...
Code Block | ||||
---|---|---|---|---|
| ||||
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); Map<String, Object> properties = new HashMap<String, Object>(); properties.put("security.callback-handler", "org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"); properties.put("security.saml-callback-handler", "org.apache.cxf.systest.jaxrs.security.oauth2.SamlCallbackHandler2"); properties.put("security.signature.username", "alice"); properties.put("security.signature.properties", CRYPTO_RESOURCE_PROPERTIES); properties.put("security.self-sign-saml-assertion", "true"); bean.setProperties(properties); bean.getOutInterceptors().add(new Saml2BearerAuthOutInterceptor()); WebClient wc = bean.createWebClient(); wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON); // Use whatever token grant is required AccessTokenGrant accessTokenGrant = new ClientCredentialsGrant(); ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, accessTokenGrant); |
JWT Bearer
To be documented shortly
Authentication Token
As noted in the introduction, JWT Bearer tokens may also act as client authentication credentials, when requesting an access token, irrespectively of the actual grant type. For example:
Code Block |
---|
POST /token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
&code=12345678
&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Asaml2-bearer
&client_assertion=Base64UrlEncoded-SAML2-Bearer-Assertion
|
Note "client_assertion_type" with a value "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" indicates that the type of assertion used as an authentication token is "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", while the "client_assertion" parameter carries the actual value of the token.
Client Code
The following example shows how to use JWT Bearer tokens as an authentication token: TODO
Access Token Service
Here is how one may configure Access Token Service:
Code Block | ||||
---|---|---|---|---|
| ||||
<bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/>
<bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
<bean id="jwtAuthHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerAuthHandler"/>
<bean id="serviceBean" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
<property name="dataProvider" ref="dataProvider"/>
<property name="grantHandlers">
<list>
<!-- list of required grant handlers -->
</list>
</property>
</bean>
<jaxrs:server
address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2-auth">
<jaxrs:serviceBeans>
<ref bean="serviceBean"/>
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean="oauthJson"/>
<ref bean="jwtAuthHandler"/>
</jaxrs:providers>
<jaxrs:properties>
<entry key="security.signature.properties"
value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
</jaxrs:properties>
</jaxrs:server>
|