Java Code Examples for org.apache.cxf.rs.security.oauth2.common.ServerAccessToken#setTokenKey()
The following examples show how to use
org.apache.cxf.rs.security.oauth2.common.ServerAccessToken#setTokenKey() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: AbstractOAuthDataProvider.java From cxf with Apache License 2.0 | 5 votes |
|
protected ServerAccessToken doCreateAccessToken(AccessTokenRegistration atReg) {
ServerAccessToken at = createNewAccessToken(atReg.getClient(), atReg.getSubject());
at.setAudiences(atReg.getAudiences());
at.setGrantType(atReg.getGrantType());
List<String> theScopes = atReg.getApprovedScope();
List<OAuthPermission> thePermissions =
convertScopeToPermissions(atReg.getClient(), theScopes);
at.setScopes(thePermissions);
at.setSubject(atReg.getSubject());
at.setClientCodeVerifier(atReg.getClientCodeVerifier());
at.setNonce(atReg.getNonce());
at.setResponseType(atReg.getResponseType());
at.setGrantCode(atReg.getGrantCode());
at.getExtraProperties().putAll(atReg.getExtraProperties());
if (messageContext != null) {
String certCnf = (String)messageContext.get(JoseConstants.HEADER_X509_THUMBPRINT_SHA256);
if (certCnf != null) {
// At a later stage we will likely introduce a dedicated Confirmation bean (as it is used in POP etc)
at.getExtraProperties().put(JoseConstants.HEADER_X509_THUMBPRINT_SHA256, certCnf);
}
}
if (isUseJwtFormatForAccessTokens()) {
JwtClaims claims = createJwtAccessToken(at);
String jose = processJwtAccessToken(claims);
if (isPersistJwtEncoding()) {
at.setTokenKey(jose);
} else {
at.setEncodedToken(jose);
}
}
return at;
}
Example 2
| Source File: AbstractOAuthDataProvider.java From cxf with Apache License 2.0 | 5 votes |
|
protected ServerAccessToken doRefreshAccessToken(Client client,
RefreshToken oldRefreshToken,
List<String> restrictedScopes) {
ServerAccessToken at = createNewAccessToken(client, oldRefreshToken.getSubject());
at.setAudiences(oldRefreshToken.getAudiences() != null
? new ArrayList<String>(oldRefreshToken.getAudiences()) : null);
at.setGrantType(oldRefreshToken.getGrantType());
at.setGrantCode(oldRefreshToken.getGrantCode());
at.setSubject(oldRefreshToken.getSubject());
at.setNonce(oldRefreshToken.getNonce());
at.setClientCodeVerifier(oldRefreshToken.getClientCodeVerifier());
at.getExtraProperties().putAll(oldRefreshToken.getExtraProperties());
if (restrictedScopes.isEmpty()) {
at.setScopes(oldRefreshToken.getScopes() != null
? new ArrayList<OAuthPermission>(oldRefreshToken.getScopes()) : null);
} else {
List<OAuthPermission> theNewScopes = convertScopeToPermissions(client, restrictedScopes);
if (oldRefreshToken.getScopes().containsAll(theNewScopes)) {
at.setScopes(theNewScopes);
} else {
throw new OAuthServiceException("Invalid scopes");
}
}
if (isUseJwtFormatForAccessTokens()) {
JwtClaims claims = createJwtAccessToken(at);
String jose = processJwtAccessToken(claims);
if (isPersistJwtEncoding()) {
at.setTokenKey(jose);
} else {
at.setEncodedToken(jose);
}
}
return at;
}
Example 3
| Source File: DefaultEncryptingOAuthDataProvider.java From cxf with Apache License 2.0 | 4 votes |
|
private void encryptAccessToken(ServerAccessToken token) {
String encryptedToken = ModelEncryptionSupport.encryptAccessToken(token, key);
tokens.add(encryptedToken);
token.setTokenKey(encryptedToken);
}
Example 4
| Source File: EncryptingDataProvider.java From cxf with Apache License 2.0 | 4 votes |
|
private void encryptAccessToken(ServerAccessToken token) {
String encryptedToken = ModelEncryptionSupport.encryptAccessToken(token, key);
tokens.add(encryptedToken);
refreshTokens.put(token.getRefreshToken(), encryptedToken);
token.setTokenKey(encryptedToken);
}
