Package org.apache.cxf.rs.security.oauth2.provider

Class AbstractOAuthDataProvider

java.lang.Object

org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider

All Implemented Interfaces:

ClientRegistrationProvider, OAuthDataProvider

Direct Known Subclasses:

AbstractAuthorizationCodeDataProvider, AbstractCodeDataProvider, DefaultEncryptingOAuthDataProvider, JCacheOAuthDataProvider, JPAOAuthDataProvider

public abstract class AbstractOAuthDataProvider
extends Object
implements OAuthDataProvider, ClientRegistrationProvider

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	AbstractOAuthDataProvider()

Method Summary

Modifier and Type	Method	Description
protected boolean	authenticateUnregisteredClient(String clientId, String clientSecret)
protected void	checkRequestedScopes(Client client, List<String> requestedScopes)
void	close()
List<OAuthPermission>	convertScopeToPermissions(Client client, List<String> requestedScopes)	Converts the requested scopes to the list of permissions.
protected void	convertSingleScopeToPermission(Client client, String scope, List<OAuthPermission> perms)
protected void	convertToJWTAccessToken(ServerAccessToken at)
ServerAccessToken	createAccessToken(AccessTokenRegistration reg)	Create access token
protected Client	createClientCredentialsClient(String clientId, String password)
protected JwtClaims	createJwtAccessToken(ServerAccessToken at)
protected ServerAccessToken	createNewAccessToken(Client client, UserSubject userSub)
protected RefreshToken	createNewRefreshToken(ServerAccessToken at)
protected ServerAccessToken	doCreateAccessToken(List<String> audiences, Client client, String clientCodeVerifier, Map<String,String> extraProperties, String grantCode, String grantType, String nonce, String responseType, List<OAuthPermission> scopes, UserSubject userSubject)
protected ServerAccessToken	doCreateAccessToken(AccessTokenRegistration atReg)
protected RefreshToken	doCreateNewRefreshToken(ServerAccessToken at)
protected abstract Client	doGetClient(String clientId)
protected ServerAccessToken	doRefreshAccessToken(Client client, RefreshToken oldRefreshToken, List<String> restrictedScopes)
protected abstract void	doRemoveClient(Client c)
protected abstract void	doRevokeAccessToken(ServerAccessToken accessToken)
protected abstract void	doRevokeRefreshToken(RefreshToken refreshToken)
Client	getClient(String clientId)	Returns the previously registered third-party Client
protected String	getCurrentClientSecret()
protected String	getCurrentRequestedGrantType()
protected javax.ws.rs.core.MultivaluedMap<String,String>	getCurrentTokenRequestParams()
List<String>	getDefaultScopes()
List<String>	getInvisibleToClientScopes()
String	getIssuer()
Map<String,String>	getJwtAccessTokenClaimMap()
OAuthJoseJwtProducer	getJwtAccessTokenProducer()
MessageContext	getMessageContext()
Map<String,OAuthPermission>	getPermissionMap()
ServerAccessToken	getPreauthorizedToken(Client client, List<String> requestedScopes, UserSubject sub, String grantType)	Get preauthorized access token
protected abstract RefreshToken	getRefreshToken(String refreshTokenKey)
List<String>	getRequiredScopes()
protected void	handleLinkedRefreshToken(Client client, ServerAccessToken accessToken)
void	init()
protected static boolean	isClientMatched(Client c, UserSubject resourceOwner)
boolean	isPersistJwtEncoding()
boolean	isRecycleRefreshTokens()
protected boolean	isRefreshTokenSupported(List<String> theScopes)
boolean	isSupportPreauthorizedTokens()
protected static boolean	isTokenMatched(ServerAccessToken token, Client c, UserSubject sub)
boolean	isUseJwtFormatForAccessTokens()
protected void	linkAccessTokenToRefreshToken(RefreshToken rt, ServerAccessToken at)
protected void	linkRefreshTokenToAccessToken(RefreshToken rt, ServerAccessToken at)
protected String	processJwtAccessToken(JwtClaims jwtCliams)
ServerAccessToken	refreshAccessToken(Client client, String refreshTokenKey, List<String> restrictedScopes)	Refresh access token
Client	removeClient(String clientId)	Remove a Client with the given id
protected void	removeClientTokens(Client c)
protected ServerAccessToken	revokeAccessToken(Client client, String accessTokenKey)
protected void	revokeAccessTokens(Client client, RefreshToken currentRefreshToken)
protected RefreshToken	revokeRefreshToken(Client client, String refreshTokenKey)
void	revokeToken(Client client, String tokenKey, String tokenTypeHint)	Revokes a refresh or access token
protected abstract void	saveAccessToken(ServerAccessToken serverToken)
protected abstract void	saveRefreshToken(RefreshToken refreshToken)
void	setAccessTokenLifetime(long accessTokenLifetime)
void	setAuthenticationStrategy(ProviderAuthenticationStrategy authenticationStrategy)
void	setClients(List<Client> clients)
void	setDefaultScopes(List<String> defaultScopes)
void	setInvisibleToClientScopes(List<String> invisibleToClientScopes)
void	setIssuer(String issuer)
void	setJwtAccessTokenClaimMap(Map<String,String> jwtAccessTokenClaimMap)
void	setJwtAccessTokenProducer(OAuthJoseJwtProducer jwtAccessTokenProducer)
void	setMessageContext(MessageContext messageContext)
void	setPermissionMap(Map<String,OAuthPermission> permissionMap)
void	setPersistJwtEncoding(boolean persistJwtEncoding)
void	setRecycleRefreshTokens(boolean recycleRefreshTokens)
void	setRefreshTokenLifetime(long refreshTokenLifetime)
void	setRequiredScopes(List<String> requiredScopes)
void	setSupportedScopes(Map<String,String> scopes)
void	setSupportPreauthorizedTokens(boolean supportPreauthorizedTokens)
void	setUseJwtFormatForAccessTokens(boolean useJwtFormatForAccessTokens)
protected void	unlinkRefreshAccessToken(RefreshToken rt, String tokenKey)
protected RefreshToken	updateExistingRefreshToken(RefreshToken rt, ServerAccessToken at)
protected RefreshToken	updateRefreshToken(RefreshToken rt, ServerAccessToken at)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.cxf.rs.security.oauth2.provider.ClientRegistrationProvider

getClients, setClient

Methods inherited from interface org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider

getAccessToken, getAccessTokens, getRefreshTokens

Constructor Detail

AbstractOAuthDataProvider

protected AbstractOAuthDataProvider()

Method Detail

createAccessToken

public ServerAccessToken createAccessToken(AccessTokenRegistration reg)
                                    throws OAuthServiceException

Description copied from interface: OAuthDataProvider

Create access token

Specified by:

createAccessToken in interface OAuthDataProvider

Parameters:

reg - the token registration info

Returns:

AccessToken

Throws:

OAuthServiceException

doCreateAccessToken

protected ServerAccessToken doCreateAccessToken(AccessTokenRegistration atReg)

doCreateAccessToken

protected ServerAccessToken doCreateAccessToken(List<String> audiences,
                                                Client client,
                                                String clientCodeVerifier,
                                                Map<String,String> extraProperties,
                                                String grantCode,
                                                String grantType,
                                                String nonce,
                                                String responseType,
                                                List<OAuthPermission> scopes,
                                                UserSubject userSubject)

createJwtAccessToken

protected JwtClaims createJwtAccessToken(ServerAccessToken at)

convertToJWTAccessToken

protected void convertToJWTAccessToken(ServerAccessToken at)

createNewAccessToken

protected ServerAccessToken createNewAccessToken(Client client,
                                                 UserSubject userSub)

refreshAccessToken

public ServerAccessToken refreshAccessToken(Client client,
                                            String refreshTokenKey,
                                            List<String> restrictedScopes)
                                     throws OAuthServiceException

Description copied from interface: OAuthDataProvider

Refresh access token

Specified by:

refreshAccessToken in interface OAuthDataProvider

Parameters:

client - the client

refreshTokenKey - refresh token key

restrictedScopes - the scopes requested by the client

Returns:

AccessToken

Throws:

OAuthServiceException

revokeToken

public void revokeToken(Client client,
                        String tokenKey,
                        String tokenTypeHint)
                 throws OAuthServiceException

Description copied from interface: OAuthDataProvider

Revokes a refresh or access token

Specified by:

revokeToken in interface OAuthDataProvider

Parameters:

client - the client

tokenKey - token identifier

tokenTypeHint - can be access_token or refresh_token or null

Throws:

OAuthServiceException

handleLinkedRefreshToken

protected void handleLinkedRefreshToken(Client client,
                                        ServerAccessToken accessToken)

revokeAccessTokens

protected void revokeAccessTokens(Client client,
                                  RefreshToken currentRefreshToken)

unlinkRefreshAccessToken

protected void unlinkRefreshAccessToken(RefreshToken rt,
                                        String tokenKey)

convertScopeToPermissions

public List<OAuthPermission> convertScopeToPermissions(Client client,
                                                       List<String> requestedScopes)

Description copied from interface: OAuthDataProvider

Converts the requested scopes to the list of permissions. The scopes are extracted from OAuth2 'scope' property which if set may contain one or more space separated scope values

Specified by:

convertScopeToPermissions in interface OAuthDataProvider

requestedScopes - the scopes

Returns:

list of permissions

checkRequestedScopes

protected void checkRequestedScopes(Client client,
                                    List<String> requestedScopes)

convertSingleScopeToPermission

protected void convertSingleScopeToPermission(Client client,
                                              String scope,
                                              List<OAuthPermission> perms)

getPreauthorizedToken

public ServerAccessToken getPreauthorizedToken(Client client,
                                               List<String> requestedScopes,
                                               UserSubject sub,
                                               String grantType)
                                        throws OAuthServiceException

Description copied from interface: OAuthDataProvider

Get preauthorized access token

Specified by:

getPreauthorizedToken in interface OAuthDataProvider

Parameters:

client - Client

requestedScopes - the scopes requested by the client

sub - End User subject

Returns:

AccessToken access token

Throws:

OAuthServiceException

isRefreshTokenSupported

protected boolean isRefreshTokenSupported(List<String> theScopes)

getCurrentRequestedGrantType

protected String getCurrentRequestedGrantType()

getCurrentClientSecret

protected String getCurrentClientSecret()

getCurrentTokenRequestParams

protected javax.ws.rs.core.MultivaluedMap<String,String> getCurrentTokenRequestParams()

updateExistingRefreshToken

protected RefreshToken updateExistingRefreshToken(RefreshToken rt,
                                                  ServerAccessToken at)

updateRefreshToken

protected RefreshToken updateRefreshToken(RefreshToken rt,
                                          ServerAccessToken at)

createNewRefreshToken

protected RefreshToken createNewRefreshToken(ServerAccessToken at)

doCreateNewRefreshToken

protected RefreshToken doCreateNewRefreshToken(ServerAccessToken at)

linkAccessTokenToRefreshToken

protected void linkAccessTokenToRefreshToken(RefreshToken rt,
                                             ServerAccessToken at)

linkRefreshTokenToAccessToken

protected void linkRefreshTokenToAccessToken(RefreshToken rt,
                                             ServerAccessToken at)

doRefreshAccessToken

protected ServerAccessToken doRefreshAccessToken(Client client,
                                                 RefreshToken oldRefreshToken,
                                                 List<String> restrictedScopes)

setAccessTokenLifetime

public void setAccessTokenLifetime(long accessTokenLifetime)

setRefreshTokenLifetime

public void setRefreshTokenLifetime(long refreshTokenLifetime)

setRecycleRefreshTokens

public void setRecycleRefreshTokens(boolean recycleRefreshTokens)

isRecycleRefreshTokens

public boolean isRecycleRefreshTokens()

init

public void init()

close

public void close()

getPermissionMap

public Map<String,OAuthPermission> getPermissionMap()

setPermissionMap

public void setPermissionMap(Map<String,OAuthPermission> permissionMap)

setSupportedScopes

public void setSupportedScopes(Map<String,String> scopes)

getMessageContext

public MessageContext getMessageContext()

setMessageContext

public void setMessageContext(MessageContext messageContext)

removeClientTokens

protected void removeClientTokens(Client c)

removeClient

public Client removeClient(String clientId)

Description copied from interface: ClientRegistrationProvider

Remove a Client with the given id

Specified by:

removeClient in interface ClientRegistrationProvider

Parameters:

clientId - the client id

Returns:

Client

getClient

public Client getClient(String clientId)

Description copied from interface: OAuthDataProvider

Returns the previously registered third-party Client

Specified by:

getClient in interface ClientRegistrationProvider

Specified by:

getClient in interface OAuthDataProvider

Parameters:

clientId - the client id

Returns:

Client

setAuthenticationStrategy

public void setAuthenticationStrategy(ProviderAuthenticationStrategy authenticationStrategy)

authenticateUnregisteredClient

protected boolean authenticateUnregisteredClient(String clientId,
                                                 String clientSecret)

createClientCredentialsClient

protected Client createClientCredentialsClient(String clientId,
                                               String password)

revokeAccessToken

protected ServerAccessToken revokeAccessToken(Client client,
                                              String accessTokenKey)

revokeRefreshToken

protected RefreshToken revokeRefreshToken(Client client,
                                          String refreshTokenKey)

saveAccessToken

protected abstract void saveAccessToken(ServerAccessToken serverToken)

saveRefreshToken

protected abstract void saveRefreshToken(RefreshToken refreshToken)

doRevokeAccessToken

protected abstract void doRevokeAccessToken(ServerAccessToken accessToken)

doRevokeRefreshToken

protected abstract void doRevokeRefreshToken(RefreshToken refreshToken)

getRefreshToken

protected abstract RefreshToken getRefreshToken(String refreshTokenKey)

doGetClient

protected abstract Client doGetClient(String clientId)

doRemoveClient

protected abstract void doRemoveClient(Client c)

getDefaultScopes

public List<String> getDefaultScopes()

setDefaultScopes

public void setDefaultScopes(List<String> defaultScopes)

getRequiredScopes

public List<String> getRequiredScopes()

setRequiredScopes

public void setRequiredScopes(List<String> requiredScopes)

getInvisibleToClientScopes

public List<String> getInvisibleToClientScopes()

setInvisibleToClientScopes

public void setInvisibleToClientScopes(List<String> invisibleToClientScopes)

isSupportPreauthorizedTokens

public boolean isSupportPreauthorizedTokens()

setSupportPreauthorizedTokens

public void setSupportPreauthorizedTokens(boolean supportPreauthorizedTokens)

isClientMatched

protected static boolean isClientMatched(Client c,
                                         UserSubject resourceOwner)

isTokenMatched

protected static boolean isTokenMatched(ServerAccessToken token,
                                        Client c,
                                        UserSubject sub)

setClients

public void setClients(List<Client> clients)

isUseJwtFormatForAccessTokens

public boolean isUseJwtFormatForAccessTokens()

setUseJwtFormatForAccessTokens

public void setUseJwtFormatForAccessTokens(boolean useJwtFormatForAccessTokens)

getJwtAccessTokenProducer

public OAuthJoseJwtProducer getJwtAccessTokenProducer()

setJwtAccessTokenProducer

public void setJwtAccessTokenProducer(OAuthJoseJwtProducer jwtAccessTokenProducer)

processJwtAccessToken

protected String processJwtAccessToken(JwtClaims jwtCliams)

getJwtAccessTokenClaimMap

public Map<String,String> getJwtAccessTokenClaimMap()

setJwtAccessTokenClaimMap

public void setJwtAccessTokenClaimMap(Map<String,String> jwtAccessTokenClaimMap)

isPersistJwtEncoding

public boolean isPersistJwtEncoding()

setPersistJwtEncoding

public void setPersistJwtEncoding(boolean persistJwtEncoding)

getIssuer

public String getIssuer()

setIssuer

public void setIssuer(String issuer)