cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r974276 - in /websites/production/cxf/content: cache/docs.pageCache docs/jaxrs-oauth2-assertions.html
Date Wed, 02 Dec 2015 10:47:41 GMT
Author: buildbot
Date: Wed Dec  2 10:47:41 2015
New Revision: 974276

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html
==============================================================================
--- websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html (original)
+++ websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html Wed Dec  2 10:47:41
2015
@@ -118,18 +118,22 @@ Apache CXF -- JAXRS OAuth2 Assertions
            <!-- Content -->
            <div class="wiki-content">
 <div id="ConfluenceContent"><h1 id="JAXRSOAuth2Assertions-JAXRS:OAuth2Assertions">JAXRS:
OAuth2 Assertions</h1><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1448628420980 {padding: 0px;}
-div.rbtoc1448628420980 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1448628420980 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1449053223153 {padding: 0px;}
+div.rbtoc1449053223153 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1449053223153 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1448628420980">
+/*]]>*/</style></p><div class="toc-macro rbtoc1449053223153">
 <ul class="toc-indentation"><li><a shape="rect" href="#JAXRSOAuth2Assertions-JAXRS:OAuth2Assertions">JAXRS:
OAuth2 Assertions</a></li><li><a shape="rect" href="#JAXRSOAuth2Assertions-Introduction">Introduction</a></li><li><a
shape="rect" href="#JAXRSOAuth2Assertions-Mavendependencies">Maven dependencies</a></li><li><a
shape="rect" href="#JAXRSOAuth2Assertions-SAML2Bearer">SAML2 Bearer</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAXRSOAuth2Assertions-AccessTokenGrant">Access
Token Grant</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAXRSOAuth2Assertions-Clientcode">Client
code</a></li><li><a shape="rect" href="#JAXRSOAuth2Assertions-AccessTokenService">Access
Token Service</a></li></ul>
 </li><li><a shape="rect" href="#JAXRSOAuth2Assertions-AuthenticationToken">Authentication
Token</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAXRSOAuth2Assertions-ClientCode">Client
Code</a></li><li><a shape="rect" href="#JAXRSOAuth2Assertions-AccessTokenService.1">Access
Token Service</a></li></ul>
 </li><li><a shape="rect" href="#JAXRSOAuth2Assertions-ClientActingonBehalfofItself">Client
Acting on Behalf of Itself</a></li></ul>
-</li><li><a shape="rect" href="#JAXRSOAuth2Assertions-JWTBearer">JWT Bearer</a></li></ul>
+</li><li><a shape="rect" href="#JAXRSOAuth2Assertions-JWTBearer">JWT Bearer</a>
+<ul class="toc-indentation"><li><a shape="rect" href="#JAXRSOAuth2Assertions-AuthenticationToken.1">Authentication
Token</a>
+<ul class="toc-indentation"><li><a shape="rect" href="#JAXRSOAuth2Assertions-ClientCode.1">Client
Code</a></li><li><a shape="rect" href="#JAXRSOAuth2Assertions-AccessTokenService.2">Access
Token Service</a></li></ul>
+</li></ul>
+</li></ul>
 </div><h1 id="JAXRSOAuth2Assertions-Introduction">Introduction</h1><p><a
shape="rect" class="external-link" href="http://tools.ietf.org/html/draft-ietf-oauth-v2" rel="nofollow">OAuth
2.0</a> supports different types of access token grants. <a shape="rect" class="external-link"
href="http://tools.ietf.org/html/draft-ietf-oauth-assertions-10" rel="nofollow">OAuth2
Assertions</a> draft "provides a framework for the use of assertions with OAuth 2.0"
and <a shape="rect" class="external-link" href="http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-15"
rel="nofollow">SAML2 Bearer Assertion Profiles for OAuth2</a> draft specifically
provides for the use of SAML2 Bearer assertions.</p><p>These assertions can be
used as token grants, but also, if needed, for getting 3rd party clients authenticated. Note
the clients can use assertions as grants but use for example Basic authentication mechanism,
or use say an authorization code grant and the assertion to authenticate, and finally, they

 can use assertions as a grant and as an authentication token.</p><p>Currently
CXF supports SAML2 Bearer assertions as grants and authentication tokens.</p><p>See
the <a shape="rect" href="jax-rs-oauth2.html">JAX-RS OAuth2</a> page for information
about OAuth 2.0 support in CXF. Please also check the <a shape="rect" href="jax-rs-saml.html">JAX-RS
SAML</a> page for more information about SAML support.</p><h1 id="JAXRSOAuth2Assertions-Mavendependencies">Maven
dependencies</h1><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
 <pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">&lt;dependency&gt;
   &lt;groupId&gt;org.apache.cxf&lt;/groupId&gt;
@@ -357,7 +361,47 @@ AccessTokenGrant accessTokenGrant = new
        
 ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, accessTokenGrant);
 </pre>
-</div></div><p>&#160;</p><h1 id="JAXRSOAuth2Assertions-JWTBearer">JWT
Bearer</h1><p>&#160;</p><p>To be documented shortly</p></div>
+</div></div><p>&#160;</p><h1 id="JAXRSOAuth2Assertions-JWTBearer">JWT
Bearer</h1><p>&#160;</p><h2 id="JAXRSOAuth2Assertions-AuthenticationToken.1">Authentication
Token</h2><p>As noted in the introduction, JWT Bearer tokens may also act as client
authentication credentials, when requesting an access token, irrespectively of the actual
grant type. For example:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">POST
/token HTTP/1.1
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=authorization_code
+&amp;code=12345678
+&amp;client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
+&amp;client_assertion=X.Y.Z
+</pre>
+</div></div><p>Note "client_assertion_type" with a value "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
indicates that the type of assertion used as an authentication token is "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
while the "client_assertion" parameter carries the actual value of the token.</p><h3
id="JAXRSOAuth2Assertions-ClientCode.1">Client Code</h3><p>The following example
shows how to use JWT Bearer tokens as an authentication token: TODO</p><p>&#160;</p><h3
id="JAXRSOAuth2Assertions-AccessTokenService.2">Access Token Service</h3><p>Here
is how one may configure Access Token Service:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">&lt;bean
id="dataProvider" class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/&gt;
+&lt;bean id="oauthJson" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/&gt;
+&lt;bean id="jwtAuthHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerAuthHandler"/&gt;
+
+&lt;bean id="serviceBean" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"&gt;
+  &lt;property name="dataProvider" ref="dataProvider"/&gt;
+  &lt;property name="grantHandlers"&gt;
+     &lt;list&gt;
+       &lt;!-- list of required grant handlers --&gt;
+     &lt;/list&gt;
+  &lt;/property&gt;
+&lt;/bean&gt;
+
+&lt;jaxrs:server 
+       address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2-auth"&gt; 
+       &lt;jaxrs:serviceBeans&gt;
+          &lt;ref bean="serviceBean"/&gt;
+       &lt;/jaxrs:serviceBeans&gt;
+       &lt;jaxrs:providers&gt;
+          &lt;ref bean="oauthJson"/&gt;
+          &lt;ref bean="jwtAuthHandler"/&gt;
+       &lt;/jaxrs:providers&gt;
+       
+       &lt;jaxrs:properties&gt;
+           &lt;entry key="security.signature.properties" 
+                  value="org/apache/cxf/systest/jaxrs/security/alice.properties"/&gt;
+       &lt;/jaxrs:properties&gt;
+        
+&lt;/jaxrs:server&gt;
+</pre>
+</div></div></div>
            </div>
            <!-- Content -->
          </td>



Mime
View raw message