cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r839042 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-oauth2.html
Date Wed, 21 Nov 2012 17:48:01 GMT
Author: buildbot
Date: Wed Nov 21 17:48:00 2012
New Revision: 839042

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/jax-rs-oauth2.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jax-rs-oauth2.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-oauth2.html (original)
+++ websites/production/cxf/content/docs/jax-rs-oauth2.html Wed Nov 21 17:48:00 2012
@@ -815,6 +815,60 @@ how one can access a user login name tha
 
 <p>CXF provides the utility grant beans for all the grants it supports, <a shape="rect"
class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java">AuthorizationCodeGrant</a>,
<a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrant.java">ClientCredentialsGrant</a>,
<a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrant.java">ResourceOwnerGrant</a>
and <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrant
 .java">RefreshTokenGrant</a>. Please use the appropriate grant bean relevant to
your application when requesting an access token or create a custom AccessTokenGrant bean
implementation.</p>
 
+<p>For example, consider a case where a client who already owns an authorized access
token and accessing the end user resource gets HTTP 401 error back and the client also owns
a refresh token. Here is one possible way to handle it:</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+
+<span class="code-keyword">import</span> javax.ws.rs.NotAuthorizedException;
+<span class="code-keyword">import</span> javax.ws.rs.core.HttpHeaders;
+
+<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
+<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.Consumer;
+<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrant;
+<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrant;
+<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+
+
+
+<span class="code-comment">// the pseudo-code <span class="code-keyword">for</span>
getting the access token
+</span>Consumer consumer = ...
+AuthorizationCodeGrant codeGrant = ...
+
+ClientAccessToken accessToken = OAuthClientUtils.getAccessToken(codeGrant, consumer);
+
+WebClient endUserResourceClient = WebClient.create(endUserServerAddress);
+
+endUserResourceClient.header(HttpHeaders.AUTHORIZATION, 
+                             OAuthClientUtils.createAuthorizationHeader(accessToken));
+<span class="code-keyword">try</span> {
+   <span class="code-keyword">return</span> endUserResourceClient.get();
+} <span class="code-keyword">catch</span> (NotAuthorizedException ex) {
+    <span class="code-object">String</span> refreshToken = accessToken.getRefreshToken();
+    <span class="code-keyword">if</span> (refreshToken != <span class="code-keyword">null</span>)
{
+        <span class="code-comment">// retry once
+</span>
+        <span class="code-comment">// refresh the token
+</span>        accessToken = OAuthClientUtils.getAccessToken(<span class="code-keyword">new</span>
RefreshTokenGrant(refreshToken), consumer);
+
+        <span class="code-comment">// reset Authorization header
+</span>        endUserResourceClient.replaceHeader(HttpHeaders.AUTHORIZATION, 
+                             OAuthClientUtils.createAuthorizationHeader(accessToken)); 
+
+        <span class="code-comment">// <span class="code-keyword">try</span>
to access the end user resource again
+</span>        <span class="code-keyword">return</span> endUserResourceClient.get();
+        
+    } <span class="code-keyword">else</span> {
+        <span class="code-keyword">throw</span> ex;
+    }
+
+}
+
+
+
+</pre>
+</div></div>
+
 <h1><a shape="rect" name="JAX-RSOAuth2-OAuth2withouttheExplicitAuthorization"></a>OAuth2
without the Explicit Authorization</h1>
 
 <p>Client Credentials is one of OAuth2 grants that does not require the explicit authorization
and is currently supported by CXF.  </p>



Mime
View raw message