Examples of common.Client

• org.apache.cxf.rs.security.oauth2.common.Client

    @Consumes("application/x-www-form-urlencoded")
    @Produces("application/json")
    public Response handleTokenRequest(MultivaluedMap<String, String> params) {

        // Make sure the client is authenticated
        Client client = authenticateClientIfNeeded(params);

        // Find the grant handler
        AccessTokenGrantHandler handler = findGrantHandler(params);
        if (handler == null) {
            return createErrorResponse(params, OAuthConstants.UNSUPPORTED_GRANT_TYPE);

    /**
     * Make sure the client is authenticated
     */
    private Client authenticateClientIfNeeded(MultivaluedMap<String, String> params) {
        Client client = null;
        SecurityContext sc = getMessageContext().getSecurityContext();

        if (params.containsKey(OAuthConstants.CLIENT_ID)) {
            // both client_id and client_secret are expected in the form payload
            client = getAndValidateClient(params.getFirst(OAuthConstants.CLIENT_ID),

        return client;
    }

    // Get the Client and check the id and secret
    private Client getAndValidateClient(String clientId, String clientSecret) {
        Client client = getClient(clientId);
        if (clientSecret == null || !client.getClientId().equals(clientId)
            || !client.getClientSecret().equals(clientSecret)) {
            throw new WebApplicationException(401);
        }
        return client;
    }

     * @throws WebApplicationException if no matching Client is found,
     *         the error is returned directly to the end user without
     *         following the redirect URI if any
     */
    protected Client getClient(String clientId) {
        Client client = null;

        if (clientId != null) {
            try {
                client = dataProvider.getClient(clientId);
            } catch (OAuthServiceException ex) {

public class OAuthDataProviderImpl implements OAuthDataProvider {

    private Map<String, Client> clients = new HashMap<String, Client>();

    public OAuthDataProviderImpl() {
        Client client = new Client("alice", "alice", true);
        client.getAllowedGrantTypes().add(Constants.SAML2_BEARER_GRANT);
        client.getAllowedGrantTypes().add("custom_grant");
        clients.put(client.getClientId(), client);

        Client client2 = new Client("CN=whateverhost.com,OU=Morpit,O=ApacheTest,L=Syracuse,C=US",
                                    null,
                                    true,
                                    null,
                                    null);
        client.getAllowedGrantTypes().add("custom_grant");
        clients.put(client2.getClientId(), client2);
    }

    /**
     * Make sure the client is authenticated
     */
    protected Client authenticateClientIfNeeded(MultivaluedMap<String, String> params) {
        Client client = null;
        SecurityContext sc = getMessageContext().getSecurityContext();

        if (params.containsKey(OAuthConstants.CLIENT_ID)) {
            // Both client_id and client_secret are expected in the form payload
            client = getAndValidateClientFromIdAndSecret(params.getFirst(OAuthConstants.CLIENT_ID),
                                          params.getFirst(OAuthConstants.CLIENT_SECRET));
        } else if (sc.getUserPrincipal() != null) {
            // Client has already been authenticated
            Principal p = sc.getUserPrincipal();
            if (p.getName() != null) {
                client = getClient(p.getName());
            } else {
                // Most likely a container-level authentication, possibly 2-way TLS,
                // Check if the mapping between Principal and Client Id has been done in a filter
                String clientId = (String)getMessageContext().get(OAuthConstants.CLIENT_ID);
                if (StringUtils.isEmpty(clientId) && clientIdProvider != null) {
                    // Check Custom ClientIdProvider
                    clientId = clientIdProvider.getClientId(getMessageContext());
                }
                if (!StringUtils.isEmpty(clientId)) {
                    client = getClient(clientId);
                }
            }
        }

        if (client == null) {
            TLSSessionInfo tlsSessionInfo =
                (TLSSessionInfo)getMessageContext().get(TLSSessionInfo.class.getName());
            client = getClientFromTLSCertificates(sc, tlsSessionInfo);
            if (client == null) {
                // Basic Authentication is expected by default
                client = getClientFromBasicAuthScheme();
            }
            if (client != null && tlsSessionInfo != null) {
                // Validate the client application certificates
                compareTlsCertificates(tlsSessionInfo, client.getApplicationCertificate());
            }
        }

        if (client == null) {
            reportInvalidClient();

        return client;
    }

    // Get the Client and check the id and secret
    protected Client getAndValidateClientFromIdAndSecret(String clientId, String clientSecret) {
        Client client = getClient(clientId);
        if (canSupportPublicClients
            && !client.isConfidential()
            && client.getClientSecret() == null
            && clientSecret == null) {
            return client;
        }
        if (clientSecret == null || client.getClientSecret() == null
            || !client.getClientId().equals(clientId)
            || !client.getClientSecret().equals(clientSecret)) {
            throw ExceptionUtils.toNotAuthorizedException(null, null);
        }
        return client;
    }

            return null;
        }
    }

    protected Client getClientFromTLSCertificates(SecurityContext sc, TLSSessionInfo tlsSessionInfo) {
        Client client = null;
        if (tlsSessionInfo != null && StringUtils.isEmpty(sc.getAuthenticationScheme())) {
            // Pure 2-way TLS authentication
            String clientId = getClientIdFromTLSCertificates(sc, tlsSessionInfo);
            if (!StringUtils.isEmpty(clientId)) {
                client = getClient(clientId);

    protected Client getClient(String clientId) {
        if (clientId == null) {
            reportInvalidRequestError("Client ID is null");
            return null;
        }
        Client client = null;
        try {
            client = getValidClient(clientId);
        } catch (OAuthServiceException ex) {
            if (ex.getError() != null) {
                reportInvalidClient(ex.getError());

    }


    private static Client recreateClientInternal(String sequence) {
        String[] parts = getParts(sequence);
        Client c = new Client(parts[0],
                              parts[1],
                              Boolean.valueOf(parts[2]),
                              getStringPart(parts[3]), getStringPart(parts[4]));
        c.setApplicationDescription(getStringPart(parts[5]));
        c.setApplicationLogoUri(getStringPart(parts[6]));
        c.setAllowedGrantTypes(parseSimpleList(parts[7]));
        c.setRegisteredScopes(parseSimpleList(parts[8]));
        c.setRedirectUris(parseSimpleList(parts[9]));
        c.setRegisteredAudiences(parseSimpleList(parts[10]));
        c.setProperties(parseSimpleMap(parts[11]));
        c.setSubject(recreateUserSubject(parts[12]));
        return c;
    }