Java Code Examples for org.apache.cxf.rs.security.oauth2.common.ServerAccessToken#setScopes()

The following examples show how to use org.apache.cxf.rs.security.oauth2.common.ServerAccessToken#setScopes() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: JPAOAuthDataProvider.java    From cxf with Apache License 2.0 6 votes vote down vote up
@Override
protected ServerAccessToken doCreateAccessToken(AccessTokenRegistration atReg) {
    ServerAccessToken at = super.doCreateAccessToken(atReg);
    // we override this in order to get rid of elementCollections directly injected
    // from another entity
    // this can be the case when using multiple cmt dataProvider operation in a single entityManager
    // lifespan
    if (at.getAudiences() != null) {
        at.setAudiences(new ArrayList<>(at.getAudiences()));
    }
    if (at.getExtraProperties() != null) {
        at.setExtraProperties(new HashMap<String, String>(at.getExtraProperties()));
    }
    if (at.getScopes() != null) {
        at.setScopes(new ArrayList<>(at.getScopes()));
    }
    if (at.getParameters() != null) {
        at.setParameters(new HashMap<String, String>(at.getParameters()));
    }
    return at;
}
 
Example 2
Source File: ModelEncryptionSupport.java    From cxf with Apache License 2.0 5 votes vote down vote up
private static ServerAccessToken recreateAccessToken(OAuthDataProvider provider,
                                              String newTokenKey,
                                              String[] parts) {


    @SuppressWarnings("serial")
    final ServerAccessToken newToken = new ServerAccessToken(provider.getClient(parts[4]),
                                                             parts[1],
                                                             newTokenKey == null ? parts[0] : newTokenKey,
                                                             Long.parseLong(parts[2]),
                                                             Long.parseLong(parts[3])) {
    };

    newToken.setRefreshToken(getStringPart(parts[5]));
    newToken.setGrantType(getStringPart(parts[6]));
    newToken.setAudiences(parseSimpleList(parts[7]));
    newToken.setParameters(parseSimpleMap(parts[8]));

    // Permissions
    if (!parts[9].trim().isEmpty()) {
        List<OAuthPermission> perms = new LinkedList<>();
        String[] allPermParts = parts[9].split("\\.");
        for (int i = 0; i + 4 < allPermParts.length; i = i + 5) {
            OAuthPermission perm = new OAuthPermission(allPermParts[i], allPermParts[i + 1]);
            perm.setDefaultPermission(Boolean.parseBoolean(allPermParts[i + 2]));
            perm.setHttpVerbs(parseSimpleList(allPermParts[i + 3]));
            perm.setUris(parseSimpleList(allPermParts[i + 4]));
            perms.add(perm);
        }
        newToken.setScopes(perms);
    }
    //Client verifier:
    newToken.setClientCodeVerifier(parts[10]);
    //UserSubject:
    newToken.setSubject(recreateUserSubject(parts[11]));

    newToken.setExtraProperties(parseSimpleMap(parts[12]));

    return newToken;
}
 
Example 3
Source File: AbstractOAuthDataProvider.java    From cxf with Apache License 2.0 5 votes vote down vote up
protected ServerAccessToken doCreateAccessToken(AccessTokenRegistration atReg) {
    ServerAccessToken at = createNewAccessToken(atReg.getClient(), atReg.getSubject());
    at.setAudiences(atReg.getAudiences());
    at.setGrantType(atReg.getGrantType());
    List<String> theScopes = atReg.getApprovedScope();
    List<OAuthPermission> thePermissions =
        convertScopeToPermissions(atReg.getClient(), theScopes);
    at.setScopes(thePermissions);
    at.setSubject(atReg.getSubject());
    at.setClientCodeVerifier(atReg.getClientCodeVerifier());
    at.setNonce(atReg.getNonce());
    at.setResponseType(atReg.getResponseType());
    at.setGrantCode(atReg.getGrantCode());
    at.getExtraProperties().putAll(atReg.getExtraProperties());

    if (messageContext != null) {
        String certCnf = (String)messageContext.get(JoseConstants.HEADER_X509_THUMBPRINT_SHA256);
        if (certCnf != null) {
            // At a later stage we will likely introduce a dedicated Confirmation bean (as it is used in POP etc)
            at.getExtraProperties().put(JoseConstants.HEADER_X509_THUMBPRINT_SHA256, certCnf);
        }
    }

    if (isUseJwtFormatForAccessTokens()) {
        JwtClaims claims = createJwtAccessToken(at);
        String jose = processJwtAccessToken(claims);
        if (isPersistJwtEncoding()) {
            at.setTokenKey(jose);
        } else {
            at.setEncodedToken(jose);
        }
    }

    return at;
}
 
Example 4
Source File: AbstractOAuthDataProvider.java    From cxf with Apache License 2.0 5 votes vote down vote up
protected ServerAccessToken doRefreshAccessToken(Client client,
                                                 RefreshToken oldRefreshToken,
                                                 List<String> restrictedScopes) {
    ServerAccessToken at = createNewAccessToken(client, oldRefreshToken.getSubject());
    at.setAudiences(oldRefreshToken.getAudiences() != null
            ? new ArrayList<String>(oldRefreshToken.getAudiences()) : null);
    at.setGrantType(oldRefreshToken.getGrantType());
    at.setGrantCode(oldRefreshToken.getGrantCode());
    at.setSubject(oldRefreshToken.getSubject());
    at.setNonce(oldRefreshToken.getNonce());
    at.setClientCodeVerifier(oldRefreshToken.getClientCodeVerifier());
    at.getExtraProperties().putAll(oldRefreshToken.getExtraProperties());
    if (restrictedScopes.isEmpty()) {
        at.setScopes(oldRefreshToken.getScopes() != null
                ? new ArrayList<OAuthPermission>(oldRefreshToken.getScopes()) : null);
    } else {
        List<OAuthPermission> theNewScopes = convertScopeToPermissions(client, restrictedScopes);
        if (oldRefreshToken.getScopes().containsAll(theNewScopes)) {
            at.setScopes(theNewScopes);
        } else {
            throw new OAuthServiceException("Invalid scopes");
        }
    }

    if (isUseJwtFormatForAccessTokens()) {
        JwtClaims claims = createJwtAccessToken(at);
        String jose = processJwtAccessToken(claims);
        if (isPersistJwtEncoding()) {
            at.setTokenKey(jose);
        } else {
            at.setEncodedToken(jose);
        }
    }

    return at;
}