org.apache.cxf.rs.security.oauth2.common.OAuthPermission Java Examples
The following examples show how to use
org.apache.cxf.rs.security.oauth2.common.OAuthPermission.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AbstractOAuthDataProvider.java From cxf with Apache License 2.0 | 6 votes |
|
@Override
public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> requestedScopes) {
checkRequestedScopes(client, requestedScopes);
if (requestedScopes.isEmpty()) {
return Collections.emptyList();
}
List<OAuthPermission> list = new ArrayList<>();
for (String scope : requestedScopes) {
convertSingleScopeToPermission(client, scope, list);
}
if (!list.isEmpty()) {
return list;
}
throw new OAuthServiceException("Requested scopes can not be mapped");
}
Example #2
| Source File: EHCacheOIDCTokenProvider.java From cxf-fediz with Apache License 2.0 | 6 votes |
|
@Override
public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> requestedScopes) {
if (requestedScopes.isEmpty()) {
return Collections.emptyList();
}
List<OAuthPermission> permissions = new ArrayList<>();
for (String requestedScope : requestedScopes) {
if ("openid".equals(requestedScope)) {
OAuthPermission permission = new OAuthPermission("openid", "Authenticate user");
permissions.add(permission);
} else {
throw new OAuthServiceException("invalid_scope");
}
}
return permissions;
}
Example #3
| Source File: OidcImplicitService.java From cxf with Apache License 2.0 | 6 votes |
|
@Override
protected boolean canAuthorizationBeSkipped(MultivaluedMap<String, String> params,
Client client,
UserSubject userSubject,
List<String> requestedScope,
List<OAuthPermission> permissions) {
List<String> promptValues = OidcUtils.getPromptValues(params);
if (promptValues.contains(OidcUtils.PROMPT_CONSENT_VALUE)) {
// Displaying the consent screen is preferred by the client
return false;
}
// Check the pre-configured consent
boolean preConfiguredConsentForScopes =
super.canAuthorizationBeSkipped(params, client, userSubject, requestedScope, permissions);
if (!preConfiguredConsentForScopes && promptValues.contains(OidcUtils.PROMPT_NONE_VALUE)) {
// An error is returned if client does not have pre-configured consent for the requested scopes/claims
LOG.log(Level.FINE, "Prompt 'none' request can not be met");
throw new OAuthServiceException(new OAuthError(OidcUtils.CONSENT_REQUIRED_ERROR));
}
return preConfiguredConsentForScopes;
}
Example #4
| Source File: OidcAuthorizationCodeService.java From cxf with Apache License 2.0 | 6 votes |
|
@Override
protected boolean canAuthorizationBeSkipped(MultivaluedMap<String, String> params,
Client client,
UserSubject userSubject,
List<String> requestedScope,
List<OAuthPermission> permissions) {
List<String> promptValues = OidcUtils.getPromptValues(params);
if (promptValues.contains(OidcUtils.PROMPT_CONSENT_VALUE)) {
// Displaying the consent screen is preferred by the client
return false;
}
// Check the pre-configured consent
boolean preConfiguredConsentForScopes =
super.canAuthorizationBeSkipped(params, client, userSubject, requestedScope, permissions);
if (!preConfiguredConsentForScopes && promptValues.contains(OidcUtils.PROMPT_NONE_VALUE)) {
// An error is returned if client does not have pre-configured consent for the requested scopes/claims
LOG.log(Level.FINE, "Prompt 'none' request can not be met");
throw new OAuthServiceException(new OAuthError(OidcUtils.CONSENT_REQUIRED_ERROR));
}
return preConfiguredConsentForScopes;
}
Example #5
| Source File: OAuthScopesFilter.java From cxf with Apache License 2.0 | 6 votes |
|
protected void checkScopes(Method m) {
List<String> methodScopes = scopesMap.get(m.getName());
if (methodScopes == null) {
return;
}
boolean matchAll = scopesMatchAllMap.get(m.getName());
OAuthContext context = OAuthContextUtils.getContext(mc);
List<String> requestScopes = new LinkedList<>();
for (OAuthPermission perm : context.getPermissions()) {
if (matchAll) {
requestScopes.add(perm.getPermission());
} else if (methodScopes.contains(perm.getPermission())) {
return;
}
}
if (!requestScopes.containsAll(methodScopes)) {
LOG.warning("Scopes do not match");
throw ExceptionUtils.toForbiddenException(null, null);
}
}
Example #6
| Source File: OAuthUtils.java From cxf with Apache License 2.0 | 6 votes |
|
public static ClientAccessToken toClientAccessToken(ServerAccessToken serverToken, boolean supportOptionalParams) {
String tokenKey =
serverToken.getEncodedToken() != null ? serverToken.getEncodedToken() : serverToken.getTokenKey();
ClientAccessToken clientToken = new ClientAccessToken(serverToken.getTokenType(),
tokenKey);
clientToken.setRefreshToken(serverToken.getRefreshToken());
if (supportOptionalParams) {
clientToken.setExpiresIn(serverToken.getExpiresIn());
List<OAuthPermission> perms = serverToken.getScopes();
String scopeString = OAuthUtils.convertPermissionsToScope(perms);
if (!StringUtils.isEmpty(scopeString)) {
clientToken.setApprovedScope(scopeString);
}
clientToken.setParameters(new HashMap<String, String>(serverToken.getParameters()));
}
return clientToken;
}
Example #7
| Source File: AuthorizationCodeGrantService.java From cxf with Apache License 2.0 | 5 votes |
|
@Override
protected OAuthAuthorizationData createAuthorizationData(Client client,
MultivaluedMap<String, String> params,
String redirectUri,
UserSubject subject,
List<OAuthPermission> requestedPerms,
List<OAuthPermission> alreadyAuthorizedPerms,
boolean authorizationCanBeSkipped) {
OAuthAuthorizationData data =
super.createAuthorizationData(client, params, redirectUri, subject,
requestedPerms, alreadyAuthorizedPerms, authorizationCanBeSkipped);
setCodeChallenge(data, params);
return data;
}
Example #8
| Source File: AbstractOAuthDataProviderTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Test
public void testAddGetDeleteRefreshToken() {
Client c = addClient("101", "bob");
AccessTokenRegistration atr = new AccessTokenRegistration();
atr.setClient(c);
atr.setApprovedScope(Arrays.asList("a", "refreshToken"));
atr.setSubject(c.getResourceOwnerSubject());
ServerAccessToken at = getProvider().createAccessToken(atr);
validateAccessToken(at);
ServerAccessToken at2 = getProvider().getAccessToken(at.getTokenKey());
validateAccessToken(at2);
assertEquals(at.getTokenKey(), at2.getTokenKey());
List<OAuthPermission> scopes = at2.getScopes();
assertNotNull(scopes);
assertEquals(2, scopes.size());
OAuthPermission perm = scopes.get(0);
assertEquals("a", perm.getPermission());
OAuthPermission perm2 = scopes.get(1);
assertEquals("refreshToken", perm2.getPermission());
RefreshToken rt = getProvider().getRefreshToken(at2.getRefreshToken());
assertNotNull(rt);
assertEquals(at2.getTokenKey(), rt.getAccessTokens().get(0));
List<RefreshToken> tokens = getProvider().getRefreshTokens(c, c.getResourceOwnerSubject());
assertNotNull(tokens);
assertEquals(1, tokens.size());
assertEquals(rt.getTokenKey(), tokens.get(0).getTokenKey());
getProvider().revokeToken(c, rt.getTokenKey(), OAuthConstants.REFRESH_TOKEN);
assertNull(getProvider().getRefreshToken(rt.getTokenKey()));
}
Example #9
| Source File: AbstractOAuthDataProvider.java From cxf with Apache License 2.0 | 5 votes |
|
public void init() {
for (OAuthPermission perm : permissionMap.values()) {
if (defaultScopes != null && defaultScopes.contains(perm.getPermission())) {
perm.setDefaultPermission(true);
}
if (invisibleToClientScopes != null && invisibleToClientScopes.contains(perm.getPermission())) {
perm.setInvisibleToClient(true);
}
}
}
Example #10
| Source File: AbstractOAuthDataProvider.java From cxf with Apache License 2.0 | 5 votes |
|
protected ServerAccessToken doRefreshAccessToken(Client client,
RefreshToken oldRefreshToken,
List<String> restrictedScopes) {
ServerAccessToken at = createNewAccessToken(client, oldRefreshToken.getSubject());
at.setAudiences(oldRefreshToken.getAudiences() != null
? new ArrayList<String>(oldRefreshToken.getAudiences()) : null);
at.setGrantType(oldRefreshToken.getGrantType());
at.setGrantCode(oldRefreshToken.getGrantCode());
at.setSubject(oldRefreshToken.getSubject());
at.setNonce(oldRefreshToken.getNonce());
at.setClientCodeVerifier(oldRefreshToken.getClientCodeVerifier());
at.getExtraProperties().putAll(oldRefreshToken.getExtraProperties());
if (restrictedScopes.isEmpty()) {
at.setScopes(oldRefreshToken.getScopes() != null
? new ArrayList<OAuthPermission>(oldRefreshToken.getScopes()) : null);
} else {
List<OAuthPermission> theNewScopes = convertScopeToPermissions(client, restrictedScopes);
if (oldRefreshToken.getScopes().containsAll(theNewScopes)) {
at.setScopes(theNewScopes);
} else {
throw new OAuthServiceException("Invalid scopes");
}
}
if (isUseJwtFormatForAccessTokens()) {
JwtClaims claims = createJwtAccessToken(at);
String jose = processJwtAccessToken(claims);
if (isPersistJwtEncoding()) {
at.setTokenKey(jose);
} else {
at.setEncodedToken(jose);
}
}
return at;
}
Example #11
| Source File: AbstractOAuthDataProvider.java From cxf with Apache License 2.0 | 5 votes |
|
protected void convertSingleScopeToPermission(Client client,
String scope,
List<OAuthPermission> perms) {
OAuthPermission permission = permissionMap.get(scope);
if (permission == null) {
throw new OAuthServiceException("Unexpected scope: " + scope);
}
perms.add(permission);
}
Example #12
| Source File: RefreshTokenEnabledProvider.java From openwebbeans-meecrowave with Apache License 2.0 | 5 votes |
|
public RefreshTokenEnabledProvider(final OAuthDataProvider delegate) {
this.delegate = delegate;
if (AbstractOAuthDataProvider.class.isInstance(delegate)) {
final AbstractOAuthDataProvider provider = AbstractOAuthDataProvider.class.cast(delegate);
final Map<String, OAuthPermission> permissionMap = new HashMap<>(provider.getPermissionMap());
permissionMap.putIfAbsent(OAuthConstants.REFRESH_TOKEN_SCOPE, new OAuthPermission(OAuthConstants.REFRESH_TOKEN_SCOPE, "allow to refresh a token"));
provider.setPermissionMap(permissionMap);
}
}
Example #13
| Source File: AbstractOAuthDataProvider.java From cxf with Apache License 2.0 | 5 votes |
|
protected ServerAccessToken doCreateAccessToken(AccessTokenRegistration atReg) {
ServerAccessToken at = createNewAccessToken(atReg.getClient(), atReg.getSubject());
at.setAudiences(atReg.getAudiences());
at.setGrantType(atReg.getGrantType());
List<String> theScopes = atReg.getApprovedScope();
List<OAuthPermission> thePermissions =
convertScopeToPermissions(atReg.getClient(), theScopes);
at.setScopes(thePermissions);
at.setSubject(atReg.getSubject());
at.setClientCodeVerifier(atReg.getClientCodeVerifier());
at.setNonce(atReg.getNonce());
at.setResponseType(atReg.getResponseType());
at.setGrantCode(atReg.getGrantCode());
at.getExtraProperties().putAll(atReg.getExtraProperties());
if (messageContext != null) {
String certCnf = (String)messageContext.get(JoseConstants.HEADER_X509_THUMBPRINT_SHA256);
if (certCnf != null) {
// At a later stage we will likely introduce a dedicated Confirmation bean (as it is used in POP etc)
at.getExtraProperties().put(JoseConstants.HEADER_X509_THUMBPRINT_SHA256, certCnf);
}
}
if (isUseJwtFormatForAccessTokens()) {
JwtClaims claims = createJwtAccessToken(at);
String jose = processJwtAccessToken(claims);
if (isPersistJwtEncoding()) {
at.setTokenKey(jose);
} else {
at.setEncodedToken(jose);
}
}
return at;
}
Example #14
| Source File: CryptoUtilsTest.java From cxf with Apache License 2.0 | 5 votes |
|
private void compareAccessTokens(ServerAccessToken token, ServerAccessToken token2) {
assertEquals(token.getTokenKey(), token2.getTokenKey());
assertEquals(token.getTokenType(), token2.getTokenType());
assertEquals(token.getIssuedAt(), token2.getIssuedAt());
assertEquals(token.getExpiresIn(), token2.getExpiresIn());
Client regClient1 = token.getClient();
Client regClient2 = token2.getClient();
assertEquals(regClient1.getClientId(), regClient2.getClientId());
assertNull(regClient2.getApplicationDescription());
UserSubject endUser1 = token.getSubject();
UserSubject endUser2 = token2.getSubject();
assertEquals(endUser1.getLogin(), endUser2.getLogin());
assertEquals(endUser1.getId(), endUser2.getId());
assertEquals(endUser1.getRoles(), endUser2.getRoles());
assertEquals(token.getRefreshToken(), token2.getRefreshToken());
assertEquals(token.getAudiences(), token2.getAudiences());
assertEquals(token.getGrantType(), token2.getGrantType());
assertEquals(token.getParameters(), token2.getParameters());
List<OAuthPermission> permissions = token.getScopes();
List<OAuthPermission> permissions2 = token2.getScopes();
assertEquals(1, permissions.size());
assertEquals(1, permissions2.size());
OAuthPermission perm1 = permissions.get(0);
OAuthPermission perm2 = permissions2.get(0);
assertEquals(perm1.getPermission(), perm2.getPermission());
assertEquals(perm1.getDescription(), perm2.getDescription());
RefreshToken refreshToken =
ModelEncryptionSupport.decryptRefreshToken(p, token2.getRefreshToken(), p.key);
assertEquals(1200L, refreshToken.getExpiresIn());
}
Example #15
| Source File: JPAOAuthDataProvider.java From cxf with Apache License 2.0 | 5 votes |
|
protected void saveAccessToken(final ServerAccessToken serverToken) {
executeInTransaction(em -> {
List<OAuthPermission> perms = new LinkedList<>();
for (OAuthPermission perm : serverToken.getScopes()) {
OAuthPermission permSaved = em.find(OAuthPermission.class, perm.getPermission());
if (permSaved != null) {
perms.add(permSaved);
} else {
em.persist(perm);
perms.add(perm);
}
}
serverToken.setScopes(perms);
if (serverToken.getSubject() != null) {
UserSubject sub = em.find(UserSubject.class, serverToken.getSubject().getId());
if (sub == null) {
em.persist(serverToken.getSubject());
} else {
sub = em.merge(serverToken.getSubject());
serverToken.setSubject(sub);
}
}
// ensure we have a managed association
// (needed for OpenJPA : InvalidStateException: Encountered unmanaged object)
if (serverToken.getClient() != null) {
serverToken.setClient(em.find(Client.class, serverToken.getClient().getClientId()));
}
em.persist(serverToken);
return null;
});
}
Example #16
| Source File: AccessTokenIntrospectionClient.java From cxf with Apache License 2.0 | 5 votes |
|
private AccessTokenValidation convertIntrospectionToValidation(TokenIntrospection response) {
AccessTokenValidation atv = new AccessTokenValidation();
atv.setInitialValidationSuccessful(response.isActive());
if (response.getClientId() != null) {
atv.setClientId(response.getClientId());
}
if (response.getIat() != null) {
atv.setTokenIssuedAt(response.getIat());
} else {
atv.setTokenIssuedAt(OAuthUtils.getIssuedAt());
}
if (response.getExp() != null) {
atv.setTokenLifetime(response.getExp() - atv.getTokenIssuedAt());
}
if (response.getNbf() != null) {
atv.setTokenNotBefore(response.getNbf());
}
if (!StringUtils.isEmpty(response.getAud())) {
atv.setAudiences(response.getAud());
}
if (response.getIss() != null) {
atv.setTokenIssuer(response.getIss());
}
if (response.getScope() != null) {
String[] scopes = response.getScope().split(" ");
List<OAuthPermission> perms = new LinkedList<>();
for (String s : scopes) {
if (!StringUtils.isEmpty(s)) {
perms.add(new OAuthPermission(s.trim()));
}
}
atv.setTokenScopes(perms);
}
if (response.getUsername() != null) {
atv.setTokenSubject(new UserSubject(response.getUsername()));
}
atv.getExtraProps().putAll(response.getExtensions());
return atv;
}
Example #17
| Source File: RedirectionBasedGrantService.java From cxf with Apache License 2.0 | 5 votes |
|
protected boolean noConsentForRequestedScopes(MultivaluedMap<String, String> params,
Client client,
UserSubject userSubject,
List<String> requestedScope,
List<OAuthPermission> permissions) {
return scopesRequiringNoConsent != null
&& requestedScope != null
&& scopesRequiringNoConsent.containsAll(requestedScope);
}
Example #18
| Source File: RedirectionBasedGrantService.java From cxf with Apache License 2.0 | 5 votes |
|
protected boolean canAuthorizationBeSkipped(MultivaluedMap<String, String> params,
Client client,
UserSubject userSubject,
List<String> requestedScope,
List<OAuthPermission> permissions) {
return noConsentForRequestedScopes(params, client, userSubject, requestedScope, permissions);
}
Example #19
| Source File: ImplicitGrantService.java From cxf with Apache License 2.0 | 5 votes |
|
@Override
protected OAuthAuthorizationData createAuthorizationData(Client client,
MultivaluedMap<String, String> params,
String redirectUri,
UserSubject subject,
List<OAuthPermission> requestedPerms,
List<OAuthPermission> alreadyAuthorizedPerms,
boolean authorizationCanBeSkipped) {
OAuthAuthorizationData data =
super.createAuthorizationData(client, params, redirectUri, subject,
requestedPerms, alreadyAuthorizedPerms, authorizationCanBeSkipped);
data.setImplicitFlow(true);
return data;
}
Example #20
| Source File: ModelEncryptionSupport.java From cxf with Apache License 2.0 | 5 votes |
|
private static ServerAccessToken recreateAccessToken(OAuthDataProvider provider,
String newTokenKey,
String[] parts) {
@SuppressWarnings("serial")
final ServerAccessToken newToken = new ServerAccessToken(provider.getClient(parts[4]),
parts[1],
newTokenKey == null ? parts[0] : newTokenKey,
Long.parseLong(parts[2]),
Long.parseLong(parts[3])) {
};
newToken.setRefreshToken(getStringPart(parts[5]));
newToken.setGrantType(getStringPart(parts[6]));
newToken.setAudiences(parseSimpleList(parts[7]));
newToken.setParameters(parseSimpleMap(parts[8]));
// Permissions
if (!parts[9].trim().isEmpty()) {
List<OAuthPermission> perms = new LinkedList<>();
String[] allPermParts = parts[9].split("\\.");
for (int i = 0; i + 4 < allPermParts.length; i = i + 5) {
OAuthPermission perm = new OAuthPermission(allPermParts[i], allPermParts[i + 1]);
perm.setDefaultPermission(Boolean.parseBoolean(allPermParts[i + 2]));
perm.setHttpVerbs(parseSimpleList(allPermParts[i + 3]));
perm.setUris(parseSimpleList(allPermParts[i + 4]));
perms.add(perm);
}
newToken.setScopes(perms);
}
//Client verifier:
newToken.setClientCodeVerifier(parts[10]);
//UserSubject:
newToken.setSubject(recreateUserSubject(parts[11]));
newToken.setExtraProperties(parseSimpleMap(parts[12]));
return newToken;
}
Example #21
| Source File: EncryptingDataProvider.java From cxf with Apache License 2.0 | 5 votes |
|
BearerAccessToken createAccessTokenInternal(AccessTokenRegistration accessTokenReg) {
BearerAccessToken token = new BearerAccessToken(accessTokenReg.getClient(), 3600L);
token.setSubject(accessTokenReg.getSubject());
createRefreshToken(token);
token.setGrantType(accessTokenReg.getGrantType());
token.setAudiences(accessTokenReg.getAudiences());
token.setParameters(Collections.singletonMap("param", "value"));
token.setScopes(Collections.singletonList(
new OAuthPermission("read", "read permission")));
return token;
}
Example #22
| Source File: OAuthUtils.java From cxf with Apache License 2.0 | 5 votes |
|
public static String convertPermissionsToScope(List<OAuthPermission> perms) {
StringBuilder sb = new StringBuilder();
for (OAuthPermission perm : perms) {
if (perm.isInvisibleToClient() || perm.getPermission() == null) {
continue;
}
if (sb.length() > 0) {
sb.append(' ');
}
sb.append(perm.getPermission());
}
return sb.toString();
}
Example #23
| Source File: UserInfoService.java From cxf with Apache License 2.0 | 4 votes |
|
@GET
@Produces({"application/json", "application/jwt" })
public Response getUserInfo() {
OAuthContext oauth = OAuthContextUtils.getContext(mc);
// Check the access token has the "openid" scope
if (!oauth.getPermissions().stream()
.map(OAuthPermission::getPermission)
.anyMatch(OidcUtils.OPENID_SCOPE::equals)) {
return Response.status(Status.UNAUTHORIZED).build();
}
UserInfo userInfo = null;
if (userInfoProvider != null) {
userInfo = userInfoProvider.getUserInfo(oauth.getClientId(), oauth.getSubject(),
OAuthUtils.convertPermissionsToScopeList(oauth.getPermissions()));
} else if (oauth.getSubject() instanceof OidcUserSubject) {
OidcUserSubject oidcUserSubject = (OidcUserSubject)oauth.getSubject();
userInfo = oidcUserSubject.getUserInfo();
if (userInfo == null) {
userInfo = createFromIdToken(oidcUserSubject.getIdToken());
}
}
if (userInfo == null) {
// Consider customizing the error code in case of UserInfo being not available
return Response.serverError().build();
}
final Object responseEntity;
// UserInfo may be returned in a clear form as JSON
if (super.isJwsRequired() || super.isJweRequired()) {
Client client = null;
if (oauthDataProvider != null) {
client = oauthDataProvider.getClient(oauth.getClientId());
}
responseEntity = super.processJwt(new JwtToken(userInfo), client);
} else {
responseEntity = convertUserInfoToResponseEntity(userInfo);
}
return Response.ok(responseEntity).build();
}
Example #24
| Source File: EncryptingDataProvider.java From cxf with Apache License 2.0 | 4 votes |
|
@Override
public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> requestedScope) {
// assuming that no specific scopes is documented/supported
return Collections.emptyList();
}
Example #25
| Source File: AbstractOAuthDataProviderTest.java From cxf with Apache License 2.0 | 4 votes |
|
@Test
public void testAddGetDeleteAccessToken() {
Client c = addClient("101", "bob");
AccessTokenRegistration atr = new AccessTokenRegistration();
atr.setClient(c);
atr.setApprovedScope(Collections.singletonList("a"));
atr.setSubject(c.getResourceOwnerSubject());
ServerAccessToken at = getProvider().createAccessToken(atr);
validateAccessToken(at);
ServerAccessToken at2 = getProvider().getAccessToken(at.getTokenKey());
validateAccessToken(at2);
assertEquals(at.getTokenKey(), at2.getTokenKey());
List<OAuthPermission> scopes = at2.getScopes();
assertNotNull(scopes);
assertEquals(1, scopes.size());
OAuthPermission perm = scopes.get(0);
assertEquals("a", perm.getPermission());
List<ServerAccessToken> tokens = getProvider().getAccessTokens(c, c.getResourceOwnerSubject());
assertNotNull(tokens);
assertEquals(1, tokens.size());
assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
validateAccessToken(tokens.get(0));
tokens = getProvider().getAccessTokens(c, null);
assertNotNull(tokens);
assertEquals(1, tokens.size());
assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
validateAccessToken(tokens.get(0));
tokens = getProvider().getAccessTokens(null, c.getResourceOwnerSubject());
assertNotNull(tokens);
assertEquals(1, tokens.size());
assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
validateAccessToken(tokens.get(0));
tokens = getProvider().getAccessTokens(null, null);
assertNotNull(tokens);
assertEquals(1, tokens.size());
assertEquals(at.getTokenKey(), tokens.get(0).getTokenKey());
validateAccessToken(tokens.get(0));
getProvider().revokeToken(c, at.getTokenKey(), OAuthConstants.ACCESS_TOKEN);
assertNull(getProvider().getAccessToken(at.getTokenKey()));
}
Example #26
| Source File: RefreshTokenEnabledProvider.java From openwebbeans-meecrowave with Apache License 2.0 | 4 votes |
|
@Override
public List<OAuthPermission> convertScopeToPermissions(final Client client, final List<String> requestedScopes) {
return delegate.convertScopeToPermissions(client, requestedScopes);
}
Example #27
| Source File: OAuth2Provider.java From olingo-odata4 with Apache License 2.0 | 4 votes |
|
@Override
public List<OAuthPermission> convertScopeToPermissions(final Client client, final List<String> list) {
return Collections.singletonList(new OAuthPermission());
}
Example #28
| Source File: JPAAdapter.java From openwebbeans-meecrowave with Apache License 2.0 | 4 votes |
|
public static EntityManagerFactory createEntityManagerFactory(final OAuth2Options configuration) {
return Persistence.createEntityManagerFactory("oauth2", new HashMap() {{
put("openjpa.jdbc.SynchronizeMappings", "buildSchema(ForeignKeys=true)");
put("openjpa.MetaDataFactory", "jpa(Types=" +
Client.class.getName() + ',' +
OAuthPermission.class.getName() + ',' +
UserSubject.class.getName() + ',' +
ServerAuthorizationCodeGrant.class.getName() + ',' +
BearerAccessToken.class.getName() + ',' +
RefreshToken.class.getName() + ")");
// plain connection but not used cause of pooling
/*
put("openjpa.ConnectionDriverName", configuration.getJpaDriver());
put("openjpa.ConnectionURL", configuration.getJpaDriver());
put("openjpa.ConnectionUsername", configuration.getJpdaDatabaseUsername());
put("openjpa.ConnectionPassword", configuration.getJpdaDatabasePassword());
*/
/* cool...but what about pooling?
put("javax.persistence.jdbc.driver", configuration.getJpaDriver());
put("javax.persistence.jdbc.url", configuration.getJpaDatabaseUrl());
put("javax.persistence.jdbc.user", configuration.getJpdaDatabaseUsername());
put("javax.persistence.jdbc.password", configuration.getJpdaDatabasePassword());
*/
// pooling support
put("openjpa.ConnectionDriverName", BasicDataSource.class.getName());
put("openjpa.ConnectionProperties",
"DriverClassName=" + configuration.getJpaDriver() + ',' +
"Url=" + configuration.getJpaDatabaseUrl() + ',' +
"Username=" + configuration.getJpdaDatabaseUsername() + ',' +
"Password=" + configuration.getJpdaDatabasePassword() + ',' +
"MaxActive=" + configuration.getJpaMaxActive() + ',' +
"MaxWaitMillis=" + configuration.getJpaMaxWait() + ',' +
"MaxIdle=" + configuration.getJpaMaxIdle() + ',' +
"TestOnBorrow=" + configuration.isJpaTestOnBorrow() + ',' +
"TestOnReturn=" + configuration.isJpaTestOnReturn() + ',' +
"TestWhileIdle=" + (configuration.getJpaValidationQuery() != null && !configuration.getJpaValidationQuery().isEmpty()) + ',' +
ofNullable(configuration.getJpaValidationQuery()).map(v -> "ValidationQuery=" + v + ',').orElse("") +
ofNullable(configuration.getJpaValidationInterval()).map(v -> "MinEvictableIdleTimeMillis=" + v).orElse(""));
ofNullable(configuration.getJpaProperties())
.map(p -> new Properties() {{
try {
load(new StringReader(p));
} catch (final IOException e) {
throw new IllegalArgumentException(e);
}
}})
.ifPresent(this::putAll);
}});
}
Example #29
| Source File: ModelEncryptionSupport.java From cxf with Apache License 2.0 | 4 votes |
|
private static String tokenizeServerToken(ServerAccessToken token) {
StringBuilder state = new StringBuilder();
// 0: key
state.append(tokenizeString(token.getTokenKey()));
// 1: type
state.append(SEP);
state.append(tokenizeString(token.getTokenType()));
// 2: expiresIn
state.append(SEP);
state.append(token.getExpiresIn());
// 3: issuedAt
state.append(SEP);
state.append(token.getIssuedAt());
// 4: client id
state.append(SEP);
state.append(tokenizeString(token.getClient().getClientId()));
// 5: refresh token
state.append(SEP);
state.append(tokenizeString(token.getRefreshToken()));
// 6: grant type
state.append(SEP);
state.append(tokenizeString(token.getGrantType()));
// 7: audience
state.append(SEP);
state.append(token.getAudiences().toString());
// 8: other parameters
state.append(SEP);
// {key=value, key=value}
state.append(token.getParameters().toString());
// 9: permissions
state.append(SEP);
if (token.getScopes().isEmpty()) {
state.append(' ');
} else {
for (OAuthPermission p : token.getScopes()) {
// 9.1
state.append(tokenizeString(p.getPermission()));
state.append('.');
// 9.2
state.append(tokenizeString(p.getDescription()));
state.append('.');
// 9.3
state.append(p.isDefaultPermission());
state.append('.');
// 9.4
state.append(p.getHttpVerbs().toString());
state.append('.');
// 9.5
state.append(p.getUris().toString());
}
}
state.append(SEP);
// 10: code verifier
state.append(tokenizeString(token.getClientCodeVerifier()));
state.append(SEP);
// 11: user subject
tokenizeUserSubject(state, token.getSubject());
// 13: extra properties
state.append(SEP);
// {key=value, key=value}
state.append(token.getExtraProperties().toString());
return state.toString();
}
Example #30
| Source File: OAuthDataProviderImpl.java From cxf with Apache License 2.0 | 4 votes |
|
@Override
public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> requestedScope) {
return null;
}
