You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2013/06/24 19:10:57 UTC
svn commit: r867253 [29/46] - in /websites/production/cxf/content: ./
2008/04/28/ 2008/06/20/ 2009/02/10/ 2009/08/04/ cache/ docs/
docs/cxf-architecture.thumbs/ docs/cxf-dependency-graphs.thumbs/
docs/logbrowser-configuration.thumbs/ docs/logbrowser-so...
Modified: websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html
==============================================================================
--- websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html (original)
+++ websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html Mon Jun 24 17:10:51 2013
@@ -25,6 +25,18 @@
<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
<meta name="keywords" content="business integration, EAI, SOA, Service Oriented Architecture, web services, SOAP, JBI, JMS, WSDL, XML, EDI, Electronic Data Interchange, standards support, integration standards, application integration, middleware, software, solutions, services, CXF, open source">
<meta name="description" content="Apache CXF, Services Framework - JAXRS OAuth2 Assertions">
+
+ <link href='http://cxf.apache.org/resources/highlighter/styles/shCore.css' rel='stylesheet' type='text/css' />
+ <link href='http://cxf.apache.org/resources/highlighter/styles/shThemeCXF.css' rel='stylesheet' type='text/css' />
+ <script src='http://cxf.apache.org/resources/highlighter/scripts/shCore.js' type='text/javascript'></script>
+ <script src='http://cxf.apache.org/resources/highlighter/scripts/shBrushJava.js' type='text/javascript'></script>
+ <script src='http://cxf.apache.org/resources/highlighter/scripts/shBrushXml.js' type='text/javascript'></script>
+
+ <script type="text/javascript">
+ SyntaxHighlighter.defaults['toolbar'] = false;
+ SyntaxHighlighter.all();
+ </script>
+
<title>
Apache CXF -- JAXRS OAuth2 Assertions
</title>
@@ -42,19 +54,15 @@ Apache CXF -- JAXRS OAuth2 Assertions
<td id="cell-1-0"> </td>
<td id="cell-1-1"> </td>
<td id="cell-1-2">
- <div style="padding: 5px;">
- <div id="banner">
- <!-- Banner -->
-<div id="banner-content">
+ <!-- Banner -->
+<div class="banner" id="banner"><p>
<table border="0" cellpadding="0" cellspacing="0" width="100%"><tr><td align="left" colspan="1" nowrap>
<a shape="rect" href="http://cxf.apache.org/" title="Apache CXF"><span style="font-weight: bold; font-size: 170%; color: white">Apache CXF</span></a>
</td><td align="right" colspan="1" nowrap>
<a shape="rect" href="http://www.apache.org/" title="The Apache Sofware Foundation"><img border="0" alt="ASF Logo" src="http://cxf.apache.org/images/asf-logo.png"></a>
</td></tr></table>
-</div>
- <!-- Banner -->
- </div>
- </div>
+</p></div>
+ <!-- Banner -->
<div id="top-menu">
<table border="0" cellpadding="1" cellspacing="0" width="100%">
<tr>
@@ -94,7 +102,7 @@ Apache CXF -- JAXRS OAuth2 Assertions
<hr>
-<ul class="alternate" type="square"><li>Search
+<ul class="alternate" type="square"><li>Search<br clear="none">
<form enctype="application/x-www-form-urlencoded" method="get" id="cse-search-box" action="http://www.google.com/cse">
<div>
@@ -141,13 +149,13 @@ with OAuth 2.0" and <a shape="rect" clas
<h1><a shape="rect" name="JAXRSOAuth2Assertions-Mavendependencies"></a>Maven dependencies</h1>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag"><dependency></span>
- <span class="code-tag"><groupId></span>org.apache.cxf<span class="code-tag"></groupId></span>
- <span class="code-tag"><artifactId></span>cxf-rt-rs-security-oauth2-saml<span class="code-tag"></artifactId></span>
- <span class="code-tag"><version></span>2.7.4<span class="code-tag"></version></span>
-<span class="code-tag"></dependency></span>
-</pre>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+<dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-rs-security-oauth2-saml</artifactId>
+ <version>2.7.4</version>
+</dependency>
+]]></script>
</div></div>
<h1><a shape="rect" name="JAXRSOAuth2Assertions-SAML2Bearer"></a>SAML2 Bearer</h1>
@@ -163,13 +171,13 @@ with OAuth 2.0" and <a shape="rect" clas
Here is how a request may look like:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
POST /token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Asaml2-bearer&
assertion=Base64UrlEncoded-SAML2-Bearer-Assertion
-</pre>
+]]></script>
</div></div>
<h3><a shape="rect" name="JAXRSOAuth2Assertions-Clientcode"></a>Client code</h3>
@@ -177,36 +185,36 @@ assertion=Base64UrlEncoded-SAML2-Bearer-
<p>The following example shows how to use SAML2 Bearer assertion as a grant with CXF OAuth2 client code:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
-<span class="code-keyword">import</span> org.apache.cxf.jaxrs.client.WebClient;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.common.CryptoLoader;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrant;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.saml.SAMLUtils;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.saml.SAMLUtils.SelfSignInfo;
-<span class="code-keyword">import</span> org.apache.ws.security.components.crypto.Crypto;
-
-<span class="code-comment">//1: create web client
-</span><span class="code-object">String</span> address = <span class="code-quote">"https:<span class="code-comment">//localhost:8080/oauth2/token"</span>;
-</span>WebClient wc = WebClient.create(address);
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.rs.security.common.CryptoLoader;
+import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrant;
+import org.apache.cxf.rs.security.saml.SAMLUtils;
+import org.apache.cxf.rs.security.saml.SAMLUtils.SelfSignInfo;
+import org.apache.ws.security.components.crypto.Crypto;
+
+//1: create web client
+String address = "https://localhost:8080/oauth2/token";
+WebClient wc = WebClient.create(address);
wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON);
-<span class="code-comment">//2. Create and self-sign SAML assertion
-</span>Crypto crypto = <span class="code-keyword">new</span> CryptoLoader().loadCrypto(CRYPTO_RESOURCE_PROPERTIES);
-SelfSignInfo signInfo = <span class="code-keyword">new</span> SelfSignInfo(crypto, <span class="code-quote">"alice"</span>, <span class="code-quote">"password"</span>);
+//2. Create and self-sign SAML assertion
+Crypto crypto = new CryptoLoader().loadCrypto(CRYPTO_RESOURCE_PROPERTIES);
+SelfSignInfo signInfo = new SelfSignInfo(crypto, "alice", "password");
-<span class="code-object">String</span> assertion = SAMLUtils.createAssertion(<span class="code-keyword">new</span> SamlCallbackHandler(),
+String assertion = SAMLUtils.createAssertion(new SamlCallbackHandler(),
signInfo).assertionToString();
-<span class="code-comment">//3. Send it as a token grant to Access Token Service and get some access token back
-</span>AccessTokenGrant grant = <span class="code-keyword">new</span> Saml2BearerGrant(assertion);
+//3. Send it as a token grant to Access Token Service and get some access token back
+AccessTokenGrant grant = new Saml2BearerGrant(assertion);
ClientAccessToken at = OAuthClientUtils.getAccessToken(wc,
- <span class="code-keyword">new</span> OAuthClientUtils.Consumer(<span class="code-quote">"alice"</span>, <span class="code-quote">"alice"</span>),
+ new OAuthClientUtils.Consumer("alice", "alice"),
grant,
- <span class="code-keyword">false</span>);
-</pre>
+ false);
+]]></script>
</div></div>
<p>The code above prepares an info for a new SAML assertion be self-signed, loading a Crypto instance with crypto <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.properties">properties</a>, and uses SAMLUtils to create and sign the assertion (using Crypto, plus user alias and password). Saml2BearerGrant will get the assertion Base64Url-encoded - unless the assertion has already been encoded with CXF Base64UrlUtility or came encoded from IP - in this case Saml2BearerGrant constructor accepting an 'encoded' property will have to be used, with the value set to "true".</p>
@@ -223,34 +231,34 @@ ClientAccessToken at = OAuthClientUtils.
<p>Here is how one may configure Access Token Service:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag"><bean id=<span class="code-quote">"dataProvider"</span> class=<span class="code-quote">"org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"</span>/></span>
-<span class="code-tag"><bean id=<span class="code-quote">"samlGrantHandler"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler"</span>></span>
- <span class="code-tag"><property name=<span class="code-quote">"dataProvider"</span> ref=<span class="code-quote">"dataProvider"</span>/></span>
-<span class="code-tag"></bean></span>
-<span class="code-tag"><bean id=<span class="code-quote">"oauthJson"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"</span>/></span>
-
-<span class="code-tag"><bean id=<span class="code-quote">"serviceBean"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.oauth2.services.AccessTokenService"</span>></span>
- <span class="code-tag"><property name=<span class="code-quote">"dataProvider"</span> ref=<span class="code-quote">"dataProvider"</span>/></span>
- <span class="code-tag"><property name=<span class="code-quote">"grantHandlers"</span>></span>
- <span class="code-tag"><list></span>
- <span class="code-tag"><ref bean=<span class="code-quote">"samlGrantHandler"</span>/></span>
- <span class="code-tag"></list></span>
- <span class="code-tag"></property></span>
-<span class="code-tag"></bean></span>
-
-<span class="code-tag"><jaxrs:server address=<span class="code-quote">"https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2"</span>></span>
- <span class="code-tag"><jaxrs:serviceBeans></span>
- <span class="code-tag"><ref bean=<span class="code-quote">"serviceBean"</span>/></span>
- <span class="code-tag"></jaxrs:serviceBeans></span>
- <span class="code-tag"><jaxrs:providers></span>
- <span class="code-tag"><ref bean=<span class="code-quote">"oauthJson"</span>/></span>
- <span class="code-tag"></jaxrs:providers></span>
- <span class="code-tag"><jaxrs:properties></span>
- <span class="code-tag"><entry key=<span class="code-quote">"ws-security.signature.properties"</span> value=<span class="code-quote">"org/apache/cxf/systest/jaxrs/security/alice.properties"</span>/></span>
- <span class="code-tag"></jaxrs:properties></span>
-<span class="code-tag"></jaxrs:server></span>
-</pre>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+<bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/>
+<bean id="samlGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler">
+ <property name="dataProvider" ref="dataProvider"/>
+</bean>
+<bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+
+<bean id="serviceBean" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="dataProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <ref bean="samlGrantHandler"/>
+ </list>
+ </property>
+</bean>
+
+<jaxrs:server address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="oauthJson"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ </jaxrs:properties>
+</jaxrs:server>
+]]></script>
</div></div>
@@ -259,7 +267,7 @@ ClientAccessToken at = OAuthClientUtils.
<p>As noted in the introduction, SAML2 Bearer assertions may also act as client authentication credentials, when requesting an access token, irrespectively of the actual grant type. For example: </p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
POST /token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
@@ -267,7 +275,7 @@ grant_type=authorization_code
&code=12345678
&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Asaml2-bearer
&client_assertion=Base64UrlEncoded-SAML2-Bearer-Assertion
-</pre>
+]]></script>
</div></div>
<p>Note "client_assertion_type" with a value "urn:ietf:params:oauth:client-assertion-type:saml2-bearer" indicates that the type of assertion used as an authentication token is "urn:ietf:params:oauth:client-assertion-type:saml2-bearer", while the "client_assertion" parameter carries the actual value of the token. </p>
@@ -277,45 +285,45 @@ grant_type=authorization_code
<p>The following example shows how to use SAML2 Bearer assertion as an authentication token:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
-<span class="code-keyword">import</span> org.apache.cxf.jaxrs.client.WebClient;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.common.CryptoLoader;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrant;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.saml.Base64Utility;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.saml.Constants;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.saml.SAMLUtils;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.saml.SAMLUtils.SelfSignInfo;
-<span class="code-keyword">import</span> org.apache.ws.security.components.crypto.Crypto;
-
-<span class="code-comment">//1: create web client
-</span><span class="code-object">String</span> address = <span class="code-quote">"https:<span class="code-comment">//localhost:8080/oauth2/token"</span>;
-</span>WebClient wc = WebClient.create(address);
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.rs.security.common.CryptoLoader;
+import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrant;
+import org.apache.cxf.rs.security.oauth2.saml.Base64Utility;
+import org.apache.cxf.rs.security.oauth2.saml.Constants;
+import org.apache.cxf.rs.security.saml.SAMLUtils;
+import org.apache.cxf.rs.security.saml.SAMLUtils.SelfSignInfo;
+import org.apache.ws.security.components.crypto.Crypto;
+
+//1: create web client
+String address = "https://localhost:8080/oauth2/token";
+WebClient wc = WebClient.create(address);
wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON);
-<span class="code-comment">//2. Create and self-sign SAML assertion
-</span>Crypto crypto = <span class="code-keyword">new</span> CryptoLoader().loadCrypto(CRYPTO_RESOURCE_PROPERTIES);
-SelfSignInfo signInfo = <span class="code-keyword">new</span> SelfSignInfo(crypto, <span class="code-quote">"alice"</span>, <span class="code-quote">"password"</span>);
+//2. Create and self-sign SAML assertion
+Crypto crypto = new CryptoLoader().loadCrypto(CRYPTO_RESOURCE_PROPERTIES);
+SelfSignInfo signInfo = new SelfSignInfo(crypto, "alice", "password");
-<span class="code-object">String</span> assertion = SAMLUtils.createAssertion(<span class="code-keyword">new</span> SamlCallbackHandler(),
+String assertion = SAMLUtils.createAssertion(new SamlCallbackHandler(),
signInfo).assertionToString();
-<span class="code-comment">// 3. Base64Url-encode it
-</span><span class="code-object">String</span> encodedAssertion = Base64UrlUtility.encode(assertion);
+// 3. Base64Url-encode it
+String encodedAssertion = Base64UrlUtility.encode(assertion);
-Map<<span class="code-object">String</span>, <span class="code-object">String</span>> extraParams = <span class="code-keyword">new</span> HashMap<<span class="code-object">String</span>, <span class="code-object">String</span>>();
+Map<String, String> extraParams = new HashMap<String, String>();
extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE, Constants.CLIENT_AUTH_SAML2_BEARER);
extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, encodedAssertion);
-<span class="code-comment">// Use whatever token grant is required
-</span>AccessTokenGrant accessTokenGrant = ...
+// Use whatever token grant is required
+AccessTokenGrant accessTokenGrant = ...
ClientAccessToken at = OAuthClientUtils.getAccessToken(wc,
accessTokenGrant,
extraParams);
-</pre>
+]]></script>
</div></div>
<p>The above code is similar to the example when SAML2 Bearer assertion is used as a grant except that this time the assertion is Base64Url-encoded in the code - note steps 2 and likely 3 will not be required when the assertion came from IP.<br clear="none">
@@ -324,30 +332,30 @@ Next, the encoded assertion is used as p
<p>A different approach to dealing with the assertion directly in the client code is to use org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthOutInterceptor interceptor which will add the assertion to the existing form payload, for example:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
-JAXRSClientFactoryBean bean = <span class="code-keyword">new</span> JAXRSClientFactoryBean();
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
-Map<<span class="code-object">String</span>, <span class="code-object">Object</span>> properties = <span class="code-keyword">new</span> HashMap<<span class="code-object">String</span>, <span class="code-object">Object</span>>();
-properties.put(<span class="code-quote">"ws-security.callback-handler"</span>,
- <span class="code-quote">"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"</span>);
-properties.put(<span class="code-quote">"ws-security.saml-callback-handler"</span>,
- <span class="code-quote">"org.apache.cxf.systest.jaxrs.security.oauth2.SamlCallbackHandler2"</span>);
-properties.put(<span class="code-quote">"ws-security.signature.username"</span>, <span class="code-quote">"alice"</span>);
-properties.put(<span class="code-quote">"ws-security.signature.properties"</span>, CRYPTO_RESOURCE_PROPERTIES);
-properties.put(<span class="code-quote">"ws-security.self-sign-saml-assertion"</span>, <span class="code-quote">"<span class="code-keyword">true</span>"</span>);
+Map<String, Object> properties = new HashMap<String, Object>();
+properties.put("ws-security.callback-handler",
+ "org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
+properties.put("ws-security.saml-callback-handler",
+ "org.apache.cxf.systest.jaxrs.security.oauth2.SamlCallbackHandler2");
+properties.put("ws-security.signature.username", "alice");
+properties.put("ws-security.signature.properties", CRYPTO_RESOURCE_PROPERTIES);
+properties.put("ws-security.self-sign-saml-assertion", "true");
bean.setProperties(properties);
-bean.getOutInterceptors().add(<span class="code-keyword">new</span> Saml2BearerAuthOutInterceptor());
+bean.getOutInterceptors().add(new Saml2BearerAuthOutInterceptor());
WebClient wc = bean.createWebClient();
wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON);
-<span class="code-comment">// Use whatever token grant is required
-</span>AccessTokenGrant accessTokenGrant = ...
+// Use whatever token grant is required
+AccessTokenGrant accessTokenGrant = ...
ClientAccessToken at = OAuthClientUtils.getAccessToken(wc,
accessTokenGrant);
-</pre>
+]]></script>
</div></div>
<h3><a shape="rect" name="JAXRSOAuth2Assertions-AccessTokenService"></a>Access Token Service</h3>
@@ -355,37 +363,37 @@ ClientAccessToken at = OAuthClientUtils.
<p>Here is how one may configure Access Token Service:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-xml">
-<span class="code-tag"><bean id=<span class="code-quote">"dataProvider"</span> class=<span class="code-quote">"org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"</span>/></span>
-<span class="code-tag"><bean id=<span class="code-quote">"oauthJson"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"</span>/></span>
-<span class="code-tag"><bean id=<span class="code-quote">"samlAuthHandler"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthHandler"</span>/></span>
-
-<span class="code-tag"><bean id=<span class="code-quote">"serviceBean"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.oauth2.services.AccessTokenService"</span>></span>
- <span class="code-tag"><property name=<span class="code-quote">"dataProvider"</span> ref=<span class="code-quote">"dataProvider"</span>/></span>
- <span class="code-tag"><property name=<span class="code-quote">"grantHandlers"</span>></span>
- <span class="code-tag"><list></span>
- <span class="code-tag"><span class="code-comment"><!-- list of required grant handlers --></span></span>
- <span class="code-tag"></list></span>
- <span class="code-tag"></property></span>
-<span class="code-tag"></bean></span>
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+<bean id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/>
+<bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+<bean id="samlAuthHandler" class="org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthHandler"/>
+
+<bean id="serviceBean" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="dataProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <!-- list of required grant handlers -->
+ </list>
+ </property>
+</bean>
<jaxrs:server
- address=<span class="code-quote">"https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2-auth"</span>>
- <span class="code-tag"><jaxrs:serviceBeans></span>
- <span class="code-tag"><ref bean=<span class="code-quote">"serviceBean"</span>/></span>
- <span class="code-tag"></jaxrs:serviceBeans></span>
- <span class="code-tag"><jaxrs:providers></span>
- <span class="code-tag"><ref bean=<span class="code-quote">"oauthJson"</span>/></span>
- <span class="code-tag"><ref bean=<span class="code-quote">"samlAuthHandler"</span>/></span>
- <span class="code-tag"></jaxrs:providers></span>
+ address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2-auth">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="oauthJson"/>
+ <ref bean="samlAuthHandler"/>
+ </jaxrs:providers>
- <span class="code-tag"><jaxrs:properties></span>
- <entry key=<span class="code-quote">"ws-security.signature.properties"</span>
- value=<span class="code-quote">"org/apache/cxf/systest/jaxrs/security/alice.properties"</span>/>
- <span class="code-tag"></jaxrs:properties></span>
+ <jaxrs:properties>
+ <entry key="ws-security.signature.properties"
+ value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ </jaxrs:properties>
-<span class="code-tag"></jaxrs:server></span>
-</pre>
+</jaxrs:server>
+]]></script>
</div></div>
<h1><a shape="rect" name="JAXRSOAuth2Assertions-ClientActingonBehalfofItself"></a>Client Acting on Behalf of Itself</h1>
@@ -393,63 +401,63 @@ ClientAccessToken at = OAuthClientUtils.
<p>In the <a shape="rect" class="external-link" href="http://tools.ietf.org/html/draft-ietf-oauth-assertions-10#section-6.2" rel="nofollow">Client Acting on Behalf of Itself</a> use either org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerClientCredentialsGrant :</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
-<span class="code-keyword">import</span> org.apache.cxf.jaxrs.client.WebClient;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.common.CryptoLoader;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerClientCredentialsGrant;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.saml.SAMLUtils;
-<span class="code-keyword">import</span> org.apache.cxf.rs.security.saml.SAMLUtils.SelfSignInfo;
-<span class="code-keyword">import</span> org.apache.ws.security.components.crypto.Crypto;
-
-<span class="code-comment">//1: create web client
-</span><span class="code-object">String</span> address = <span class="code-quote">"https:<span class="code-comment">//localhost:8080/oauth2/token"</span>;
-</span>WebClient wc = WebClient.create(address);
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.rs.security.common.CryptoLoader;
+import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerClientCredentialsGrant;
+import org.apache.cxf.rs.security.saml.SAMLUtils;
+import org.apache.cxf.rs.security.saml.SAMLUtils.SelfSignInfo;
+import org.apache.ws.security.components.crypto.Crypto;
+
+//1: create web client
+String address = "https://localhost:8080/oauth2/token";
+WebClient wc = WebClient.create(address);
wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON);
-<span class="code-comment">//2. Create and self-sign SAML assertion
-</span>Crypto crypto = <span class="code-keyword">new</span> CryptoLoader().loadCrypto(CRYPTO_RESOURCE_PROPERTIES);
-SelfSignInfo signInfo = <span class="code-keyword">new</span> SelfSignInfo(crypto, <span class="code-quote">"alice"</span>, <span class="code-quote">"password"</span>);
+//2. Create and self-sign SAML assertion
+Crypto crypto = new CryptoLoader().loadCrypto(CRYPTO_RESOURCE_PROPERTIES);
+SelfSignInfo signInfo = new SelfSignInfo(crypto, "alice", "password");
-<span class="code-object">String</span> assertion = SAMLUtils.createAssertion(<span class="code-keyword">new</span> SamlCallbackHandler(),
+String assertion = SAMLUtils.createAssertion(new SamlCallbackHandler(),
signInfo).assertionToString();
-AccessTokenGrant accessTokenGrant = <span class="code-keyword">new</span> Saml2BearerClientCredentialsGrant(assertion);
+AccessTokenGrant accessTokenGrant = new Saml2BearerClientCredentialsGrant(assertion);
ClientAccessToken at = OAuthClientUtils.getAccessToken(wc,
accessTokenGrant,
extraParams);
-</pre>
+]]></script>
</div></div>
<p>or ClientCredentialsGrant in combination with Saml2BearerAuthOutInterceptor:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
-<pre class="code-java">
-JAXRSClientFactoryBean bean = <span class="code-keyword">new</span> JAXRSClientFactoryBean();
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
-Map<<span class="code-object">String</span>, <span class="code-object">Object</span>> properties = <span class="code-keyword">new</span> HashMap<<span class="code-object">String</span>, <span class="code-object">Object</span>>();
-properties.put(<span class="code-quote">"ws-security.callback-handler"</span>,
- <span class="code-quote">"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"</span>);
-properties.put(<span class="code-quote">"ws-security.saml-callback-handler"</span>,
- <span class="code-quote">"org.apache.cxf.systest.jaxrs.security.oauth2.SamlCallbackHandler2"</span>);
-properties.put(<span class="code-quote">"ws-security.signature.username"</span>, <span class="code-quote">"alice"</span>);
-properties.put(<span class="code-quote">"ws-security.signature.properties"</span>, CRYPTO_RESOURCE_PROPERTIES);
-properties.put(<span class="code-quote">"ws-security.self-sign-saml-assertion"</span>, <span class="code-quote">"<span class="code-keyword">true</span>"</span>);
+Map<String, Object> properties = new HashMap<String, Object>();
+properties.put("ws-security.callback-handler",
+ "org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
+properties.put("ws-security.saml-callback-handler",
+ "org.apache.cxf.systest.jaxrs.security.oauth2.SamlCallbackHandler2");
+properties.put("ws-security.signature.username", "alice");
+properties.put("ws-security.signature.properties", CRYPTO_RESOURCE_PROPERTIES);
+properties.put("ws-security.self-sign-saml-assertion", "true");
bean.setProperties(properties);
-bean.getOutInterceptors().add(<span class="code-keyword">new</span> Saml2BearerAuthOutInterceptor());
+bean.getOutInterceptors().add(new Saml2BearerAuthOutInterceptor());
WebClient wc = bean.createWebClient();
wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON);
-<span class="code-comment">// Use whatever token grant is required
-</span>AccessTokenGrant accessTokenGrant = <span class="code-keyword">new</span> ClientCredentialsGrant();
+// Use whatever token grant is required
+AccessTokenGrant accessTokenGrant = new ClientCredentialsGrant();
ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, accessTokenGrant);
-</pre>
+]]></script>
</div></div> </div>
</div>
<!-- Content -->