cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r852436 - in /websites/production/cxf/content: cache/docs.pageCache docs/jaxrs-oauth2-assertions.html
Date Thu, 28 Feb 2013 18:48:27 GMT
Author: buildbot
Date: Thu Feb 28 18:48:27 2013
New Revision: 852436

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html
==============================================================================
--- websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html (original)
+++ websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html Thu Feb 28 18:48:27
2013
@@ -125,7 +125,7 @@ Apache CXF -- JAXRS OAuth2 Assertions
 
 
 <div>
-<ul><li><a shape="rect" href="#JAXRSOAuth2Assertions-Introduction">Introduction</a></li><li><a
shape="rect" href="#JAXRSOAuth2Assertions-SAML2Bearer">SAML2 Bearer</a></li><ul><li><a
shape="rect" href="#JAXRSOAuth2Assertions-AccessTokenGrant">Access Token Grant</a></li><li><a
shape="rect" href="#JAXRSOAuth2Assertions-AuthenticationToken">Authentication Token</a></li></ul></ul></div>
+<ul><li><a shape="rect" href="#JAXRSOAuth2Assertions-Introduction">Introduction</a></li><li><a
shape="rect" href="#JAXRSOAuth2Assertions-SAML2Bearer">SAML2 Bearer</a></li><ul><li><a
shape="rect" href="#JAXRSOAuth2Assertions-AccessTokenGrant">Access Token Grant</a></li><ul><li><a
shape="rect" href="#JAXRSOAuth2Assertions-Clientcode">Client code</a></li><li><a
shape="rect" href="#JAXRSOAuth2Assertions-AccessTokenService">Access Token Service</a></li></ul><li><a
shape="rect" href="#JAXRSOAuth2Assertions-AuthenticationToken">Authentication Token</a></li></ul></ul></div>
 
 <h1><a shape="rect" name="JAXRSOAuth2Assertions-Introduction"></a>Introduction</h1>
 
@@ -160,6 +160,84 @@ assertion=Base64UrlEncoded-SAML2-Bearer-
 </pre>
 </div></div>
 
+<h3><a shape="rect" name="JAXRSOAuth2Assertions-Clientcode"></a>Client
code</h3>
+
+<p>The following example shows how to use SAML2 Bearer assertion as a grant with CXF
OAuth2 client code:</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+<span class="code-keyword">import</span> org.apache.cxf.jaxrs.client.WebClient;
+<span class="code-keyword">import</span> org.apache.cxf.rs.security.common.CryptoLoader;
+<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
+<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
+<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+<span class="code-keyword">import</span> org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrant;
+<span class="code-keyword">import</span> org.apache.cxf.rs.security.saml.SAMLUtils;
+<span class="code-keyword">import</span> org.apache.cxf.rs.security.saml.SAMLUtils.SelfSignInfo;
+<span class="code-keyword">import</span> org.apache.ws.security.components.crypto.Crypto;
+
+<span class="code-comment">//1: create web client
+</span><span class="code-object">String</span> address = <span class="code-quote">"https:<span
class="code-comment">//localhost:8080/oauth2/token"</span>;
+</span>WebClient wc = WebClient.create(address);
+wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON);
+
+<span class="code-comment">//2. Create and self-sign SAML assertion        
+</span>Crypto crypto = <span class="code-keyword">new</span> CryptoLoader().loadCrypto(CRYPTO_RESOURCE_PROPERTIES);
+SelfSignInfo signInfo = <span class="code-keyword">new</span> SelfSignInfo(crypto,
<span class="code-quote">"alice"</span>, <span class="code-quote">"password"</span>);

+        
+<span class="code-object">String</span> assertion =  SAMLUtils.createAssertion(<span
class="code-keyword">new</span> SamlCallbackHandler(),
+                                              signInfo).assertionToString();
+
+<span class="code-comment">//3. Send it as a token grant to Access Token Service and
get some access token back
+</span>AccessTokenGrant grant = <span class="code-keyword">new</span> Saml2BearerGrant(assertion);
+ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, 
+                                                       <span class="code-keyword">new</span>
OAuthClientUtils.Consumer(<span class="code-quote">"alice"</span>, <span class="code-quote">"alice"</span>),

+                                                       grant,
+                                                       <span class="code-keyword">false</span>);
+</pre>
+</div></div>
+
+<p>The code above prepares an info for a new SAML assertion be self-signed, loading
a Crypto instance with crypto <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.properties">properties</a>,
and uses SAMLUtils to create and sign the assertion (using Crypto, plus user alias and password).
Saml2BearerGrant will get the assertion Base64Url-encoded.</p>
+
+<p>This is nearly as simple as using other token grants, the step 2 will often me omitted
in more involved cases as it will be the job of Identity Providers to issue OAuth2 SAML2 Bearer
assertions. Step 2 needs to be done when testing or when getting client acting <a shape="rect"
class="external-link" href="http://tools.ietf.org/html/draft-ietf-oauth-assertions-10#section-6.2"
rel="nofollow">on behalf of itself</a> for example. </p>
+
+<p>When doing step 2, the main effort is to do with getting a SAML assertion populated
- use a SAML callback handler like <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/SamlCallbackHandler.java">this
one</a>, it is actually quite easy to build the assertion.</p>
+
+<h3><a shape="rect" name="JAXRSOAuth2Assertions-AccessTokenService"></a>Access
Token Service</h3>
+
+<p>Here is how one may configure Access Token Service:</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+<span class="code-tag">&lt;bean id=<span class="code-quote">"dataProvider"</span>
class=<span class="code-quote">"org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"</span>/&gt;</span>
+<span class="code-tag">&lt;bean id=<span class="code-quote">"samlGrantHandler"</span>
class=<span class="code-quote">"org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler"</span>&gt;</span>
+  <span class="code-tag">&lt;property name=<span class="code-quote">"dataProvider"</span>
ref=<span class="code-quote">"dataProvider"</span>/&gt;</span>
+<span class="code-tag">&lt;/bean&gt;</span>
+<span class="code-tag">&lt;bean id=<span class="code-quote">"oauthJson"</span>
class=<span class="code-quote">"org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"</span>/&gt;</span>
+
+<span class="code-tag">&lt;bean id=<span class="code-quote">"serviceBean"</span>
class=<span class="code-quote">"org.apache.cxf.rs.security.oauth2.services.AccessTokenService"</span>&gt;</span>
+  <span class="code-tag">&lt;property name=<span class="code-quote">"dataProvider"</span>
ref=<span class="code-quote">"dataProvider"</span>/&gt;</span>
+  <span class="code-tag">&lt;property name=<span class="code-quote">"grantHandlers"</span>&gt;</span>
+     <span class="code-tag">&lt;list&gt;</span>
+       <span class="code-tag">&lt;ref bean=<span class="code-quote">"samlGrantHandler"</span>/&gt;</span>
+     <span class="code-tag">&lt;/list&gt;</span>
+  <span class="code-tag">&lt;/property&gt;</span>
+<span class="code-tag">&lt;/bean&gt;</span>
+
+<span class="code-tag">&lt;jaxrs:server address=<span class="code-quote">"https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2"</span>&gt;</span>
+   <span class="code-tag">&lt;jaxrs:serviceBeans&gt;</span>
+      <span class="code-tag">&lt;ref bean=<span class="code-quote">"serviceBean"</span>/&gt;</span>
+   <span class="code-tag">&lt;/jaxrs:serviceBeans&gt;</span>
+   <span class="code-tag">&lt;jaxrs:providers&gt;</span>
+      <span class="code-tag">&lt;ref bean=<span class="code-quote">"oauthJson"</span>/&gt;</span>
+   <span class="code-tag">&lt;/jaxrs:providers&gt;</span>
+   <span class="code-tag">&lt;jaxrs:properties&gt;</span>
+     <span class="code-tag">&lt;entry key=<span class="code-quote">"ws-security.signature.properties"</span>
value=<span class="code-quote">"org/apache/cxf/systest/jaxrs/security/alice.properties"</span>/&gt;</span>
+   <span class="code-tag">&lt;/jaxrs:properties&gt;</span>
+<span class="code-tag">&lt;/jaxrs:server&gt;</span>
+</pre>
+</div></div>
+
 
 <h2><a shape="rect" name="JAXRSOAuth2Assertions-AuthenticationToken"></a>Authentication
Token</h2></div>
            </div>



Mime
View raw message