Versions Compared

Old Version 67

changes.mady.by.user Sergey Beryozkin

Saved on

compared with

New Version 68

changes.mady.by.user Sergey Beryozkin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Authorization Code, Implicit, Client Credentials, Resource Owner Password Credentials, Refresh Token and , SAML2 Assertions and JWT assertion grants are currently supported.

...

Code Block
xml
xml
<dependency>
  <groupId>org.apache.cxf</groupId>
  <artifactId>cxf-rt-rs-security-oauth2</artifactId>
  <version>2<version>3.71.5<7</version>
</dependency>

Client Registration

Client Registration is typically done out of band (OAuth2 experts are also finalizing , with the the dynamic client registration )being also possible.
The client registration service will offer an HTML form where the clients will enter their details, see a Client bean for the currently supported properties. Note CXF may offer an abstract client registration service in the future to minimize the effort to get the custom registration service created from scratch.

Developing OAuth2 Servers

...

All of these services rely on the custom OAuthDataProvider which persists the access tokens and converts the opaque scope values to the information that can be presented to the users. Additionally, AuthorizationCodeDataProvider is an OAuthDataProvider which can keep temporary information about the authorization code grants which needs to be removed after the tokens are requested in exchange.

Writing your own AuthorizationCodeDataProvider or OAuthDataProvider implementation is what is needed to get the OAuth2 server up and running. In many cases all you need to do is to persist or remove the Authorization Code Grant data, use one of the available utility classes to create a new access token and also persist it or remove the expired one, and finally convert the optional opaque scope values (if any are supported) to a more view-able information.

CXF 3.1.7 ships JPA2 (JPAOAuthDataProvider and JPACodeDataProvider), Ehcache (DefaultEHCacheOAuthDataProvider and DefaultEHCacheCodeDataProvider) and JCache ( (JCacheOAuthDataProvider and JCacheCodeDataProvider) provider implementations which take care of all the persistence tasks: saving or removing registered clients, tokens and code grants. These providers can be easily customized. Custom implementations can also extend  AbstractOAuthDataProvider or AbstractCodeDataProvider  and only implement their abstract persistence related methods or further customize some of their code.

 

Authorization Service

The main responsibility of OAuth2 Authorization Service is to present an end user with a form asking the user to allow or deny the client accessing some of the user resources. CXF offers AuthorizationCodeGrantService and ImplicitGrantService for accepting the redirection requests, challenging the end users with the authorization forms, handling the end user decisions and returning the results back to the clients.

...