Package org.apache.cxf.rs.security.oauth2.services

Class RedirectionBasedGrantService

java.lang.Object
org.apache.cxf.rs.security.oauth2.services.AbstractOAuthService
org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService
Direct Known Subclasses:
AbstractImplicitGrantService, AuthorizationCodeGrantService
public abstract class RedirectionBasedGrantService extends AbstractOAuthService
The Base Redirection-Based Grant Service

  • Constructor Details

    • RedirectionBasedGrantService

      protected RedirectionBasedGrantService(String supportedResponseType, String supportedGrantType)

    • RedirectionBasedGrantService

      protected RedirectionBasedGrantService(Set<String> supportedResponseTypes, String supportedGrantType)

  • Method Details

    • authorize

      @GET @Produces({"application/xhtml+xml","text/html","application/xml","application/json"}) public jakarta.ws.rs.core.Response authorize()
      Handles the initial authorization request by preparing the authorization challenge data and returning it to the user. Typically the data are expected to be presented in the HTML form
      Returns:
      the authorization data

    • authorizePost

      @POST @Consumes("application/x-www-form-urlencoded") @Produces({"application/xhtml+xml","text/html","application/xml","application/json"}) public jakarta.ws.rs.core.Response authorizePost(jakarta.ws.rs.core.MultivaluedMap<String,String> params)
      Handles the initial authorization request by preparing the authorization challenge data and returning it to the user. Typically the data are expected to be presented in the HTML form
      Returns:
      the authorization data

    • authorizeDecision

      @GET @Path("/decision") public jakarta.ws.rs.core.Response authorizeDecision()
      Processes the end user decision
      Returns:
      The grant value, authorization code or the token

    • authorizeDecisionForm

      @POST @Path("/decision") @Consumes("application/x-www-form-urlencoded") public jakarta.ws.rs.core.Response authorizeDecisionForm(jakarta.ws.rs.core.MultivaluedMap<String,String> params)
      Processes the end user decision
      Returns:
      The grant value, authorization code or the token

    • startAuthorization

      protected jakarta.ws.rs.core.Response startAuthorization(jakarta.ws.rs.core.MultivaluedMap<String,String> params)
      Starts the authorization process

    • startAuthorization

      protected jakarta.ws.rs.core.Response startAuthorization(jakarta.ws.rs.core.MultivaluedMap<String,String> params, UserSubject userSubject, Client client, String redirectUri)

    • getSupportedResponseTypes

      public Set<String> getSupportedResponseTypes()

    • canAuthorizationBeSkipped

      protected boolean canAuthorizationBeSkipped(jakarta.ws.rs.core.MultivaluedMap<String,String> params, Client client, UserSubject userSubject, List<String> requestedScope, List<OAuthPermission> permissions)

    • noConsentForRequestedScopes

      protected boolean noConsentForRequestedScopes(jakarta.ws.rs.core.MultivaluedMap<String,String> params, Client client, UserSubject userSubject, List<String> requestedScope, List<OAuthPermission> permissions)

    • createAuthorizationData

      protected OAuthAuthorizationData createAuthorizationData(Client client, jakarta.ws.rs.core.MultivaluedMap<String,String> params, String redirectUri, UserSubject subject, List<OAuthPermission> requestedPerms, List<OAuthPermission> alreadyAuthorizedPerms, boolean authorizationCanBeSkipped)
      Create the authorization challenge data

    • recreateRedirectionStateFromSession

      protected OAuthRedirectionState recreateRedirectionStateFromSession(UserSubject subject, String sessionToken)

    • recreateRedirectionStateFromParams

      protected OAuthRedirectionState recreateRedirectionStateFromParams(jakarta.ws.rs.core.MultivaluedMap<String,String> params)

    • personalizeData

      protected void personalizeData(OAuthAuthorizationData data, UserSubject userSubject)

    • getApprovedScope

      protected List<String> getApprovedScope(List<String> requestedScope, List<String> approvedScope)

    • completeAuthorization

      protected jakarta.ws.rs.core.Response completeAuthorization(jakarta.ws.rs.core.MultivaluedMap<String,String> params)
      Completes the authorization process

    • isRevokePreauthorizedTokenOnApproval

      public boolean isRevokePreauthorizedTokenOnApproval()

    • setRevokePreauthorizedTokenOnApproval

      public void setRevokePreauthorizedTokenOnApproval(boolean revoke)

    • setSessionAuthenticityTokenProvider

      public void setSessionAuthenticityTokenProvider(SessionAuthenticityTokenProvider sessionAuthenticityTokenProvider)

    • setSubjectCreator

      public void setSubjectCreator(SubjectCreator creator)

    • createUserSubject

      protected UserSubject createUserSubject(SecurityContext securityContext, jakarta.ws.rs.core.MultivaluedMap<String,String> params)

    • createErrorResponse

      protected jakarta.ws.rs.core.Response createErrorResponse(jakarta.ws.rs.core.MultivaluedMap<String,String> params, String redirectUri, String error)

    • canAccessTokenBeReturned

      protected boolean canAccessTokenBeReturned(String responseType)

    • createErrorResponse

      protected abstract jakarta.ws.rs.core.Response createErrorResponse(String state, String redirectUri, String error)

    • createGrant

      protected abstract jakarta.ws.rs.core.Response createGrant(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken)

    • getAndValidateSecurityContext

      protected SecurityContext getAndValidateSecurityContext(jakarta.ws.rs.core.MultivaluedMap<String,String> params)

    • validateRedirectUri

      protected String validateRedirectUri(Client client, String redirectUri)

    • getClient

      protected Client getClient(String clientId, jakarta.ws.rs.core.MultivaluedMap<String,String> params)
      Get the Client reference
      Parameters:
      params - request parameters
      Returns:
      Client the client reference

    • createHtmlResponse

      protected jakarta.ws.rs.core.Response createHtmlResponse(Object response)

    • isFormResponse

      protected boolean isFormResponse(OAuthRedirectionState state)

    • getSupportedGrantType

      protected String getSupportedGrantType()

    • setResourceOwnerNameProvider

      public void setResourceOwnerNameProvider(ResourceOwnerNameProvider resourceOwnerNameProvider)

    • setPartialMatchScopeValidation

      public void setPartialMatchScopeValidation(boolean partialMatchScopeValidation)

    • setUseAllClientScopes

      public void setUseAllClientScopes(boolean useAllClientScopes)

    • setUseRegisteredRedirectUriIfPossible

      public void setUseRegisteredRedirectUriIfPossible(boolean use)
      If a client does not include a redirect_uri parameter but has an exactly one pre-registered redirect_uri then use that redirect_uri
      Parameters:
      use - allows to use a single registered redirect_uri if set to true (default)

    • canSupportPublicClient

      protected abstract boolean canSupportPublicClient(Client c)

    • canRedirectUriBeEmpty

      protected abstract boolean canRedirectUriBeEmpty(Client c)

    • setMaxDefaultSessionInterval

      public void setMaxDefaultSessionInterval(int maxDefaultSessionInterval)

    • setMatchRedirectUriWithApplicationUri

      public void setMatchRedirectUriWithApplicationUri(boolean matchRedirectUriWithApplicationUri)

    • setHidePreauthorizedScopesInForm

      public void setHidePreauthorizedScopesInForm(boolean hidePreauthorizedScopesInForm)

    • setAuthorizationFilter

      public void setAuthorizationFilter(AuthorizationRequestFilter authorizationFilter)

    • setScopesRequiringNoConsent

      public void setScopesRequiringNoConsent(List<String> scopesRequiringNoConsent)

    • setSupportSinglePageApplications

      public void setSupportSinglePageApplications(boolean supportSinglePageApplications)