You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by bu...@apache.org on 2013/02/28 19:48:27 UTC
svn commit: r852436 - in /websites/production/cxf/content:
cache/docs.pageCache docs/jaxrs-oauth2-assertions.html
Author: buildbot
Date: Thu Feb 28 18:48:27 2013
New Revision: 852436
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html
==============================================================================
--- websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html (original)
+++ websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html Thu Feb 28 18:48:27 2013
@@ -125,7 +125,7 @@ Apache CXF -- JAXRS OAuth2 Assertions
<div>
-<ul><li><a shape="rect" href="#JAXRSOAuth2Assertions-Introduction">Introduction</a></li><li><a shape="rect" href="#JAXRSOAuth2Assertions-SAML2Bearer">SAML2 Bearer</a></li><ul><li><a shape="rect" href="#JAXRSOAuth2Assertions-AccessTokenGrant">Access Token Grant</a></li><li><a shape="rect" href="#JAXRSOAuth2Assertions-AuthenticationToken">Authentication Token</a></li></ul></ul></div>
+<ul><li><a shape="rect" href="#JAXRSOAuth2Assertions-Introduction">Introduction</a></li><li><a shape="rect" href="#JAXRSOAuth2Assertions-SAML2Bearer">SAML2 Bearer</a></li><ul><li><a shape="rect" href="#JAXRSOAuth2Assertions-AccessTokenGrant">Access Token Grant</a></li><ul><li><a shape="rect" href="#JAXRSOAuth2Assertions-Clientcode">Client code</a></li><li><a shape="rect" href="#JAXRSOAuth2Assertions-AccessTokenService">Access Token Service</a></li></ul><li><a shape="rect" href="#JAXRSOAuth2Assertions-AuthenticationToken">Authentication Token</a></li></ul></ul></div>
<h1><a shape="rect" name="JAXRSOAuth2Assertions-Introduction"></a>Introduction</h1>
@@ -160,6 +160,84 @@ assertion=Base64UrlEncoded-SAML2-Bearer-
</pre>
</div></div>
+<h3><a shape="rect" name="JAXRSOAuth2Assertions-Clientcode"></a>Client code</h3>
+
+<p>The following example shows how to use SAML2 Bearer assertion as a grant with CXF OAuth2 client code:</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+<span class="code-keyword">import</span> org.apache.cxf.jaxrs.client.WebClient;
+<span class="code-keyword">import</span> org.apache.cxf.rs.security.common.CryptoLoader;
+<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
+<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
+<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrant;
+<span class="code-keyword">import</span> org.apache.cxf.rs.security.saml.SAMLUtils;
+<span class="code-keyword">import</span> org.apache.cxf.rs.security.saml.SAMLUtils.SelfSignInfo;
+<span class="code-keyword">import</span> org.apache.ws.security.components.crypto.Crypto;
+
+<span class="code-comment">//1: create web client
+</span><span class="code-object">String</span> address = <span class="code-quote">"https:<span class="code-comment">//localhost:8080/oauth2/token"</span>;
+</span>WebClient wc = WebClient.create(address);
+wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON);
+
+<span class="code-comment">//2. Create and self-sign SAML assertion
+</span>Crypto crypto = <span class="code-keyword">new</span> CryptoLoader().loadCrypto(CRYPTO_RESOURCE_PROPERTIES);
+SelfSignInfo signInfo = <span class="code-keyword">new</span> SelfSignInfo(crypto, <span class="code-quote">"alice"</span>, <span class="code-quote">"password"</span>);
+
+<span class="code-object">String</span> assertion = SAMLUtils.createAssertion(<span class="code-keyword">new</span> SamlCallbackHandler(),
+ signInfo).assertionToString();
+
+<span class="code-comment">//3. Send it as a token grant to Access Token Service and get some access token back
+</span>AccessTokenGrant grant = <span class="code-keyword">new</span> Saml2BearerGrant(assertion);
+ClientAccessToken at = OAuthClientUtils.getAccessToken(wc,
+ <span class="code-keyword">new</span> OAuthClientUtils.Consumer(<span class="code-quote">"alice"</span>, <span class="code-quote">"alice"</span>),
+ grant,
+ <span class="code-keyword">false</span>);
+</pre>
+</div></div>
+
+<p>The code above prepares an info for a new SAML assertion be self-signed, loading a Crypto instance with crypto <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.properties">properties</a>, and uses SAMLUtils to create and sign the assertion (using Crypto, plus user alias and password). Saml2BearerGrant will get the assertion Base64Url-encoded.</p>
+
+<p>This is nearly as simple as using other token grants, the step 2 will often me omitted in more involved cases as it will be the job of Identity Providers to issue OAuth2 SAML2 Bearer assertions. Step 2 needs to be done when testing or when getting client acting <a shape="rect" class="external-link" href="http://tools.ietf.org/html/draft-ietf-oauth-assertions-10#section-6.2" rel="nofollow">on behalf of itself</a> for example. </p>
+
+<p>When doing step 2, the main effort is to do with getting a SAML assertion populated - use a SAML callback handler like <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler.java">this one</a>, it is actually quite easy to build the assertion.</p>
+
+<h3><a shape="rect" name="JAXRSOAuth2Assertions-AccessTokenService"></a>Access Token Service</h3>
+
+<p>Here is how one may configure Access Token Service:</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+<span class="code-tag"><bean id=<span class="code-quote">"dataProvider"</span> class=<span class="code-quote">"org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"</span>/></span>
+<span class="code-tag"><bean id=<span class="code-quote">"samlGrantHandler"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler"</span>></span>
+ <span class="code-tag"><property name=<span class="code-quote">"dataProvider"</span> ref=<span class="code-quote">"dataProvider"</span>/></span>
+<span class="code-tag"></bean></span>
+<span class="code-tag"><bean id=<span class="code-quote">"oauthJson"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"</span>/></span>
+
+<span class="code-tag"><bean id=<span class="code-quote">"serviceBean"</span> class=<span class="code-quote">"org.apache.cxf.rs.security.oauth2.services.AccessTokenService"</span>></span>
+ <span class="code-tag"><property name=<span class="code-quote">"dataProvider"</span> ref=<span class="code-quote">"dataProvider"</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"grantHandlers"</span>></span>
+ <span class="code-tag"><list></span>
+ <span class="code-tag"><ref bean=<span class="code-quote">"samlGrantHandler"</span>/></span>
+ <span class="code-tag"></list></span>
+ <span class="code-tag"></property></span>
+<span class="code-tag"></bean></span>
+
+<span class="code-tag"><jaxrs:server address=<span class="code-quote">"https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2"</span>></span>
+ <span class="code-tag"><jaxrs:serviceBeans></span>
+ <span class="code-tag"><ref bean=<span class="code-quote">"serviceBean"</span>/></span>
+ <span class="code-tag"></jaxrs:serviceBeans></span>
+ <span class="code-tag"><jaxrs:providers></span>
+ <span class="code-tag"><ref bean=<span class="code-quote">"oauthJson"</span>/></span>
+ <span class="code-tag"></jaxrs:providers></span>
+ <span class="code-tag"><jaxrs:properties></span>
+ <span class="code-tag"><entry key=<span class="code-quote">"ws-security.signature.properties"</span> value=<span class="code-quote">"org/apache/cxf/systest/jaxrs/security/alice.properties"</span>/></span>
+ <span class="code-tag"></jaxrs:properties></span>
+<span class="code-tag"></jaxrs:server></span>
+</pre>
+</div></div>
+
<h2><a shape="rect" name="JAXRSOAuth2Assertions-AuthenticationToken"></a>Authentication Token</h2></div>
</div>