Package org.apache.cxf.rs.security.oauth2.common

Examples of org.apache.cxf.rs.security.oauth2.common.Client


    @Consumes("application/x-www-form-urlencoded")
    @Produces("application/json")
    public Response handleTokenRequest(MultivaluedMap<String, String> params) {
       
        // Make sure the client is authenticated
        Client client = authenticateClientIfNeeded(params);
       
        if (!OAuthUtils.isGrantSupportedForClient(client,
                                                  isCanSupportPublicClients(),
                                                  params.getFirst(OAuthConstants.GRANT_TYPE))) {
            return createErrorResponse(params, OAuthConstants.UNAUTHORIZED_CLIENT);   
View Full Code Here


   
    /**
     * Make sure the client is authenticated
     */
    private Client authenticateClientIfNeeded(MultivaluedMap<String, String> params) {
        Client client = null;
        SecurityContext sc = getMessageContext().getSecurityContext();
       
        if (params.containsKey(OAuthConstants.CLIENT_ID)) {
            // both client_id and client_secret are expected in the form payload
            client = getAndValidateClient(params.getFirst(OAuthConstants.CLIENT_ID),
View Full Code Here

        return client;
    }
   
    // Get the Client and check the id and secret
    private Client getAndValidateClient(String clientId, String clientSecret) {
        Client client = getClient(clientId);
        if (canSupportPublicClients
            && !client.isConfidential()
            && client.getClientSecret() == null
            && clientSecret == null) {
            return client;
        }
        if (clientSecret == null || client.getClientSecret() == null
            || !client.getClientId().equals(clientId)
            || !client.getClientSecret().equals(clientSecret)) {
            throw new NotAuthorizedException(Response.status(401).build());
        }
        return client;
    }
View Full Code Here

     * @param clientId the provided client id
     * @return Client the client reference
     * @throws {@link javax.ws.rs.WebApplicationException} if no matching Client is found
     */
    protected Client getClient(String clientId) {
        Client client = null;
        try {
            client = getValidClient(clientId);
        } catch (OAuthServiceException ex) {
            // log it
        }
View Full Code Here

     */
    protected Response startAuthorization(MultivaluedMap<String, String> params) {
        // Make sure the end user has authenticated, check if HTTPS is used
        SecurityContext sc = getAndValidateSecurityContext();
       
        Client client = getClient(params);
       
        // Validate the provided request URI, if any, against the ones Client provided
        // during the registration
        String redirectUri = validateRedirectUri(client, params.getFirst(OAuthConstants.REDIRECT_URI));
       
View Full Code Here

            throw ExceptionUtils.toBadRequestException(null, null);    
        }
        //TODO: additionally we can check that the Principal that got authenticated
        // in startAuthorization is the same that got authenticated in completeAuthorization
       
        Client client = getClient(params);
        String redirectUri = validateRedirectUri(client, params.getFirst(OAuthConstants.REDIRECT_URI));
       
        // Get the end user decision value
        String decision = params.getFirst(OAuthConstants.AUTHORIZATION_DECISION_KEY);
        boolean allow = OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(decision);
       
        // Return the error if denied
        if (!allow) {
            return createErrorResponse(params, redirectUri, OAuthConstants.ACCESS_DENIED);
        }
       
        // Check if the end user may have had a chance to down-scope the requested scopes
        List<String> requestedScope = OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE));
        List<String> approvedScope = new LinkedList<String>();
        for (String rScope : requestedScope) {
            String param = params.getFirst(rScope + "_status");
            if (param != null && OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(param)) {
                approvedScope.add(rScope);
            }
        }
        if (!requestedScope.containsAll(approvedScope)
            || !OAuthUtils.validateScopes(requestedScope, client.getRegisteredScopes(),
                                         partialMatchScopeValidation)) {
            return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_SCOPE);
        }
       
        // Request a new grant
View Full Code Here

     * @throws {@link javax.ws.rs.WebApplicationException} if no matching Client is found,
     *         the error is returned directly to the end user without
     *         following the redirect URI if any
     */
    protected Client getClient(MultivaluedMap<String, String> params) {
        Client client = null;
       
        try {
            client = getValidClient(params);
        } catch (OAuthServiceException ex) {
            if (ex.getError() != null) {
View Full Code Here

   
    /**
     * Make sure the client is authenticated
     */
    protected Client authenticateClientIfNeeded(MultivaluedMap<String, String> params) {
        Client client = null;
        SecurityContext sc = getMessageContext().getSecurityContext();
        Principal principal = sc.getUserPrincipal();
       
        if (principal == null) {
            String clientId = retrieveClientId(params);
            if (clientId != null) {
                client = getAndValidateClientFromIdAndSecret(clientId,
                                              params.getFirst(OAuthConstants.CLIENT_SECRET));
            }
        } else if (principal.getName() != null) {
            client = getClient(principal.getName());
        } else {
            String clientId = retrieveClientId(params);
            if (clientId != null) {
                client = getClient(clientId);
            }
        }
        if (client == null) {
            client = getClientFromTLSCertificates(sc, getTlsSessionInfo());
            if (client == null) {
                // Basic Authentication is expected by default
                client = getClientFromBasicAuthScheme();
            }
        }
        if (client != null && !client.getApplicationCertificates().isEmpty()) {
            // Validate the client application certificates
            compareTlsCertificates(getTlsSessionInfo(), client.getApplicationCertificates());
        }
        if (client == null) {
            reportInvalidClient();
        }
        return client;
View Full Code Here

        return clientId;
    }
   
    // Get the Client and check the id and secret
    protected Client getAndValidateClientFromIdAndSecret(String clientId, String clientSecret) {
        Client client = getClient(clientId);
        if (canSupportPublicClients
            && !client.isConfidential()
            && client.getClientSecret() == null
            && clientSecret == null) {
            return client;
        }
        if (clientSecret == null || client.getClientSecret() == null
            || !client.getClientId().equals(clientId)
            || !client.getClientSecret().equals(clientSecret)) {
            throw ExceptionUtils.toNotAuthorizedException(null, null);
        }
        return client;
    }
View Full Code Here

            return null;
        }
    }
   
    protected Client getClientFromTLSCertificates(SecurityContext sc, TLSSessionInfo tlsSessionInfo) {
        Client client = null;
        if (tlsSessionInfo != null && StringUtils.isEmpty(sc.getAuthenticationScheme())) {
            // Pure 2-way TLS authentication
            String clientId = getClientIdFromTLSCertificates(sc, tlsSessionInfo);
            if (!StringUtils.isEmpty(clientId)) {
                client = getClient(clientId);
View Full Code Here

TOP

Related Classes of org.apache.cxf.rs.security.oauth2.common.Client

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.