public abstract class RedirectionBasedGrantService extends AbstractOAuthService
LOG
Modifier | Constructor and Description |
---|---|
protected |
RedirectionBasedGrantService(Set<String> supportedResponseTypes,
String supportedGrantType) |
protected |
RedirectionBasedGrantService(String supportedResponseType,
String supportedGrantType) |
Modifier and Type | Method and Description |
---|---|
javax.ws.rs.core.Response |
authorize()
Handles the initial authorization request by preparing
the authorization challenge data and returning it to the user.
|
javax.ws.rs.core.Response |
authorizeDecision()
Processes the end user decision
|
javax.ws.rs.core.Response |
authorizeDecisionForm(javax.ws.rs.core.MultivaluedMap<String,String> params)
Processes the end user decision
|
protected boolean |
canAccessTokenBeReturned(String responseType) |
protected boolean |
canAuthorizationBeSkipped(javax.ws.rs.core.MultivaluedMap<String,String> params,
Client client,
UserSubject userSubject,
List<String> requestedScope,
List<OAuthPermission> permissions) |
protected abstract boolean |
canRedirectUriBeEmpty(Client c) |
protected abstract boolean |
canSupportPublicClient(Client c) |
protected javax.ws.rs.core.Response |
completeAuthorization(javax.ws.rs.core.MultivaluedMap<String,String> params)
Completes the authorization process
|
protected OAuthAuthorizationData |
createAuthorizationData(Client client,
javax.ws.rs.core.MultivaluedMap<String,String> params,
String redirectUri,
UserSubject subject,
List<OAuthPermission> requestedPerms,
List<OAuthPermission> alreadyAuthorizedPerms,
boolean authorizationCanBeSkipped)
Create the authorization challenge data
|
protected javax.ws.rs.core.Response |
createErrorResponse(javax.ws.rs.core.MultivaluedMap<String,String> params,
String redirectUri,
String error) |
protected abstract javax.ws.rs.core.Response |
createErrorResponse(String state,
String redirectUri,
String error) |
protected abstract javax.ws.rs.core.Response |
createGrant(OAuthRedirectionState state,
Client client,
List<String> requestedScope,
List<String> approvedScope,
UserSubject userSubject,
ServerAccessToken preAuthorizedToken) |
protected javax.ws.rs.core.Response |
createHtmlResponse(Object response) |
protected UserSubject |
createUserSubject(SecurityContext securityContext,
javax.ws.rs.core.MultivaluedMap<String,String> params) |
protected SecurityContext |
getAndValidateSecurityContext(javax.ws.rs.core.MultivaluedMap<String,String> params) |
protected List<String> |
getApprovedScope(List<String> requestedScope,
List<String> approvedScope) |
protected Client |
getClient(String clientId,
javax.ws.rs.core.MultivaluedMap<String,String> params)
Get the
Client reference |
protected String |
getSupportedGrantType() |
Set<String> |
getSupportedResponseTypes() |
protected boolean |
isFormResponse(OAuthRedirectionState state) |
boolean |
isRevokePreauthorizedTokenOnApproval() |
protected boolean |
noConsentForRequestedScopes(javax.ws.rs.core.MultivaluedMap<String,String> params,
Client client,
UserSubject userSubject,
List<String> requestedScope,
List<OAuthPermission> permissions) |
protected void |
personalizeData(OAuthAuthorizationData data,
UserSubject userSubject) |
protected OAuthRedirectionState |
recreateRedirectionStateFromParams(javax.ws.rs.core.MultivaluedMap<String,String> params) |
protected OAuthRedirectionState |
recreateRedirectionStateFromSession(UserSubject subject,
String sessionToken) |
void |
setAuthorizationFilter(AuthorizationRequestFilter authorizationFilter) |
void |
setHidePreauthorizedScopesInForm(boolean hidePreauthorizedScopesInForm) |
void |
setMatchRedirectUriWithApplicationUri(boolean matchRedirectUriWithApplicationUri) |
void |
setMaxDefaultSessionInterval(int maxDefaultSessionInterval) |
void |
setPartialMatchScopeValidation(boolean partialMatchScopeValidation) |
void |
setResourceOwnerNameProvider(ResourceOwnerNameProvider resourceOwnerNameProvider) |
void |
setRevokePreauthorizedTokenOnApproval(boolean revoke) |
void |
setScopesRequiringNoConsent(List<String> scopesRequiringNoConsent) |
void |
setSessionAuthenticityTokenProvider(SessionAuthenticityTokenProvider sessionAuthenticityTokenProvider) |
void |
setSubjectCreator(SubjectCreator creator) |
void |
setSupportSinglePageApplications(boolean supportSinglePageApplications) |
void |
setUseAllClientScopes(boolean useAllClientScopes) |
void |
setUseRegisteredRedirectUriIfPossible(boolean use)
If a client does not include a redirect_uri parameter but has an exactly one
pre-registered redirect_uri then use that redirect_uri
|
protected javax.ws.rs.core.Response |
startAuthorization(javax.ws.rs.core.MultivaluedMap<String,String> params)
Starts the authorization process
|
protected javax.ws.rs.core.Response |
startAuthorization(javax.ws.rs.core.MultivaluedMap<String,String> params,
UserSubject userSubject,
Client client,
String redirectUri) |
protected String |
validateRedirectUri(Client client,
String redirectUri) |
checkTransportSecurity, getDataProvider, getMessageContext, getQueryParameters, getValidClient, getValidClient, injectContextIntoOAuthProviders, isWriteOptionalParameters, reportInvalidRequestError, reportInvalidRequestError, reportInvalidRequestError, reportInvalidRequestError, setBlockUnsecureRequests, setDataProvider, setMessageContext, setWriteOptionalParameters
protected RedirectionBasedGrantService(String supportedResponseType, String supportedGrantType)
@GET @Produces(value={"application/xhtml+xml","text/html","application/xml","application/json"}) public javax.ws.rs.core.Response authorize()
@GET @Path(value="/decision") public javax.ws.rs.core.Response authorizeDecision()
@POST @Path(value="/decision") @Consumes(value="application/x-www-form-urlencoded") public javax.ws.rs.core.Response authorizeDecisionForm(javax.ws.rs.core.MultivaluedMap<String,String> params)
protected javax.ws.rs.core.Response startAuthorization(javax.ws.rs.core.MultivaluedMap<String,String> params)
protected javax.ws.rs.core.Response startAuthorization(javax.ws.rs.core.MultivaluedMap<String,String> params, UserSubject userSubject, Client client, String redirectUri)
protected boolean canAuthorizationBeSkipped(javax.ws.rs.core.MultivaluedMap<String,String> params, Client client, UserSubject userSubject, List<String> requestedScope, List<OAuthPermission> permissions)
protected boolean noConsentForRequestedScopes(javax.ws.rs.core.MultivaluedMap<String,String> params, Client client, UserSubject userSubject, List<String> requestedScope, List<OAuthPermission> permissions)
protected OAuthAuthorizationData createAuthorizationData(Client client, javax.ws.rs.core.MultivaluedMap<String,String> params, String redirectUri, UserSubject subject, List<OAuthPermission> requestedPerms, List<OAuthPermission> alreadyAuthorizedPerms, boolean authorizationCanBeSkipped)
protected OAuthRedirectionState recreateRedirectionStateFromSession(UserSubject subject, String sessionToken)
protected OAuthRedirectionState recreateRedirectionStateFromParams(javax.ws.rs.core.MultivaluedMap<String,String> params)
protected void personalizeData(OAuthAuthorizationData data, UserSubject userSubject)
protected List<String> getApprovedScope(List<String> requestedScope, List<String> approvedScope)
protected javax.ws.rs.core.Response completeAuthorization(javax.ws.rs.core.MultivaluedMap<String,String> params)
public boolean isRevokePreauthorizedTokenOnApproval()
public void setRevokePreauthorizedTokenOnApproval(boolean revoke)
public void setSessionAuthenticityTokenProvider(SessionAuthenticityTokenProvider sessionAuthenticityTokenProvider)
public void setSubjectCreator(SubjectCreator creator)
protected UserSubject createUserSubject(SecurityContext securityContext, javax.ws.rs.core.MultivaluedMap<String,String> params)
protected javax.ws.rs.core.Response createErrorResponse(javax.ws.rs.core.MultivaluedMap<String,String> params, String redirectUri, String error)
protected boolean canAccessTokenBeReturned(String responseType)
protected abstract javax.ws.rs.core.Response createErrorResponse(String state, String redirectUri, String error)
protected abstract javax.ws.rs.core.Response createGrant(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken)
protected SecurityContext getAndValidateSecurityContext(javax.ws.rs.core.MultivaluedMap<String,String> params)
protected Client getClient(String clientId, javax.ws.rs.core.MultivaluedMap<String,String> params)
Client
referenceparams
- request parameters{@link
- javax.ws.rs.WebApplicationException} if no matching Client is found,
the error is returned directly to the end user without
following the redirect URI if anyprotected javax.ws.rs.core.Response createHtmlResponse(Object response)
protected boolean isFormResponse(OAuthRedirectionState state)
protected String getSupportedGrantType()
public void setResourceOwnerNameProvider(ResourceOwnerNameProvider resourceOwnerNameProvider)
public void setPartialMatchScopeValidation(boolean partialMatchScopeValidation)
public void setUseAllClientScopes(boolean useAllClientScopes)
public void setUseRegisteredRedirectUriIfPossible(boolean use)
use
- allows to use a single registered redirect_uri if set to true (default)protected abstract boolean canSupportPublicClient(Client c)
protected abstract boolean canRedirectUriBeEmpty(Client c)
public void setMaxDefaultSessionInterval(int maxDefaultSessionInterval)
public void setMatchRedirectUriWithApplicationUri(boolean matchRedirectUriWithApplicationUri)
public void setHidePreauthorizedScopesInForm(boolean hidePreauthorizedScopesInForm)
public void setAuthorizationFilter(AuthorizationRequestFilter authorizationFilter)
public void setScopesRequiringNoConsent(List<String> scopesRequiringNoConsent)
public void setSupportSinglePageApplications(boolean supportSinglePageApplications)
Apache CXF