Java Code Examples for org.apache.cxf.rs.security.oauth2.common.ClientAccessToken#getRefreshToken()

The following examples show how to use org.apache.cxf.rs.security.oauth2.common.ClientAccessToken#getRefreshToken() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: AbstractImplicitGrantService.java    From cxf with Apache License 2.0 5 votes vote down vote up 
protected StringBuilder prepareRedirectResponse(OAuthRedirectionState state,
                                      Client client,
                                      List<String> requestedScope,
                                      List<String> approvedScope,
                                      UserSubject userSubject,
                                      ServerAccessToken preAuthorizedToken) {

    ClientAccessToken clientToken =
        getClientAccessToken(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);
    // return the token by appending it as a fragment parameter to the redirect URI

    StringBuilder sb = getUriWithFragment(state.getRedirectUri());

    sb.append(OAuthConstants.ACCESS_TOKEN).append('=').append(clientToken.getTokenKey());
    sb.append('&');
    sb.append(OAuthConstants.ACCESS_TOKEN_TYPE).append('=').append(clientToken.getTokenType());

    if (isWriteOptionalParameters()) {
        sb.append('&').append(OAuthConstants.ACCESS_TOKEN_EXPIRES_IN)
            .append('=').append(clientToken.getExpiresIn());
        if (!StringUtils.isEmpty(clientToken.getApprovedScope())) {
            sb.append('&').append(OAuthConstants.SCOPE).append('=')
                .append(HttpUtils.queryEncode(clientToken.getApprovedScope()));
        }
        for (Map.Entry<String, String> entry : clientToken.getParameters().entrySet()) {
            sb.append('&').append(entry.getKey()).append('=').append(HttpUtils.queryEncode(entry.getValue()));
        }
    }
    if (clientToken.getRefreshToken() != null) {
        processRefreshToken(sb, clientToken.getRefreshToken());
    }

    finalizeResponse(sb, state);
    return sb;
}
Example 2
Source File: BearerAuthSupplier.java    From cxf with Apache License 2.0 5 votes vote down vote up 
private boolean refreshAccessToken(AuthorizationPolicy authPolicy) {
    ClientAccessToken at = getClientAccessToken();
    if (at.getRefreshToken() == null) {
        return false;
    }
    // Client id and secret are needed to refresh the tokens
    // AuthorizationPolicy can hold them by default, Consumer can also be injected into this supplier
    // and checked if the policy is null.
    // Client TLS authentication is also fine as an alternative authentication mechanism,
    // how can we check here that a 2-way TLS has been set up ?
    Consumer theConsumer = consumer;
    if (theConsumer == null
        && authPolicy != null && authPolicy.getUserName() != null && authPolicy.getPassword() != null) {
        theConsumer = new Consumer(authPolicy.getUserName(), authPolicy.getPassword());
        return false;
    }
    if (theConsumer == null) {
        return false;
    }
    // Can WebCient be safely constructed at HttpConduit initialization time ?
    // If yes then createAccessTokenServiceClient() can be called inside
    // setAccessTokenServiceUri, though given that the token refreshment would
    // not be done on every request the current approach is quite reasonable

    WebClient accessTokenService = createAccessTokenServiceClient();
    setClientAccessToken(OAuthClientUtils.refreshAccessToken(accessTokenService, theConsumer, at));
    return true;
}
Example 3
Source File: OAuthClientUtils.java    From cxf with Apache License 2.0 5 votes vote down vote up 
public static ClientAccessToken refreshAccessToken(WebClient accessTokenService,
                                                   Consumer consumer,
                                                   ClientAccessToken at,
                                                   String scope,
                                                   boolean setAuthorizationHeader)
    throws OAuthServiceException {
    RefreshTokenGrant grant = new RefreshTokenGrant(at.getRefreshToken(), scope);
    return getAccessToken(accessTokenService, consumer, grant, null,
                          at.getTokenType(), setAuthorizationHeader);
}
Example 4
Source File: OAuthInvoker.java    From cxf with Apache License 2.0 5 votes vote down vote up 
@Override
protected Object performInvocation(Exchange exchange, final Object serviceObject, Method m,
                                   Object[] paramArray) throws Exception {
    Message inMessage = exchange.getInMessage();
    ClientTokenContext tokenContext = inMessage.getContent(ClientTokenContext.class);
    try {
        if (tokenContext != null) {
            StaticClientTokenContext.setClientTokenContext(tokenContext);
        }

        return super.performInvocation(exchange, serviceObject, m, paramArray);
    } catch (InvocationTargetException ex) {
        if (tokenContext != null
            && ex.getCause() instanceof NotAuthorizedException
            && !inMessage.containsKey(OAUTH2_CALL_RETRIED)) {
            ClientAccessToken accessToken = tokenContext.getToken();
            String refreshToken = accessToken.getRefreshToken();
            if (refreshToken != null) {
                accessToken = OAuthClientUtils.refreshAccessToken(accessTokenServiceClient,
                                                    consumer,
                                                    accessToken);
                validateRefreshedToken(tokenContext, accessToken);
                MessageContext mc = new MessageContextImpl(inMessage);
                ((ClientTokenContextImpl)tokenContext).setToken(accessToken);
                clientTokenContextManager.setClientTokenContext(mc, tokenContext);

                //retry
                inMessage.put(OAUTH2_CALL_RETRIED, true);
                return super.performInvocation(exchange, serviceObject, m, paramArray);
            }
        }
        throw ex;
    } finally {
        if (tokenContext != null) {
            StaticClientTokenContext.removeClientTokenContext();
        }
    }
}
Example 5
Source File: ClientCodeRequestFilter.java    From cxf with Apache License 2.0 5 votes vote down vote up 
private ClientAccessToken refreshAccessTokenIfExpired(ClientAccessToken at) {
    if (at.getRefreshToken() != null
        && ((expiryThreshold > 0 && OAuthUtils.isExpired(at.getIssuedAt(), at.getExpiresIn() - expiryThreshold))
        || OAuthUtils.isExpired(at.getIssuedAt(), at.getExpiresIn()))) {
        return OAuthClientUtils.refreshAccessToken(accessTokenServiceClient, consumer, at);
    }
    return null;
}
Example 6
Source File: OAuthJSONProvider.java    From cxf with Apache License 2.0 5 votes vote down vote up 
private void writeAccessToken(ClientAccessToken obj, OutputStream os) throws IOException {
    StringBuilder sb = new StringBuilder();
    sb.append('{');
    appendJsonPair(sb, OAuthConstants.ACCESS_TOKEN, obj.getTokenKey());
    sb.append(',');
    appendJsonPair(sb, OAuthConstants.ACCESS_TOKEN_TYPE, obj.getTokenType());
    if (obj.getExpiresIn() != -1) {
        sb.append(',');
        appendJsonPair(sb, OAuthConstants.ACCESS_TOKEN_EXPIRES_IN, obj.getExpiresIn(), false);
    }
    if (obj.getApprovedScope() != null) {
        sb.append(',');
        appendJsonPair(sb, OAuthConstants.SCOPE, obj.getApprovedScope());
    }
    if (obj.getRefreshToken() != null) {
        sb.append(',');
        appendJsonPair(sb, OAuthConstants.REFRESH_TOKEN, obj.getRefreshToken());
    }
    Map<String, String> parameters = obj.getParameters();
    for (Map.Entry<String, String> entry : parameters.entrySet()) {
        sb.append(',');
        appendJsonPair(sb, entry.getKey(), entry.getValue());
    }
    sb.append('}');
    String result = sb.toString();
    os.write(result.getBytes(StandardCharsets.UTF_8));
    os.flush();
}