...
AuthorizationCodeGrantService is easier to put where the application endpoints are. It can be put alongside AccessTokenService, but ideally an SSO based authentication solution will be also be deployed, for the end user to avoid signing in separately several times (see more in it below). Here is an example of AuthorizationCodeGrantService and ImplicitGrantService being collocated with the application endpoint:
Code Block | ||||
---|---|---|---|---|
| ||||
<bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService"> <property name="dataProvider" ref="oauthProvider"/> </bean> <bean id="implicitService" class="org.apache.cxf.rs.security.oauth2.services.ImplicitGrantService"> <property name="myApp"dataProvider" ref="oauthProvider"/> </bean> <bean id="jaxrsService" class="org.myapp.MyAppMyService"/> <jaxrs:server id="appServer" address="/myapp"> <jaxrs:serviceBeans> <ref bean="myAppjaxrsService"/> <ref bean="authorizationService"/> <ref bean="implicitService"/> </jaxrs:serviceBeans> </jaxrs:server> |
AuthorizationCodeGrantService listens on a relative "/authorize" path so in this case its absolute address will be something like "http://localhost:8080/services/myapp/authorize". This address and that of AccessTokenService will be used by third-party clients.
ImplictGrantService listens on a relative "/authorize-implicit" path
AuthorizationCode and Implicit Services on the same relative path
As has already been mentioned in the previous section, AuthorizationCodeGrantService and ImplictGrantService listen on two different relative paths: "/authorize" and "/authorize-implicit". Having both services available at different addresses may not always be preferred though. If preferred, one can use AuthorizationService 'container' service:
Code Block | ||||
---|---|---|---|---|
| ||||
<bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
<property name="dataProvider" ref="oauthProvider"/>
</bean>
<bean id="implicitService" class="org.apache.cxf.rs.security.oauth2.services.ImplicitGrantService">
<property name="dataProvider" ref="oauthProvider"/>
</bean>
<util:list id="servicesList">
<ref bean="authorizationService"/>
<ref bean="implicitService"/>
</util:list>
<bean id="oauth2Service" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationService">
<property name="services" ref="servicesList"/>
</bean>
<bean id="jaxrsService" class="org.myapp.MyService"/>
<jaxrs:server id="appServer" address="/myapp">
<jaxrs:serviceBeans>
<ref bean="jaxrsService"/>
<ref bean="oauth2Service"/>
</jaxrs:serviceBeans>
</jaxrs:server>
|
See this application context for another example.
Third Party Client Authentication
...