public abstract class RedirectionBasedGrantService extends AbstractOAuthService
LOG
Modifier | Constructor and Description |
---|---|
protected |
RedirectionBasedGrantService(String supportedResponseType,
String supportedGrantType) |
Modifier and Type | Method and Description |
---|---|
javax.ws.rs.core.Response |
authorize()
Handles the initial authorization request by preparing
the authorization challenge data and returning it to the user.
|
javax.ws.rs.core.Response |
authorizeDecision()
Processes the end user decision
|
javax.ws.rs.core.Response |
authorizeDecisionForm(javax.ws.rs.core.MultivaluedMap<String,String> params)
Processes the end user decision
|
protected abstract boolean |
canRedirectUriBeEmpty(Client c) |
protected abstract boolean |
canSupportPublicClient(Client c) |
protected javax.ws.rs.core.Response |
completeAuthorization(javax.ws.rs.core.MultivaluedMap<String,String> params)
Completes the authorization process
|
protected OAuthAuthorizationData |
createAuthorizationData(Client client,
javax.ws.rs.core.MultivaluedMap<String,String> params,
String redirectUri,
UserSubject subject,
List<OAuthPermission> perms,
boolean preAuthorizedTokenAvailable)
Create the authorization challenge data
|
protected javax.ws.rs.core.Response |
createErrorResponse(javax.ws.rs.core.MultivaluedMap<String,String> params,
String redirectUri,
String error) |
protected abstract javax.ws.rs.core.Response |
createErrorResponse(String state,
String redirectUri,
String error) |
protected abstract javax.ws.rs.core.Response |
createGrant(OAuthRedirectionState state,
Client client,
List<String> requestedScope,
List<String> approvedScope,
UserSubject userSubject,
ServerAccessToken preAuthorizedToken) |
protected UserSubject |
createUserSubject(SecurityContext securityContext) |
protected SecurityContext |
getAndValidateSecurityContext(javax.ws.rs.core.MultivaluedMap<String,String> params) |
protected Client |
getClient(javax.ws.rs.core.MultivaluedMap<String,String> params) |
protected Client |
getClient(String clientId)
Get the
Client reference |
protected String |
getSupportedGrantType() |
protected void |
personalizeData(OAuthAuthorizationData data,
UserSubject userSubject) |
protected OAuthRedirectionState |
recreateRedirectionStateFromSession(UserSubject subject,
javax.ws.rs.core.MultivaluedMap<String,String> params,
String sessionToken) |
void |
setMatchRedirectUriWithApplicationUri(boolean matchRedirectUriWithApplicationUri) |
void |
setMaxDefaultSessionInterval(int maxDefaultSessionInterval) |
void |
setPartialMatchScopeValidation(boolean partialMatchScopeValidation) |
void |
setResourceOwnerNameProvider(ResourceOwnerNameProvider resourceOwnerNameProvider) |
void |
setSessionAuthenticityTokenProvider(SessionAuthenticityTokenProvider sessionAuthenticityTokenProvider) |
void |
setSubjectCreator(SubjectCreator creator) |
void |
setUseRegisteredRedirectUriIfPossible(boolean use)
If a client does not include a redirect_uri parameter but has an exactly one
pre-registered redirect_uri then use that redirect_uri
|
protected javax.ws.rs.core.Response |
startAuthorization(javax.ws.rs.core.MultivaluedMap<String,String> params)
Starts the authorization process
|
protected javax.ws.rs.core.Response |
startAuthorization(javax.ws.rs.core.MultivaluedMap<String,String> params,
UserSubject userSubject,
Client client) |
protected String |
validateRedirectUri(Client client,
String redirectUri) |
checkTransportSecurity, getDataProvider, getMessageContext, getQueryParameters, getValidClient, getValidClient, isWriteOptionalParameters, reportInvalidRequestError, reportInvalidRequestError, reportInvalidRequestError, reportInvalidRequestError, setBlockUnsecureRequests, setDataProvider, setMessageContext, setWriteOptionalParameters
@GET @Produces(value={"application/xhtml+xml","text/html","application/xml","application/json"}) public javax.ws.rs.core.Response authorize()
@GET @Path(value="/decision") public javax.ws.rs.core.Response authorizeDecision()
@POST @Path(value="/decision") @Consumes(value="application/x-www-form-urlencoded") public javax.ws.rs.core.Response authorizeDecisionForm(javax.ws.rs.core.MultivaluedMap<String,String> params)
protected javax.ws.rs.core.Response startAuthorization(javax.ws.rs.core.MultivaluedMap<String,String> params)
protected javax.ws.rs.core.Response startAuthorization(javax.ws.rs.core.MultivaluedMap<String,String> params, UserSubject userSubject, Client client)
protected OAuthAuthorizationData createAuthorizationData(Client client, javax.ws.rs.core.MultivaluedMap<String,String> params, String redirectUri, UserSubject subject, List<OAuthPermission> perms, boolean preAuthorizedTokenAvailable)
protected OAuthRedirectionState recreateRedirectionStateFromSession(UserSubject subject, javax.ws.rs.core.MultivaluedMap<String,String> params, String sessionToken)
protected void personalizeData(OAuthAuthorizationData data, UserSubject userSubject)
protected javax.ws.rs.core.Response completeAuthorization(javax.ws.rs.core.MultivaluedMap<String,String> params)
public void setSessionAuthenticityTokenProvider(SessionAuthenticityTokenProvider sessionAuthenticityTokenProvider)
public void setSubjectCreator(SubjectCreator creator)
protected UserSubject createUserSubject(SecurityContext securityContext)
protected javax.ws.rs.core.Response createErrorResponse(javax.ws.rs.core.MultivaluedMap<String,String> params, String redirectUri, String error)
protected abstract javax.ws.rs.core.Response createErrorResponse(String state, String redirectUri, String error)
protected abstract javax.ws.rs.core.Response createGrant(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken)
protected SecurityContext getAndValidateSecurityContext(javax.ws.rs.core.MultivaluedMap<String,String> params)
protected Client getClient(String clientId)
Client
referenceparams
- request parameters{@link
- javax.ws.rs.WebApplicationException} if no matching Client is found,
the error is returned directly to the end user without
following the redirect URI if anyprotected String getSupportedGrantType()
public void setResourceOwnerNameProvider(ResourceOwnerNameProvider resourceOwnerNameProvider)
public void setPartialMatchScopeValidation(boolean partialMatchScopeValidation)
public void setUseRegisteredRedirectUriIfPossible(boolean use)
use
- allows to use a single registered redirect_uri if set to true (default)protected abstract boolean canSupportPublicClient(Client c)
protected abstract boolean canRedirectUriBeEmpty(Client c)
public void setMaxDefaultSessionInterval(int maxDefaultSessionInterval)
public void setMatchRedirectUriWithApplicationUri(boolean matchRedirectUriWithApplicationUri)
Apache CXF