Java Code Examples for org.apache.cxf.rs.security.oauth2.common.ServerAccessToken

The following examples show how to use org.apache.cxf.rs.security.oauth2.common.ServerAccessToken. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: cxf-fediz   Source File: BackChannelLogoutHandler.java    License: Apache License 2.0 6 votes vote down vote up
public void handleLogout(Client client, OidcUserSubject subject, IdToken idTokenHint) {
    // At the moment the only way to find out which RPs a given User is logged in is
    // to check the access tokens - it can not offer a complete solution, for ex
    // in cases when ATs have expired or been revoked or Implicit id_token flow is used.
    // Most likely a 'visited sites' cookie as suggested by the spec will need to be used.
    List<ServerAccessToken> accessTokens = dataProvider.getAccessTokens(null,  subject);
    Set<String> processedClients = new HashSet<>();
    for (ServerAccessToken at : accessTokens) {
        Client atClient = at.getClient();
        if (client.getClientId().equals(atClient.getClientId())
            || processedClients.contains(atClient.getClientId())) {
            continue;
        }
        String uri = atClient.getProperties().get(BACK_CHANNEL_LOGOUT_URI);
        if (uri != null) {
            processedClients.add(atClient.getClientId());
            submitBackChannelLogoutRequest(atClient, subject, idTokenHint, uri);
        }
    }
    
    

}
 
Example 2
Source Project: cxf   Source File: AbstractGrantHandler.java    License: Apache License 2.0 6 votes vote down vote up
protected ServerAccessToken getPreAuthorizedToken(Client client,
                                                  UserSubject subject,
                                                  String requestedGrant,
                                                  List<String> requestedScopes,
                                                  List<String> audiences) {
    if (!OAuthUtils.validateScopes(requestedScopes, client.getRegisteredScopes(),
                                   partialMatchScopeValidation)) {
        throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_SCOPE));
    }
    if (!OAuthUtils.validateAudiences(audiences, client.getRegisteredAudiences())) {
        throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_GRANT));
    }

    // Get a pre-authorized token if available
    return dataProvider.getPreauthorizedToken(
                                 client, requestedScopes, subject, requestedGrant);

}
 
Example 3
Source Project: cxf   Source File: OidcHybridService.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected AbstractFormImplicitResponse prepareFormResponse(OAuthRedirectionState state,
                                            Client client,
                                            List<String> requestedScope,
                                            List<String> approvedScope,
                                            UserSubject userSubject,
                                            ServerAccessToken preAuthorizedToken) {
    ServerAuthorizationCodeGrant codeGrant = prepareHybrideCode(
        state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);

    AbstractFormImplicitResponse implResp = super.prepareFormResponse(state, client, requestedScope,
                                                      approvedScope, userSubject, preAuthorizedToken);

    FormHybridResponse response = new FormHybridResponse();
    response.setResponseType(state.getResponseType());
    response.setRedirectUri(state.getRedirectUri());
    response.setState(state.getState());
    response.setImplicitResponse(implResp);
    if (codeGrant != null) {
        response.setCode(codeGrant.getCode());
    }
    return response;
}
 
Example 4
Source Project: cxf   Source File: OidcImplicitService.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected StringBuilder prepareRedirectResponse(OAuthRedirectionState state,
                               Client client,
                               List<String> requestedScope,
                               List<String> approvedScope,
                               UserSubject userSubject,
                               ServerAccessToken preAuthorizedToken) {

    if (canAccessTokenBeReturned(state.getResponseType())) {
        return super.prepareRedirectResponse(state, client, requestedScope, approvedScope,
                                             userSubject, preAuthorizedToken);
    }
    // id_token response type processing

    StringBuilder sb = getUriWithFragment(state.getRedirectUri());

    String idToken = getProcessedIdToken(state, userSubject,
                                         getApprovedScope(requestedScope, approvedScope));
    if (idToken != null) {
        sb.append(OidcUtils.ID_TOKEN).append('=').append(idToken);
    }
    finalizeResponse(sb, state);
    return sb;
}
 
Example 5
Source Project: cxf   Source File: OAuthUtils.java    License: Apache License 2.0 6 votes vote down vote up
public static ClientAccessToken toClientAccessToken(ServerAccessToken serverToken, boolean supportOptionalParams) {
    String tokenKey =
        serverToken.getEncodedToken() != null ? serverToken.getEncodedToken() : serverToken.getTokenKey();
    ClientAccessToken clientToken = new ClientAccessToken(serverToken.getTokenType(),
                                                          tokenKey);
    clientToken.setRefreshToken(serverToken.getRefreshToken());
    if (supportOptionalParams) {
        clientToken.setExpiresIn(serverToken.getExpiresIn());
        List<OAuthPermission> perms = serverToken.getScopes();
        String scopeString = OAuthUtils.convertPermissionsToScope(perms);
        if (!StringUtils.isEmpty(scopeString)) {
            clientToken.setApprovedScope(scopeString);
        }
        clientToken.setParameters(new HashMap<String, String>(serverToken.getParameters()));
    }
    return clientToken;
}
 
Example 6
Source Project: cxf   Source File: AuthorizationCodeGrantService.java    License: Apache License 2.0 6 votes vote down vote up
public ServerAuthorizationCodeGrant getGrantRepresentation(OAuthRedirectionState state,
                       Client client,
                       List<String> requestedScope,
                       List<String> approvedScope,
                       UserSubject userSubject,
                       ServerAccessToken preauthorizedToken) {
    AuthorizationCodeRegistration codeReg = createCodeRegistration(state,
                                                                   client,
                                                                   requestedScope,
                                                                   approvedScope,
                                                                   userSubject,
                                                                   preauthorizedToken);

    ServerAuthorizationCodeGrant grant =
        ((AuthorizationCodeDataProvider)getDataProvider()).createCodeGrant(codeReg);
    if (grant.getExpiresIn() > RECOMMENDED_CODE_EXPIRY_TIME_SECS) {
        LOG.warning("Code expiry time exceeds 10 minutes");
    }
    return grant;
}
 
Example 7
Source Project: cxf   Source File: AuthorizationCodeGrantService.java    License: Apache License 2.0 6 votes vote down vote up
protected AuthorizationCodeRegistration createCodeRegistration(OAuthRedirectionState state,
                                                               Client client,
                                                               List<String> requestedScope,
                                                               List<String> approvedScope,
                                                               UserSubject userSubject,
                                                               ServerAccessToken preauthorizedToken) {
    AuthorizationCodeRegistration codeReg = new AuthorizationCodeRegistration();
    codeReg.setPreauthorizedTokenAvailable(preauthorizedToken != null);
    codeReg.setClient(client);
    codeReg.setRedirectUri(state.getRedirectUri());
    codeReg.setRequestedScope(requestedScope);
    codeReg.setResponseType(state.getResponseType());
    codeReg.setApprovedScope(getApprovedScope(requestedScope, approvedScope));
    codeReg.setSubject(userSubject);
    codeReg.setAudience(state.getAudience());
    codeReg.setNonce(state.getNonce());
    codeReg.setClientCodeChallenge(state.getClientCodeChallenge());
    codeReg.getExtraProperties().putAll(state.getExtraProperties());
    return codeReg;
}
 
Example 8
Source Project: cxf   Source File: AbstractImplicitGrantService.java    License: Apache License 2.0 6 votes vote down vote up
protected ClientAccessToken getClientAccessToken(OAuthRedirectionState state,
                                                 Client client,
                                                 List<String> requestedScope,
                                                 List<String> approvedScope,
                                                 UserSubject userSubject,
                                                 ServerAccessToken preAuthorizedToken) {

    ServerAccessToken token = null;
    if (preAuthorizedToken == null) {
        AccessTokenRegistration reg = createTokenRegistration(state,
                                                              client,
                                                              requestedScope,
                                                              approvedScope,
                                                              userSubject);
        token = getDataProvider().createAccessToken(reg);
    } else {
        token = preAuthorizedToken;
        if (state.getNonce() != null) {
            JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.NONCE, state.getNonce());
        }
    }

    ClientAccessToken clientToken = OAuthUtils.toClientAccessToken(token, isWriteOptionalParameters());
    processClientAccessToken(clientToken, token);
    return clientToken;
}
 
Example 9
Source Project: cxf   Source File: JCacheOAuthDataProvider.java    License: Apache License 2.0 6 votes vote down vote up
public JCacheOAuthDataProvider(String configFileURL,
                               Bus bus,
                               String clientCacheKey,
                               String accessTokenCacheKey,
                               String refreshTokenCacheKey,
                               boolean storeJwtTokenKeyOnly) {

    cacheManager = createCacheManager(configFileURL, bus);
    clientCache = createCache(cacheManager, clientCacheKey, String.class, Client.class);

    this.storeJwtTokenKeyOnly = storeJwtTokenKeyOnly;
    if (storeJwtTokenKeyOnly) {
        jwtAccessTokenCache = createCache(cacheManager, accessTokenCacheKey, String.class, String.class);
    } else {
        accessTokenCache = createCache(cacheManager, accessTokenCacheKey, String.class, ServerAccessToken.class);
    }

    refreshTokenCache = createCache(cacheManager, refreshTokenCacheKey, String.class, RefreshToken.class);
}
 
Example 10
Source Project: cxf   Source File: OidcHybridService.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected StringBuilder prepareRedirectResponse(OAuthRedirectionState state,
                               Client client,
                               List<String> requestedScope,
                               List<String> approvedScope,
                               UserSubject userSubject,
                               ServerAccessToken preAuthorizedToken) {
    ServerAuthorizationCodeGrant codeGrant = prepareHybrideCode(
        state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);

    StringBuilder sb = super.prepareRedirectResponse(state, client, requestedScope,
                                                      approvedScope, userSubject, preAuthorizedToken);

    if (codeGrant != null) {
        sb.append('&');
        sb.append(OAuthConstants.AUTHORIZATION_CODE_VALUE).append('=').append(codeGrant.getCode());
    }
    return sb;
}
 
Example 11
Source Project: cxf   Source File: JPAOAuthDataProvider.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected ServerAccessToken doCreateAccessToken(AccessTokenRegistration atReg) {
    ServerAccessToken at = super.doCreateAccessToken(atReg);
    // we override this in order to get rid of elementCollections directly injected
    // from another entity
    // this can be the case when using multiple cmt dataProvider operation in a single entityManager
    // lifespan
    if (at.getAudiences() != null) {
        at.setAudiences(new ArrayList<>(at.getAudiences()));
    }
    if (at.getExtraProperties() != null) {
        at.setExtraProperties(new HashMap<String, String>(at.getExtraProperties()));
    }
    if (at.getScopes() != null) {
        at.setScopes(new ArrayList<>(at.getScopes()));
    }
    if (at.getParameters() != null) {
        at.setParameters(new HashMap<String, String>(at.getParameters()));
    }
    return at;
}
 
Example 12
Source Project: cxf   Source File: CryptoUtilsTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testBearerTokenJSON() throws Exception {
    AccessTokenRegistration atr = prepareTokenRegistration();

    BearerAccessToken token = p.createAccessTokenInternal(atr);
    JSONProvider<BearerAccessToken> jsonp = new JSONProvider<>();
    jsonp.setMarshallAsJaxbElement(true);
    jsonp.setUnmarshallAsJaxbElement(true);
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    jsonp.writeTo(token, BearerAccessToken.class, new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE,
                  new MetadataMap<String, Object>(), bos);

    String encrypted = CryptoUtils.encryptSequence(bos.toString(), p.key);
    String decrypted = CryptoUtils.decryptSequence(encrypted, p.key);
    ServerAccessToken token2 = jsonp.readFrom(BearerAccessToken.class, BearerAccessToken.class,
                                              new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE,
                                              new MetadataMap<String, String>(),
                                              new ByteArrayInputStream(decrypted.getBytes()));

    // compare tokens
    compareAccessTokens(token, token2);
}
 
Example 13
Source Project: cxf   Source File: JCacheOAuthDataProvider.java    License: Apache License 2.0 6 votes vote down vote up
protected List<ServerAccessToken> getJwtAccessTokens(Client client, UserSubject sub) {
    final Set<String> toRemove = new HashSet<>();
    final List<ServerAccessToken> tokens = new ArrayList<>();

    for (Iterator<Cache.Entry<String, String>> it = jwtAccessTokenCache.iterator(); it.hasNext();) {
        Cache.Entry<String, String> entry = it.next();
        String jose = entry.getValue();

        JoseJwtConsumer theConsumer = jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer;
        ServerAccessToken token = JwtTokenUtils.createAccessTokenFromJwt(theConsumer, jose, this,
                                                                               super.getJwtAccessTokenClaimMap());

        if (isExpired(token)) {
            toRemove.add(entry.getKey());
        } else if (isTokenMatched(token, client, sub)) {
            tokens.add(token);
        }
    }

    jwtAccessTokenCache.removeAll(toRemove);

    return tokens;
}
 
Example 14
Source Project: cxf   Source File: AbstractOAuthDataProviderTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testAddGetDeleteAccessTokenWithNullSubject() {
    Client c = addClient("102", "bob");

    AccessTokenRegistration atr = new AccessTokenRegistration();
    atr.setClient(c);
    atr.setApprovedScope(Collections.singletonList("a"));
    atr.setSubject(null);

    getProvider().createAccessToken(atr);
    List<ServerAccessToken> tokens = getProvider().getAccessTokens(c, null);
    assertNotNull(tokens);
    assertEquals(1, tokens.size());
    validateAccessToken(tokens.get(0));

    getProvider().removeClient(c.getClientId());

    tokens = getProvider().getAccessTokens(c, null);
    assertNotNull(tokens);
    assertEquals(0, tokens.size());
}
 
Example 15
Source Project: cxf   Source File: AbstractOAuthDataProvider.java    License: Apache License 2.0 6 votes vote down vote up
protected void handleLinkedRefreshToken(Client client, ServerAccessToken accessToken) {
    if (accessToken != null && accessToken.getRefreshToken() != null) {
        RefreshToken rt = getRefreshToken(accessToken.getRefreshToken());
        if (rt == null) {
            return;
        }

        unlinkRefreshAccessToken(rt, accessToken.getTokenKey());
        if (rt.getAccessTokens().isEmpty()) {
            revokeRefreshToken(client, rt.getTokenKey());
        } else {
            saveRefreshToken(rt);
        }
    }

}
 
Example 16
Source Project: cxf   Source File: AbstractOAuthDataProvider.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public ServerAccessToken getPreauthorizedToken(Client client,
                                               List<String> requestedScopes,
                                               UserSubject sub,
                                               String grantType) throws OAuthServiceException {
    if (!isSupportPreauthorizedTokens()) {
        return null;
    }

    ServerAccessToken token = null;
    for (ServerAccessToken at : getAccessTokens(client, sub)) {
        if (at.getClient().getClientId().equals(client.getClientId())
            && at.getGrantType().equals(grantType)
            && (sub == null && at.getSubject() == null
            || sub != null && at.getSubject().getLogin().equals(sub.getLogin()))) {
            if (!OAuthUtils.isExpired(at.getIssuedAt(), at.getExpiresIn())) {
                token = at;
            } else {
                revokeToken(client, at.getTokenKey(), OAuthConstants.ACCESS_TOKEN);
            }
            break;
        }
    }
    return token;

}
 
Example 17
@Override
public ServerAccessToken createAccessToken(final AccessTokenRegistration accessToken) throws OAuthServiceException {
    if (!accessToken.getRequestedScope().contains(OAuthConstants.REFRESH_TOKEN_SCOPE)) {
        accessToken.setRequestedScope(new ArrayList<>(accessToken.getRequestedScope()));
        accessToken.getRequestedScope().add(OAuthConstants.REFRESH_TOKEN_SCOPE);
    }
    if (!accessToken.getApprovedScope().contains(OAuthConstants.REFRESH_TOKEN_SCOPE)) {
        accessToken.setApprovedScope(new ArrayList<>(accessToken.getApprovedScope()));
        accessToken.getApprovedScope().add(OAuthConstants.REFRESH_TOKEN_SCOPE);
    }
    return delegate.createAccessToken(accessToken);
}
 
Example 18
Source Project: cxf   Source File: JCacheOAuthDataProvider.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected void doRevokeAccessToken(ServerAccessToken at) {
    if (isUseJwtFormatForAccessTokens() && isStoreJwtTokenKeyOnly()) {
        jwtAccessTokenCache.remove(at.getTokenKey());
    } else {
        accessTokenCache.remove(at.getTokenKey());
    }
}
 
Example 19
Source Project: olingo-odata4   Source File: OAuth2Provider.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public ServerAccessToken getPreauthorizedToken(
    final Client client, final List<String> list, final UserSubject us, final String string)
    throws OAuthServiceException {

  return null;
}
 
Example 20
Source Project: olingo-odata4   Source File: OAuth2Provider.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public ServerAccessToken createAccessToken(final AccessTokenRegistration atr) throws OAuthServiceException {
  token = new BearerAccessToken(atr.getClient(), 3600L);

  final List<String> scope = atr.getApprovedScope().isEmpty()
      ? atr.getRequestedScope()
      : atr.getApprovedScope();
      token.setScopes(convertScopeToPermissions(atr.getClient(), scope));
      token.setSubject(atr.getSubject());
      token.setGrantType(atr.getGrantType());

      return token;
}
 
Example 21
Source Project: cxf   Source File: AbstractOAuthDataProviderTest.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Checks that having multiple token each with its own
 * userSubject (but having same login) works.
 */
@Test
public void testAddGetDeleteMultipleAccessToken() {
    Client c = addClient("101", "bob");

    AccessTokenRegistration atr = new AccessTokenRegistration();
    atr.setClient(c);
    atr.setApprovedScope(Collections.singletonList("a"));
    atr.setSubject(c.getResourceOwnerSubject());
    ServerAccessToken at = getProvider().createAccessToken(atr);
    validateAccessToken(at);
    at = getProvider().getAccessToken(at.getTokenKey());
    validateAccessToken(at);

    AccessTokenRegistration atr2 = new AccessTokenRegistration();
    atr2.setClient(c);
    atr2.setApprovedScope(Collections.singletonList("a"));
    atr2.setSubject(new TestingUserSubject(c.getResourceOwnerSubject().getLogin()));
    ServerAccessToken at2 = getProvider().createAccessToken(atr2);
    validateAccessToken(at2);
    at2 = getProvider().getAccessToken(at2.getTokenKey());
    validateAccessToken(at2);

    assertNotNull(at.getSubject().getId());
    assertTrue(at.getSubject() instanceof UserSubject);
    assertNotNull(at2.getSubject().getId());
    assertTrue(at2.getSubject() instanceof TestingUserSubject);
    assertEquals(at.getSubject().getLogin(), at2.getSubject().getLogin());
    assertNotEquals(at.getSubject().getId(), at2.getSubject().getId());
}
 
Example 22
Source Project: cxf   Source File: EncryptingDataProvider.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public ServerAccessToken getPreauthorizedToken(Client client, List<String> requestedScopes,
                                               UserSubject subject, String grantType)
    throws OAuthServiceException {
    // This is an optimization useful in cases where a client requests an authorization code:
    // if a user has already provided a given client with a pre-authorized token then challenging
    // a user with yet another form asking for the authorization is redundant
    return null;
}
 
Example 23
Source Project: cxf   Source File: AbstractGrantHandler.java    License: Apache License 2.0 5 votes vote down vote up
protected ServerAccessToken doCreateAccessToken(Client client,
                                                UserSubject subject,
                                                MultivaluedMap<String, String> params) {

    return doCreateAccessToken(client,
                               subject,
                               OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE)),
                               getAudiences(client, params.getFirst(OAuthConstants.CLIENT_AUDIENCE)));
}
 
Example 24
Source Project: cxf   Source File: AbstractGrantHandler.java    License: Apache License 2.0 5 votes vote down vote up
protected ServerAccessToken doCreateAccessToken(Client client,
                                                UserSubject subject,
                                                List<String> requestedScopes,
                                                List<String> audiences) {

    return doCreateAccessToken(client, subject, getSingleGrantType(), requestedScopes,
                               audiences);
}
 
Example 25
Source Project: cxf   Source File: JCacheOAuthDataProvider.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected void saveAccessToken(ServerAccessToken serverToken) {
    if (isUseJwtFormatForAccessTokens() && isStoreJwtTokenKeyOnly()) {
        jwtAccessTokenCache.put(serverToken.getTokenKey(), serverToken.getTokenKey());
    } else {
        accessTokenCache.put(serverToken.getTokenKey(), serverToken);
    }

}
 
Example 26
Source Project: cxf   Source File: AbstractOAuthDataProvider.java    License: Apache License 2.0 5 votes vote down vote up
protected ServerAccessToken doRefreshAccessToken(Client client,
                                                 RefreshToken oldRefreshToken,
                                                 List<String> restrictedScopes) {
    ServerAccessToken at = createNewAccessToken(client, oldRefreshToken.getSubject());
    at.setAudiences(oldRefreshToken.getAudiences() != null
            ? new ArrayList<String>(oldRefreshToken.getAudiences()) : null);
    at.setGrantType(oldRefreshToken.getGrantType());
    at.setGrantCode(oldRefreshToken.getGrantCode());
    at.setSubject(oldRefreshToken.getSubject());
    at.setNonce(oldRefreshToken.getNonce());
    at.setClientCodeVerifier(oldRefreshToken.getClientCodeVerifier());
    at.getExtraProperties().putAll(oldRefreshToken.getExtraProperties());
    if (restrictedScopes.isEmpty()) {
        at.setScopes(oldRefreshToken.getScopes() != null
                ? new ArrayList<OAuthPermission>(oldRefreshToken.getScopes()) : null);
    } else {
        List<OAuthPermission> theNewScopes = convertScopeToPermissions(client, restrictedScopes);
        if (oldRefreshToken.getScopes().containsAll(theNewScopes)) {
            at.setScopes(theNewScopes);
        } else {
            throw new OAuthServiceException("Invalid scopes");
        }
    }

    if (isUseJwtFormatForAccessTokens()) {
        JwtClaims claims = createJwtAccessToken(at);
        String jose = processJwtAccessToken(claims);
        if (isPersistJwtEncoding()) {
            at.setTokenKey(jose);
        } else {
            at.setEncodedToken(jose);
        }
    }

    return at;
}
 
Example 27
Source Project: cxf   Source File: RefreshTokenGrantHandler.java    License: Apache License 2.0 5 votes vote down vote up
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params)
    throws OAuthServiceException {
    String refreshToken = params.getFirst(OAuthConstants.REFRESH_TOKEN);
    List<String> requestedScopes = OAuthUtils.getRequestedScopes(client,
                                        params.getFirst(OAuthConstants.SCOPE),
                                        useAllClientScopes,
                                        partialMatchScopeValidation);
    final ServerAccessToken st = dataProvider.refreshAccessToken(client, refreshToken, requestedScopes);
    st.setGrantType(OAuthConstants.REFRESH_TOKEN_GRANT);
    return st;
}
 
Example 28
Source Project: cxf   Source File: ClientCredentialsGrantHandler.java    License: Apache License 2.0 5 votes vote down vote up
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params)
    throws OAuthServiceException {

    if (!client.isConfidential()) {
        throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_CLIENT));
    }
    
    ServerAccessToken at = doCreateAccessToken(client, client.getSubject(), params);
    if (at.getRefreshToken() != null) {
        LOG.warning("Client credentials grant tokens SHOULD not have refresh tokens");
    }
    return at;
}
 
Example 29
Source Project: cxf   Source File: TokenGrantHandlerTest.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testSimpleGrantSupported() {
    SimpleGrantHandler handler = new SimpleGrantHandler();
    handler.setDataProvider(new OAuthDataProviderImpl());
    ServerAccessToken t = handler.createAccessToken(createClient("a"), createMap("a"));
    assertTrue(t instanceof BearerAccessToken);
}
 
Example 30
Source Project: cxf   Source File: ModelEncryptionSupport.java    License: Apache License 2.0 5 votes vote down vote up
public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider,
                                             String encodedData,
                                             Key secretKey,
                                             KeyProperties props) throws SecurityException {
    String decryptedSequence = CryptoUtils.decryptSequence(encodedData, secretKey, props);
    return recreateAccessToken(provider, encodedData, decryptedSequence);
}