THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
OAuth 2.0 supports different types of access token grants. OAuth2 Assertions draft "provides a framework for the use of assertions
with OAuth 2.0" and SAML2 Bearer Assertion Profiles for OAuth2 draft specifically provides for the use of SAML2 Bearer assertions.
...
Code Block | ||||
---|---|---|---|---|
| ||||
<bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/>
<bean id="samlGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler">
<property name="dataProvider" ref="dataProvider"/>
</bean>
<bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
<bean id="serviceBean" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
<property name="dataProvider" ref="dataProvider"/>
<property name="grantHandlers">
<list>
<ref bean="samlGrantHandler"/>
</list>
</property>
</bean>
<jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2">
<jaxrs:serviceBeans>
<ref bean="serviceBean"/>
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean="oauthJson"/>
</jaxrs:providers>
<jaxrs:properties>
<entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
</jaxrs:properties>
</jaxrs:server>
|
...
Code Block | ||||
---|---|---|---|---|
| ||||
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); Map<String, Object> properties = new HashMap<String, Object>(); properties.put("ws-security.callback-handler", "org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"); properties.put("ws-security.saml-callback-handler", "org.apache.cxf.systest.jaxrs.security.oauth2.SamlCallbackHandler2"); properties.put("ws-security.signature.username", "alice"); properties.put("ws-security.signature.properties", CRYPTO_RESOURCE_PROPERTIES); properties.put("ws-security.self-sign-saml-assertion", "true"); bean.setProperties(properties); bean.getOutInterceptors().add(new Saml2BearerAuthOutInterceptor()); WebClient wc = bean.createWebClient(); wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON); // Use whatever token grant is required AccessTokenGrant accessTokenGrant = ... ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, accessTokenGrant); |
...
Code Block | ||||
---|---|---|---|---|
| ||||
<bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/>
<bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
<bean id="samlAuthHandler" class="org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthHandler"/>
<bean id="serviceBean" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
<property name="dataProvider" ref="dataProvider"/>
<property name="grantHandlers">
<list>
<!-- list of required grant handlers -->
</list>
</property>
</bean>
<jaxrs:server
address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2-auth">
<jaxrs:serviceBeans>
<ref bean="serviceBean"/>
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean="oauthJson"/>
<ref bean="samlAuthHandler"/>
</jaxrs:providers>
<jaxrs:properties>
<entry key="ws-security.signature.properties"
value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
</jaxrs:properties>
</jaxrs:server>
|
...
Code Block | ||||
---|---|---|---|---|
| ||||
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); Map<String, Object> properties = new HashMap<String, Object>(); properties.put("ws-security.callback-handler", "org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"); properties.put("ws-security.saml-callback-handler", "org.apache.cxf.systest.jaxrs.security.oauth2.SamlCallbackHandler2"); properties.put("ws-security.signature.username", "alice"); properties.put("ws-security.signature.properties", CRYPTO_RESOURCE_PROPERTIES); properties.put("ws-security.self-sign-saml-assertion", "true"); bean.setProperties(properties); bean.getOutInterceptors().add(new Saml2BearerAuthOutInterceptor()); WebClient wc = bean.createWebClient(); wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON); // Use whatever token grant is required AccessTokenGrant accessTokenGrant = new ClientCredentialsGrant(); ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, accessTokenGrant); |
...