Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Apache CXF API
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.cxf.rs.security.oauth2.services
Class RedirectionBasedGrantService

java.lang.Object
  extended by org.apache.cxf.rs.security.oauth2.services.AbstractOAuthService
      extended by org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService
Direct Known Subclasses:
AuthorizationCodeGrantService, ImplicitGrantService
public abstract class RedirectionBasedGrantService
extends AbstractOAuthService

The Base Redirection-Based Grant Service

Constructor Summary
protected RedirectionBasedGrantService(String supportedResponseType, String supportedGrantType)
           
 
Method Summary
 javax.ws.rs.core.Response authorize()
          Handles the initial authorization request by preparing the authorization challenge data and returning it to the user.
 javax.ws.rs.core.Response authorizeDecision()
          Processes the end user decision
 javax.ws.rs.core.Response authorizeDecisionForm(javax.ws.rs.core.MultivaluedMap<String,String> params)
          Processes the end user decision
protected abstract  boolean canRedirectUriBeEmpty(Client c)
           
protected abstract  boolean canSupportPublicClient(Client c)
           
protected  javax.ws.rs.core.Response completeAuthorization(javax.ws.rs.core.MultivaluedMap<String,String> params)
          Completes the authorization process
protected  OAuthAuthorizationData createAuthorizationData(Client client, javax.ws.rs.core.MultivaluedMap<String,String> params, UserSubject subject, String redirectUri, List<OAuthPermission> perms)
          Create the authorization challenge data
protected abstract  javax.ws.rs.core.Response createErrorResponse(javax.ws.rs.core.MultivaluedMap<String,String> params, String redirectUri, String error)
           
protected abstract  javax.ws.rs.core.Response createGrant(javax.ws.rs.core.MultivaluedMap<String,String> params, Client client, String redirectUri, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken)
           
protected  UserSubject createUserSubject(SecurityContext securityContext)
           
protected  Client getClient(javax.ws.rs.core.MultivaluedMap<String,String> params)
          Get the Client reference
protected  void personalizeData(OAuthAuthorizationData data, UserSubject userSubject)
           
 void setPartialMatchScopeValidation(boolean partialMatchScopeValidation)
           
 void setResourceOwnerNameProvider(ResourceOwnerNameProvider resourceOwnerNameProvider)
           
 void setSessionAuthenticityTokenProvider(SessionAuthenticityTokenProvider sessionAuthenticityTokenProvider)
           
 void setSubjectCreator(SubjectCreator creator)
           
 void setUseRegisteredRedirectUriIfPossible(boolean use)
          If a client does not include a redirect_uri parameter but has an exactly one pre-registered redirect_uri then use that redirect_uri
protected  javax.ws.rs.core.Response startAuthorization(javax.ws.rs.core.MultivaluedMap<String,String> params)
          Starts the authorization process
protected  String validateRedirectUri(Client client, String redirectUri)
           
 
Methods inherited from class org.apache.cxf.rs.security.oauth2.services.AbstractOAuthService
checkTransportSecurity, getDataProvider, getMessageContext, getQueryParameters, getValidClient, getValidClient, isWriteOptionalParameters, reportInvalidRequestError, reportInvalidRequestError, reportInvalidRequestError, reportInvalidRequestError, setBlockUnsecureRequests, setDataProvider, setMessageContext, setWriteOptionalParameters
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RedirectionBasedGrantService

protected RedirectionBasedGrantService(String supportedResponseType,
                                       String supportedGrantType)
Method Detail

authorize

@GET
@Produces(value={"application/xhtml+xml","text/html","application/xml","application/json"})
public javax.ws.rs.core.Response authorize()
Handles the initial authorization request by preparing the authorization challenge data and returning it to the user. Typically the data are expected to be presented in the HTML form

Returns:
the authorization data

authorizeDecision

@GET
@Path(value="/decision")
public javax.ws.rs.core.Response authorizeDecision()
Processes the end user decision

Returns:
The grant value, authorization code or the token

authorizeDecisionForm

@POST
@Path(value="/decision")
@Consumes(value="application/x-www-form-urlencoded")
public javax.ws.rs.core.Response authorizeDecisionForm(javax.ws.rs.core.MultivaluedMap<String,String> params)
Processes the end user decision

Returns:
The grant value, authorization code or the token

startAuthorization

protected javax.ws.rs.core.Response startAuthorization(javax.ws.rs.core.MultivaluedMap<String,String> params)
Starts the authorization process

createAuthorizationData

protected OAuthAuthorizationData createAuthorizationData(Client client,
                                                         javax.ws.rs.core.MultivaluedMap<String,String> params,
                                                         UserSubject subject,
                                                         String redirectUri,
                                                         List<OAuthPermission> perms)
Create the authorization challenge data

personalizeData

protected void personalizeData(OAuthAuthorizationData data,
                               UserSubject userSubject)

completeAuthorization

protected javax.ws.rs.core.Response completeAuthorization(javax.ws.rs.core.MultivaluedMap<String,String> params)
Completes the authorization process

setSessionAuthenticityTokenProvider

public void setSessionAuthenticityTokenProvider(SessionAuthenticityTokenProvider sessionAuthenticityTokenProvider)

setSubjectCreator

public void setSubjectCreator(SubjectCreator creator)

createUserSubject

protected UserSubject createUserSubject(SecurityContext securityContext)

createErrorResponse

protected abstract javax.ws.rs.core.Response createErrorResponse(javax.ws.rs.core.MultivaluedMap<String,String> params,
                                                                 String redirectUri,
                                                                 String error)

createGrant

protected abstract javax.ws.rs.core.Response createGrant(javax.ws.rs.core.MultivaluedMap<String,String> params,
                                                         Client client,
                                                         String redirectUri,
                                                         List<String> requestedScope,
                                                         List<String> approvedScope,
                                                         UserSubject userSubject,
                                                         ServerAccessToken preAuthorizedToken)

validateRedirectUri

protected String validateRedirectUri(Client client,
                                     String redirectUri)

getClient

protected Client getClient(javax.ws.rs.core.MultivaluedMap<String,String> params)
Get the Client reference

Parameters:
params - request parameters
Returns:
Client the client reference
Throws:
{@link - javax.ws.rs.WebApplicationException} if no matching Client is found, the error is returned directly to the end user without following the redirect URI if any

setResourceOwnerNameProvider

public void setResourceOwnerNameProvider(ResourceOwnerNameProvider resourceOwnerNameProvider)

setPartialMatchScopeValidation

public void setPartialMatchScopeValidation(boolean partialMatchScopeValidation)

setUseRegisteredRedirectUriIfPossible

public void setUseRegisteredRedirectUriIfPossible(boolean use)
If a client does not include a redirect_uri parameter but has an exactly one pre-registered redirect_uri then use that redirect_uri

Parameters:
use - allows to use a single registered redirect_uri if set to true (default)

canSupportPublicClient

protected abstract boolean canSupportPublicClient(Client c)

canRedirectUriBeEmpty

protected abstract boolean canRedirectUriBeEmpty(Client c)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Apache CXF API
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Apache CXF