Java Code Examples for org.apache.cxf.rs.security.oauth2.common.Client#isConfidential()

The following examples show how to use org.apache.cxf.rs.security.oauth2.common.Client#isConfidential() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ClientRegistrationService.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up 
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces(MediaType.TEXT_HTML)
@Path("/{id}/reset")
public Client resetClient(@PathParam("id") String id,
                          @FormParam("client_csrfToken") String csrfToken) {
    // CSRF
    checkCSRFToken(csrfToken);
    checkSecurityContext();

    Client c = getRegisteredClient(id);
    if (c == null) {
        throw new InvalidRegistrationException("The client id is invalid");
    }
    if (c.isConfidential()) {
        c.setClientSecret(generateClientSecret());
    }
    clientProvider.setClient(c);
    return c;
}
Example 2
Source File: AuthorizationCodeGrantHandler.java    From cxf with Apache License 2.0 5 votes vote down vote up 
private boolean compareCodeVerifierWithChallenge(Client c, String clientCodeVerifier,
                                                 String clientCodeChallenge) {
    if (clientCodeChallenge == null && clientCodeVerifier == null
        && (c.isConfidential() || !expectCodeVerifierForPublicClients)) {
        return true;
    } else if (clientCodeChallenge != null && clientCodeVerifier == null
        || clientCodeChallenge == null && clientCodeVerifier != null) {
        return false;
    } else {
        String transformedCodeVerifier = codeVerifierTransformer == null
            ? clientCodeVerifier : codeVerifierTransformer.transformCodeVerifier(clientCodeVerifier);
        return clientCodeChallenge.equals(transformedCodeVerifier);
    }
}
Example 3
Source File: ClientCredentialsGrantHandler.java    From cxf with Apache License 2.0 5 votes vote down vote up 
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params)
    throws OAuthServiceException {

    if (!client.isConfidential()) {
        throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_CLIENT));
    }
    
    ServerAccessToken at = doCreateAccessToken(client, client.getSubject(), params);
    if (at.getRefreshToken() != null) {
        LOG.warning("Client credentials grant tokens SHOULD not have refresh tokens");
    }
    return at;
}
Example 4
Source File: OAuthUtils.java    From cxf with Apache License 2.0 5 votes vote down vote up 
public static boolean isGrantSupportedForClient(Client client,
                                                boolean canSupportPublicClients,
                                                String grantType) {
    if (grantType == null || !client.isConfidential() && !canSupportPublicClients) {
        return false;
    }
    List<String> allowedGrants = client.getAllowedGrantTypes();
    return allowedGrants.isEmpty() || allowedGrants.contains(grantType);
}
Example 5
Source File: AbstractTokenService.java    From cxf with Apache License 2.0 5 votes vote down vote up 
protected Client getAndValidateClientFromIdAndSecret(String clientId,
                                                     String providedClientSecret,
                                                     MultivaluedMap<String, String> params) {
    Client client = getClient(clientId, providedClientSecret, params);
    if (!client.getClientId().equals(clientId)) {
        reportInvalidClient();
    }
    if (!client.isConfidential()
        || !isConfidenatialClientSecretValid(client, providedClientSecret)) {
        reportInvalidClient();
    }
    return client;
}
Example 6
Source File: AuthorizationCodeGrantService.java    From cxf with Apache License 2.0 4 votes vote down vote up 
@Override
protected boolean canSupportPublicClient(Client c) {
    return canSupportPublicClients && !c.isConfidential() && c.getClientSecret() == null;
}
Example 7
Source File: AuthorizationCodeGrantService.java    From cxf with Apache License 2.0 4 votes vote down vote up 
@Override
protected boolean canRedirectUriBeEmpty(Client c) {
    // If a redirect URI is empty then the code will be returned out of band,
    // typically will be returned directly to a human user
    return c.isConfidential() && canSupportEmptyRedirectForPrivateClients;
}
Example 8
Source File: AbstractTokenService.java    From cxf with Apache License 2.0 4 votes vote down vote up 
protected boolean isValidPublicClient(Client client, String clientId) {
    return canSupportPublicClients
        && !client.isConfidential()
        && client.getClientSecret() == null;
}
Example 9
Source File: HawkAccessToken.java    From cxf with Apache License 2.0 4 votes vote down vote up 
private static Client checkClient(Client c) {
    if (!c.isConfidential()) {
        throw new OAuthServiceException("Public clients can not keep a MAC secret");
    }
    return c;
}