cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Updating Hawk token validator to support AS letting RS finish the signature validation
Date Tue, 09 Dec 2014 10:21:12 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 2f2ac3797 -> e9b59cae1


Updating Hawk token validator to support AS letting RS finish the signature validation


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e9b59cae
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e9b59cae
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e9b59cae

Branch: refs/heads/3.0.x-fixes
Commit: e9b59cae176724350aee787de86c531242b51023
Parents: 2f2ac37
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Dec 9 10:18:57 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue Dec 9 10:20:11 2014 +0000

----------------------------------------------------------------------
 .../oauth2/common/AccessTokenValidation.java    | 22 ++++-
 .../cxf/rs/security/oauth2/common/Client.java   |  9 ++
 .../oauth2/filters/OAuthRequestFilter.java      |  9 ++
 .../services/AccessTokenValidatorService.java   |  8 +-
 .../hawk/AbstractHawkAccessTokenValidator.java  | 99 ++++++++++++++++++++
 .../tokens/hawk/HawkAccessTokenValidator.java   | 84 ++++-------------
 .../hawk/HawkAccessTokenValidatorClient.java    | 38 ++++++++
 7 files changed, 196 insertions(+), 73 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e9b59cae/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
index 2217b0d..3d4ea28 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
@@ -18,8 +18,10 @@
  */
 package org.apache.cxf.rs.security.oauth2.common;
 
+import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
 
 import javax.xml.bind.annotation.XmlRootElement;
 
@@ -35,6 +37,7 @@ import javax.xml.bind.annotation.XmlRootElement;
 @XmlRootElement
 public class AccessTokenValidation {
     private String clientId;
+    private String clientIpAddress;
     private UserSubject clientSubject;
     
     private String tokenKey;
@@ -45,6 +48,7 @@ public class AccessTokenValidation {
     private UserSubject tokenSubject;
     private List<OAuthPermission> tokenScopes = new LinkedList<OAuthPermission>();
     private String audience;
+    private Map<String, String> extraProps = new HashMap<String, String>();
     
     public AccessTokenValidation() {
         
@@ -53,7 +57,7 @@ public class AccessTokenValidation {
     public AccessTokenValidation(ServerAccessToken token) {
         this.clientId = token.getClient().getClientId();
         this.clientSubject = token.getClient().getSubject();
-        
+        this.clientIpAddress = token.getClient().getClientIpAddress();
         this.tokenKey = token.getTokenKey();
         this.tokenType = token.getTokenType();
         this.tokenGrantType = token.getGrantType();
@@ -129,5 +133,21 @@ public class AccessTokenValidation {
     public void setAudience(String audience) {
         this.audience = audience;
     }
+
+    public String getClientIpAddress() {
+        return clientIpAddress;
+    }
+
+    public void setClientIpAddress(String clientIpAddress) {
+        this.clientIpAddress = clientIpAddress;
+    }
+
+    public Map<String, String> getExtraProps() {
+        return extraProps;
+    }
+
+    public void setExtraProps(Map<String, String> extraProps) {
+        this.extraProps = extraProps;
+    }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e9b59cae/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
index f87370b..494a00d 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
@@ -33,6 +33,7 @@ public class Client implements Serializable {
     
     private String clientId;
     private String clientSecret;
+    private String clientIpAddress;
     
     private String applicationName;
     private String applicationDescription;
@@ -295,4 +296,12 @@ public class Client implements Serializable {
     public void setApplicationCertificates(List<String> applicationCertificates) {
         this.applicationCertificates = applicationCertificates;
     }
+
+    public String getClientIpAddress() {
+        return clientIpAddress;
+    }
+
+    public void setClientIpAddress(String clientIpAddress) {
+        this.clientIpAddress = clientIpAddress;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e9b59cae/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
index fb63639..e8c052c 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
@@ -110,6 +110,15 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator
             throw new WebApplicationException(403);
         }
       
+        if (accessTokenV.getClientIpAddress() != null) {
+            String remoteAddress = getMessageContext().getHttpServletRequest().getRemoteAddr();
+            if (remoteAddress == null || accessTokenV.getClientIpAddress().matches(remoteAddress))
{
+                String message = "Client IP Address is invalid";
+                LOG.warning(message);
+                throw new WebApplicationException(403);
+            }
+        }
+        
         // Create the security context and make it available on the message
         SecurityContext sc = createSecurityContext(req, accessTokenV);
         m.put(SecurityContext.class, sc);

http://git-wip-us.apache.org/repos/asf/cxf/blob/e9b59cae/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
index e89b994..6f80679 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
@@ -20,11 +20,11 @@ package org.apache.cxf.rs.security.oauth2.services;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.Encoded;
-import javax.ws.rs.FormParam;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.MultivaluedMap;
 
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
 import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
@@ -35,12 +35,12 @@ public class AccessTokenValidatorService extends AbstractAccessTokenValidator
{
     @POST
     @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
     @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
-    public AccessTokenValidation getTokenValidationInfo(
-        @FormParam(OAuthConstants.AUTHORIZATION_SCHEME_TYPE) String authScheme, 
-        @Encoded @FormParam(OAuthConstants.AUTHORIZATION_SCHEME_DATA) String authSchemeData)
{
+    public AccessTokenValidation getTokenValidationInfo(@Encoded MultivaluedMap<String,
String> params) {
         if (getMessageContext().getSecurityContext().getUserPrincipal() == null) {
             AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
         }
+        String authScheme = params.getFirst(OAuthConstants.AUTHORIZATION_SCHEME_TYPE);
+        String authSchemeData  = params.getFirst(OAuthConstants.AUTHORIZATION_SCHEME_DATA);
         return super.getAccessTokenValidation(authScheme, authSchemeData);
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e9b59cae/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
new file mode 100644
index 0000000..dbecb50
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
@@ -0,0 +1,99 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.tokens.hawk;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.cxf.common.util.Base64Exception;
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.common.util.crypto.HmacUtils;
+import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
+import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+
+public abstract class AbstractHawkAccessTokenValidator implements AccessTokenValidator {
+    private NonceVerifier nonceVerifier;
+    public List<String> getSupportedAuthorizationSchemes() {
+        return Collections.singletonList(OAuthConstants.HAWK_AUTHORIZATION_SCHEME);
+    }
+
+    public AccessTokenValidation validateAccessToken(MessageContext mc,
+                                                     String authScheme, 
+                                                     String authSchemeData) throws OAuthServiceException
{
+         
+        Map<String, String> schemeParams = getSchemeParameters(authSchemeData);
+        AccessTokenValidation atv = getAccessTokenValidation(mc, schemeParams, authSchemeData);
+        
+        String macKey = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_KEY);
+        String macAlgo = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_ALGORITHM);
+            
+        HttpRequestProperties httpProps = new HttpRequestProperties(mc.getUriInfo().getRequestUri(),
+                                                                    mc.getHttpServletRequest().getMethod());
+        HawkAuthorizationScheme macAuthInfo = new HawkAuthorizationScheme(httpProps, schemeParams);
+        String normalizedString = macAuthInfo.getNormalizedRequestString();
+        try {
+            HmacAlgorithm hmacAlgo = HmacAlgorithm.toHmacAlgorithm(macAlgo);
+            byte[] serverMacData = HmacUtils.computeHmac(macKey, hmacAlgo.getJavaName(),
normalizedString); 
+                                                         
+            String clientMacString = schemeParams.get(OAuthConstants.HAWK_TOKEN_SIGNATURE);
+            byte[] clientMacData = Base64Utility.decode(clientMacString);
+            boolean validMac = Arrays.equals(serverMacData, clientMacData);
+            if (!validMac) {
+                AuthorizationUtils.throwAuthorizationFailure(Collections
+                    .singleton(OAuthConstants.HAWK_AUTHORIZATION_SCHEME));
+            }
+        } catch (Base64Exception e) {
+            throw new OAuthServiceException(OAuthConstants.SERVER_ERROR, e);
+        }
+        validateTimestampNonce(macKey, macAuthInfo.getTimestamp(), macAuthInfo.getNonce());
+        return atv;
+    }
+    
+    protected abstract AccessTokenValidation getAccessTokenValidation(MessageContext mc,
+                                                             Map<String, String> schemeParams,
+                                                             String authSchemeData);
+    
+    private static Map<String, String> getSchemeParameters(String authData) {
+        String[] attributePairs = authData.split(",");
+        Map<String, String> attributeMap = new HashMap<String, String>();
+        for (String pair : attributePairs) {
+            String[] pairValues = pair.trim().split("=", 2);
+            attributeMap.put(pairValues[0].trim(), pairValues[1].trim().replaceAll("\"",
""));
+        }
+        return attributeMap;
+    }
+    
+    protected void validateTimestampNonce(String tokenKey, String ts, String nonce) {
+        if (nonceVerifier != null) {
+            nonceVerifier.verifyNonce(tokenKey, nonce, ts);
+        }
+    }
+    
+    public void setNonceVerifier(NonceVerifier nonceVerifier) {
+        this.nonceVerifier = nonceVerifier;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/e9b59cae/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java
index 2321e4a..9955ffe 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java
@@ -18,96 +18,44 @@
  */
 package org.apache.cxf.rs.security.oauth2.tokens.hawk;
 
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
 import java.util.Map;
 
-import org.apache.cxf.common.util.Base64Exception;
-import org.apache.cxf.common.util.Base64Utility;
-import org.apache.cxf.common.util.crypto.HmacUtils;
 import org.apache.cxf.jaxrs.ext.MessageContext;
-import org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
-import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
-import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 
-public class HawkAccessTokenValidator implements AccessTokenValidator {
+public class HawkAccessTokenValidator extends AbstractHawkAccessTokenValidator {
     private OAuthDataProvider dataProvider;
-    private NonceVerifier nonceVerifier;
-    
-    public List<String> getSupportedAuthorizationSchemes() {
-        return Collections.singletonList(OAuthConstants.HAWK_AUTHORIZATION_SCHEME);
-    }
-
-    public AccessTokenValidation validateAccessToken(MessageContext mc,
-                                                     String authScheme, 
-                                                     String authSchemeData) throws OAuthServiceException
{
-        HttpRequestProperties httpProps = new HttpRequestProperties(mc.getUriInfo().getRequestUri(),
-                                                                    mc.getHttpServletRequest().getMethod());

-        Map<String, String> schemeParams = getSchemeParameters(authSchemeData);
-        HawkAuthorizationScheme macAuthInfo = new HawkAuthorizationScheme(httpProps, schemeParams);
-        
-        HawkAccessToken macAccessToken = validateSchemeData(macAuthInfo,
-                                                           schemeParams.get(OAuthConstants.HAWK_TOKEN_SIGNATURE));
-        validateTimestampNonce(macAccessToken, macAuthInfo.getTimestamp(), macAuthInfo.getNonce());
-        return new AccessTokenValidation(macAccessToken);
-    }
-    
-    private static Map<String, String> getSchemeParameters(String authData) {
-        String[] attributePairs = authData.split(",");
-        Map<String, String> attributeMap = new HashMap<String, String>();
-        for (String pair : attributePairs) {
-            String[] pairValues = pair.trim().split("=", 2);
-            attributeMap.put(pairValues[0].trim(), pairValues[1].trim().replaceAll("\"",
""));
-        }
-        return attributeMap;
-    }
-    
-    protected void validateTimestampNonce(HawkAccessToken token, String ts, String nonce)
{
-        if (nonceVerifier != null) {
-            nonceVerifier.verifyNonce(token.getTokenKey(), nonce, ts);
-        }
-    }
-    
-    private HawkAccessToken validateSchemeData(HawkAuthorizationScheme macAuthInfo,
-                                              String clientMacString) {
-        String macKey = macAuthInfo.getMacKey();
+    private boolean remoteSignatureValidation;
         
+    protected AccessTokenValidation getAccessTokenValidation(MessageContext mc,
+                                                             Map<String, String> schemeParams,
+                                                             String authSchemeData) {
+        String macKey = schemeParams.get(OAuthConstants.HAWK_TOKEN_ID);
         ServerAccessToken accessToken = dataProvider.getAccessToken(macKey);
         if (!(accessToken instanceof HawkAccessToken)) {
             throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
         }
         HawkAccessToken macAccessToken = (HawkAccessToken)accessToken;
+        AccessTokenValidation atv = new AccessTokenValidation(macAccessToken);
         
-        String normalizedString = macAuthInfo.getNormalizedRequestString();
-        try {
-            HmacAlgorithm hmacAlgo = HmacAlgorithm.toHmacAlgorithm(macAccessToken.getMacAlgorithm());
-            byte[] serverMacData = HmacUtils.computeHmac(
-                macAccessToken.getMacKey(), hmacAlgo.getJavaName(), normalizedString); 
-                                                         
-            byte[] clientMacData = Base64Utility.decode(clientMacString);
-            boolean validMac = Arrays.equals(serverMacData, clientMacData);
-            if (!validMac) {
-                AuthorizationUtils.throwAuthorizationFailure(Collections
-                    .singleton(OAuthConstants.HAWK_AUTHORIZATION_SCHEME));
-            }
-        } catch (Base64Exception e) {
-            throw new OAuthServiceException(OAuthConstants.SERVER_ERROR, e);
+        // OAuth2 Pop token introspection will likely support returning a JWE-encrypted key
+        if (!remoteSignatureValidation || mc.getSecurityContext().isSecure()) {
+            atv.getExtraProps().put(OAuthConstants.HAWK_TOKEN_KEY, macAccessToken.getMacKey());
+            atv.getExtraProps().put(OAuthConstants.HAWK_TOKEN_ALGORITHM, macAccessToken.getMacAlgorithm());
         }
-        return macAccessToken;
+        
+        return atv;
     }
     
+        
     public void setDataProvider(OAuthDataProvider dataProvider) {
         this.dataProvider = dataProvider;
     }
-
-    public void setNonceVerifier(NonceVerifier nonceVerifier) {
-        this.nonceVerifier = nonceVerifier;
+    public void setRemoteSignatureValidation(boolean remoteSignatureValidation) {
+        this.remoteSignatureValidation = remoteSignatureValidation;
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e9b59cae/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java
new file mode 100644
index 0000000..196e82b
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.tokens.hawk;
+
+import java.util.Map;
+
+import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
+import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+
+public class HawkAccessTokenValidatorClient extends AbstractHawkAccessTokenValidator {
+    private AccessTokenValidator validator;
+        
+    protected AccessTokenValidation getAccessTokenValidation(MessageContext mc,
+                                                             Map<String, String> schemeParams,
+                                                             String authSchemeData) {
+        return validator.validateAccessToken(mc, OAuthConstants.HAWK_AUTHORIZATION_SCHEME,

+                                             authSchemeData);
+    }
+    
+}


Mime
View raw message