
if (sessionTokenParamName == null) {
sessionTokenParamName = OAuthConstants.SESSION_AUTHENTICITY_TOKEN;
}
String sessionToken = params.getFirst(sessionTokenParamName);
if (sessionToken == null || !compareRequestAndSessionTokens(sessionToken, params, userSubject)) {
throw ExceptionUtils.toBadRequestException(null, null);
}
OAuthRedirectionState state = recreateRedirectionStateFromSession(userSubject, sessionToken);
if (state == null) {
state = recreateRedirectionStateFromParams(params);
}
Client client = getClient(state.getClientId(), params);
String redirectUri = validateRedirectUri(client, state.getRedirectUri());
// Get the end user decision value
String decision = params.getFirst(OAuthConstants.AUTHORIZATION_DECISION_KEY);
boolean allow = OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(decision);
// Return the error if denied
if (!allow) {
return createErrorResponse(params, redirectUri, OAuthConstants.ACCESS_DENIED);
}
// Check if the end user may have had a chance to down-scope the requested scopes
List<String> requestedScope = OAuthUtils.parseScope(state.getProposedScope());
List<String> approvedScope = new LinkedList<String>();
for (String rScope : requestedScope) {
String param = params.getFirst(rScope + "_status");
if (param != null && OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(param)) {
approvedScope.add(rScope);
}
}
if (!requestedScope.containsAll(approvedScope) || !OAuthUtils.validateScopes(requestedScope, client.getRegisteredScopes(), partialMatchScopeValidation)) {
return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_SCOPE);
}
getMessageContext().put(AUTHORIZATION_REQUEST_PARAMETERS, params);
String preAuthorizedTokenKey = params.getFirst(PREAUTHORIZED_TOKEN_KEY);
if (preAuthorizedTokenKey != null && isRevokePreauthorizedTokenOnApproval()) {
getDataProvider().revokeToken(client, preAuthorizedTokenKey, OAuthConstants.ACCESS_TOKEN);
}
// Request a new grant
return createGrant(state, client, requestedScope, approvedScope, userSubject, null);
}
Also used :
OAuthRedirectionState(org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState)
UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject)
SecurityContext(org.apache.cxf.security.SecurityContext)
Client(org.apache.cxf.rs.security.oauth2.common.Client)
LinkedList(java.util.LinkedList)
Example 15 with SecurityContext
use of org.apache.cxf.security.SecurityContext in project cxf by apache.
the class ClaimsAuthorizingInterceptorTest method prepareMessage.
private Message prepareMessage(Class<?> cls, String methodName, org.apache.cxf.rt.security.claims.Claim... claim) throws Exception {
ClaimCollection claims = new ClaimCollection();
claims.addAll(Arrays.asList(claim));
Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
SecurityContext sc = new SAMLSecurityContext(new SimplePrincipal("user"), roles, claims);
Message m = new MessageImpl();
m.setExchange(new ExchangeImpl());
m.put(SecurityContext.class, sc);
m.put("org.apache.cxf.resource.method", cls.getMethod(methodName, new Class[] {}));
return m;
}
Also used :
Message(org.apache.cxf.message.Message)
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
MessageImpl(org.apache.cxf.message.MessageImpl)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Principal(java.security.Principal)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
ExchangeImpl(org.apache.cxf.message.ExchangeImpl)
Aggregations
SecurityContext (org.apache.cxf.security.SecurityContext)74
Principal (java.security.Principal)26
Message (org.apache.cxf.message.Message)16
Subject (javax.security.auth.Subject)13
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)12
DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)11
SimplePrincipal (org.apache.cxf.common.security.SimplePrincipal)10
Test (org.junit.Test)10
ArrayList (java.util.ArrayList)9
SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)9
WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)9
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)8
LoginSecurityContext (org.apache.cxf.security.LoginSecurityContext)7
QName (javax.xml.namespace.QName)6
SecurityToken (org.apache.cxf.common.security.SecurityToken)6
MessageImpl (org.apache.cxf.message.MessageImpl)6
HashMap (java.util.HashMap)5
UserSubject (org.apache.cxf.rs.security.oauth2.common.UserSubject)5
Element (org.w3c.dom.Element)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
