cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: OAuth2 username-password flow with Apache CXF
Date Fri, 13 Sep 2013 12:23:55 GMT
Should be

OAuthClientUtils.getAccessToken(webClient, consumer, new
ResourceOwnerGrant("resourceOwnerName", "resourceOwnerPassword"), false);

where 'false' means no Authorization header is created
Sergey
On 13/09/13 13:22, Sergey Beryozkin wrote:
> Hi,
>
> OAuthClientUtils has this method,
>
> public static ClientAccessToken getAccessToken(WebClient
> accessTokenService,
>                                                     Consumer consumer,
>                                                     AccessTokenGrant grant,
>                                                     boolean
> setAuthorizationHeader)
>
> So, for example,
>
> OAuthClientUtils.getAccessToken(webClient, consumer, new
> ResourceOwnerGrant("resourceOwnerName", "resourceOwnerPassword"));
>
> will do it, where 'consumer' represents Consumer initialized with a
> client id & secret
>
> Cheers, Sergey
>
> On 13/09/13 13:12, Messina Andrea wrote:
>> Hi Sergey.
>>
>> Thanks for reply.
>>
>> Unfortunately I am unable to construct a working cxf-tree-objects to
>> perform a call for the 2-legged OAuth protocol.
>>
>> The classes I have located are:
>>
>> ·*WebClient*
>>
>> ·*OauthClientUtils*
>>
>> ·*AccessTokenService*
>>
>> ·*AccessTokenGrant*
>>
>> ·*Consumer*
>>
>> ·*ResourceOwnerGrantHandler*
>>
>> ·*ResourceOwnerLoginHandler***
>>
>> Could you sent an example implementation that would be able to invoke a
>> login endpoint supplying the following text in the body part of the HTTP
>> POST request ?
>>
>> (PASSWORD GRANT so no user-direct authorization is required)
>>
>> *grant_type=password&client_id=*XXX*&client_secret=*YYY*&username=*ZZZ*&password=*KKK
>>
>>
>> This could be also helpful for many people looking for it
>> (http://stackoverflow.com/questions/13793395/cxf-2-legged-oauth-example)!
>>
>> Thanks,
>>
>> Andrea
>>
>>
>>
>> Andrea Messina
>>
>> Blue Reply
>> Via Cardinal Massaia, 83
>> 10147 - Torino - ITALY
>> phone: +39 011 29100
>> a.messina@reply.it
>> www.reply.it
>>
>> Blue Reply
>>
>> -----Original Message-----
>> From: Sergey Beryozkin [mailto:sberyozkin@gmail.com]
>> Sent: giovedì 12 settembre 2013 22:21
>> To: users@cxf.apache.org
>> Cc: Messina Andrea
>> Subject: Re: OAuth2 username-password flow with Apache CXF
>>
>> Hi
>>
>> Thanks for the query, forwarding to the users list, On 12/09/13 18:37,
>> Messina Andrea wrote:
>>
>>  >
>>
>>  > I'm looking for an example code written using Apache CXF WebClient
>> API and requesting an access token using the "Password Access grant
>> Type".
>>
>>  >
>>
>>  > The
>> documentation(http://cxf.apache.org/docs/jax-rs-oauth2.html#JAX-RSOAuth2-ClientCredentials).
>>
>> is really very poor about this subject .
>>
>>  >
>>
>> Right, looking at it now, agree a bit more info should go into it,
>> Basically, the idea you just register an access token grant handler with
>> AccessTokenService, the documentation focuses on the code flow and
>> AccessTokenService tries to default to the code grant handler if no
>> custom handlers have been registered, so I missed that no info is there
>> at all on how the custom handlers can be added, it is really easy,
>>
>> AccessTokenService has
>>
>> public void setGrantHandlers(List<AccessTokenGrantHandler> handlers);
>> and public void setGrantHandler(AccessTokenGrantHandler handler);
>>
>> methods. so you set ResourceOwnerGrantHandler (not ClientCredentials
>> which you linked to)
>>
>> http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
>>
>>
>> Note AccessTokenService will authenticate the client itself (using
>> client_id and client_secret) and the handler will authenticate the
>> resource owner, using ResourceOwnerLoginHandler.
>>
>> Default ResourceOwnerLoginHandler implementation is JAAS based:
>>
>> http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java
>>
>>
>> but you can implement your own logic.
>>
>> Hope it helps
>>
>> I'll work on improving the docs
>>
>> Sergey
>>
>>  > The only input parameters are:
>>
>>  >
>>
>>  > 1) Login endpoint URI
>>
>>  > 2) client_id and client_secret
>>
>>  > 3) user_id and user_secret
>>
>>  >
>>
>>  > Thanks in advance, Andrea
>>
>>  >
>>
>>  >
>>
>>  > Andrea Messina
>>
>>  >
>>
>>  > Blue Reply
>>
>>  > Via Cardinal Massaia, 83
>>
>>  > 10147 - Torino - ITALY
>>
>>  > phone: +39 011 29100
>>
>>  > a.messina@reply.it <mailto:a.messina@reply.it>
>>
>>  > www.reply.it <http://www.reply.it>
>>
>>  >
>>
>>  >
>>
>>  >
>>
>>  >
>>
>>  > ________________________________
>>
>>  >
>>
>>  > --
>>
>>  > The information transmitted is intended for the person or entity to
>> which it is addressed and may contain confidential and/or privileged
>> material. Any review, retransmission, dissemination or other use of, or
>> taking of any action in reliance upon, this information by persons or
>> entities other than the intended recipient is prohibited. If you
>> received this in error, please contact the sender and delete the
>> material from any computer.
>>
>>  >
>>
>> --
>>
>> Sergey Beryozkin
>>
>> Talend Community Coders
>>
>> http://coders.talend.com/
>>
>> Blog: http://sberyozkin.blogspot.com
>>
>>
>> ------------------------------------------------------------------------
>>
>> --
>> The information transmitted is intended for the person or entity to
>> which it is addressed and may contain confidential and/or privileged
>> material. Any review, retransmission, dissemination or other use of, or
>> taking of any action in reliance upon, this information by persons or
>> entities other than the intended recipient is prohibited. If you
>> received this in error, please contact the sender and delete the
>> material from any computer.
>
>


-- 
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com

Mime
View raw message