Examples of org.apache.cxf.rs.security.oauth2.common.UserSubject

• org.apache.cxf.rs.security.oauth2.common.UserSubject
  Represents a login name which AuthorizationService may capture after the end user approved a given third party request

                                    jwsReader.getUnsignedEncodedPayload(),
                                    jwsReader.getDecodedSignature());


            super.validateClaims(client, jwtToken.getClaims());
            UserSubject grantSubject = new UserSubject(jwtToken.getClaims().getSubject());

            return doCreateAccessToken(client,
                                       grantSubject,
                                       Constants.JWT_BEARER_GRANT,
                                       OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE)));

    }

    @Test
    public void testClientJSON() throws Exception {
        Client c = new Client("client", "secret", true);
        c.setSubject(new UserSubject("subject", "id"));
        JSONProvider<Client> jsonp = new JSONProvider<Client>();
        jsonp.setMarshallAsJaxbElement(true);
        jsonp.setUnmarshallAsJaxbElement(true);
        ByteArrayOutputStream bos = new ByteArrayOutputStream();
        jsonp.writeTo(c, Client.class, new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE,

        assertEquals(token.getExpiresIn(), token2.getExpiresIn());
        Client regClient1 = token.getClient();
        Client regClient2 = token2.getClient();
        assertEquals(regClient1.getClientId(), regClient2.getClientId());
        assertNull(regClient2.getApplicationDescription());
        UserSubject endUser1 = token.getSubject();
        UserSubject endUser2 = token2.getSubject();
        assertEquals(endUser1.getLogin(), endUser2.getLogin());
        assertEquals(endUser1.getId(), endUser2.getId());
        assertEquals(endUser1.getRoles(), endUser2.getRoles());

        assertEquals(token.getRefreshToken(), token2.getRefreshToken());
        assertEquals(token.getAudience(), token2.getAudience());
        assertEquals(token.getGrantType(), token2.getGrantType());
        assertEquals(token.getParameters(), token2.getParameters());

        AccessTokenRegistration atr = new AccessTokenRegistration();
        Client regClient = p.getClient("1");
        atr.setClient(regClient);
        atr.setGrantType("code");
        atr.setAudience("http://localhost");
        UserSubject endUser = new UserSubject("Barry", "BarryId");
        atr.setSubject(endUser);
        endUser.setRoles(Collections.singletonList("role1"));
        return atr;
    }

    private static String[] getParts(String sequence) {
        return sequence.split("\\" + SEP);
    }

    private static UserSubject recreateUserSubject(String sequence) {
        UserSubject subject = null;
        if (!sequence.trim().isEmpty()) {
            String[] subjectParts = sequence.split("\\.");
            subject = new UserSubject(getStringPart(subjectParts[0]), getStringPart(subjectParts[1]));
            subject.setRoles(parseSimpleList(subjectParts[2]));
            subject.setProperties(parseSimpleMap(subjectParts[3]));
        }
        return subject;


    }

            return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_SCOPE);
        }


        // Create a UserSubject representing the end user
        UserSubject userSubject = createUserSubject(sc);

        // Request a new grant only if no pre-authorized token is available
        ServerAccessToken preauthorizedToken = getDataProvider().getPreauthorizedToken(
            client, requestedScope, userSubject, supportedGrantType);
        if (preauthorizedToken != null) {

        if (!requestedScope.containsAll(approvedScope)
            || !OAuthUtils.validateScopes(requestedScope, client.getRegisteredScopes(),
                                         partialMatchScopeValidation)) {
            return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_SCOPE);
        }
        UserSubject userSubject = createUserSubject(securityContext);

        // Request a new grant
        return createGrant(params,
                           client,
                           redirectUri,

    public void setSubjectCreator(SubjectCreator creator) {
        this.subjectCreator = creator;
    }

    protected UserSubject createUserSubject(SecurityContext securityContext) {
        UserSubject subject = null;
        if (subjectCreator != null) {
            subject = subjectCreator.createUserSubject(getMessageContext());
            if (subject != null) {
                return subject;
            }

            for (Principal p : roles) {
                roleNames.add(p.getName());
            }
        }
        return
            new UserSubject(securityContext.getUserPrincipal().getName(), roleNames);
    }

    }


    protected SecurityContext createSecurityContext(HttpServletRequest request,
                                                    AccessTokenValidation accessTokenV) {
        UserSubject resourceOwnerSubject = accessTokenV.getTokenSubject();
        UserSubject clientSubject = accessTokenV.getClientSubject();

        final UserSubject theSubject =
            OAuthRequestFilter.this.useUserSubject ? resourceOwnerSubject : clientSubject;

        return new SecurityContext() {

            public Principal getUserPrincipal() {
                return theSubject != null ? new SimplePrincipal(theSubject.getLogin()) : null;
            }

            public boolean isUserInRole(String role) {
                if (theSubject == null) {
                    return false;
                }
                return theSubject.getRoles().contains(role);
            }
        };
    }