THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
OAuth 2.0 supports different types of access token grants. OAuth2 Assertions draft "provides a framework for the use of assertions
with OAuth 2.0" and SAML2 Bearer Assertion Profiles for OAuth2 draft specifically provides for the use of SAML2 Bearer assertions.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/>
<bean id="samlGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler">
<property name="dataProvider" ref="dataProvider"/>
</bean>
<bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
<bean id="serviceBean" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
<property name="dataProvider" ref="dataProvider"/>
<property name="grantHandlers">
<list>
<ref bean="samlGrantHandler"/>
</list>
</property>
</bean>
<jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2">
<jaxrs:serviceBeans>
<ref bean="serviceBean"/>
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean="oauthJson"/>
</jaxrs:providers>
<jaxrs:properties>
<entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
</jaxrs:properties>
</jaxrs:server>
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
Map<String, Object> properties = new HashMap<String, Object>();
properties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
properties.put("ws-security.saml-callback-handler",
"org.apache.cxf.systest.jaxrs.security.oauth2.SamlCallbackHandler2");
properties.put("ws-security.signature.username", "alice");
properties.put("ws-security.signature.properties", CRYPTO_RESOURCE_PROPERTIES);
properties.put("ws-security.self-sign-saml-assertion", "true");
bean.setProperties(properties);
bean.getOutInterceptors().add(new Saml2BearerAuthOutInterceptor());
WebClient wc = bean.createWebClient();
wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON);
// Use whatever token grant is required
AccessTokenGrant accessTokenGrant = ...
ClientAccessToken at = OAuthClientUtils.getAccessToken(wc,
accessTokenGrant);
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/>
<bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
<bean id="samlAuthHandler" class="org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthHandler"/>
<bean id="serviceBean" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
<property name="dataProvider" ref="dataProvider"/>
<property name="grantHandlers">
<list>
<!-- list of required grant handlers -->
</list>
</property>
</bean>
<jaxrs:server
address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2-auth">
<jaxrs:serviceBeans>
<ref bean="serviceBean"/>
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean="oauthJson"/>
<ref bean="samlAuthHandler"/>
</jaxrs:providers>
<jaxrs:properties>
<entry key="ws-security.signature.properties"
value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
</jaxrs:properties>
</jaxrs:server>
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
Map<String, Object> properties = new HashMap<String, Object>();
properties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
properties.put("ws-security.saml-callback-handler",
"org.apache.cxf.systest.jaxrs.security.oauth2.SamlCallbackHandler2");
properties.put("ws-security.signature.username", "alice");
properties.put("ws-security.signature.properties", CRYPTO_RESOURCE_PROPERTIES);
properties.put("ws-security.self-sign-saml-assertion", "true");
bean.setProperties(properties);
bean.getOutInterceptors().add(new Saml2BearerAuthOutInterceptor());
WebClient wc = bean.createWebClient();
wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON);
// Use whatever token grant is required
AccessTokenGrant accessTokenGrant = new ClientCredentialsGrant();
ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, accessTokenGrant);
|
...