Examples of org.apache.cxf.rs.security.oauth2.common.UserSubject

• org.apache.cxf.rs.security.oauth2.common.UserSubject
  Represents a login name which AuthorizationService may capture after the end user approved a given third party request

        properties.put("ws-security.signature.username", "alice");
        properties.put("ws-security.signature.properties", CRYPTO_RESOURCE_PROPERTIES);
        properties.put("ws-security.self-sign-saml-assertion", "true");
        bean.setProperties(properties);

        bean.getOutInterceptors().add(new Saml2BearerAuthOutInterceptor());

        WebClient wc = bean.createWebClient();
        wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON);
        return wc;
    }

public class OAuthDataProviderImpl implements OAuthDataProvider {

    @Override
    public Client getClient(String clientId) throws OAuthServiceException {
        Client client = new Client("alice", "alice", true);
        client.getAllowedGrantTypes().add(Constants.SAML2_BEARER_GRANT);
        client.getAllowedGrantTypes().add("custom_grant");
        return client;
    }

        SelfSignInfo signInfo = new SelfSignInfo(crypto, "alice", "password");

        String assertion =  SAMLUtils.createAssertion(new SamlCallbackHandler(),
                                                      signInfo).assertionToString();
        Saml2BearerGrant grant = new Saml2BearerGrant(assertion);
        ClientAccessToken at = OAuthClientUtils.getAccessToken(wc,
                                        new OAuthClientUtils.Consumer("alice", "alice"),
                                        grant,
                                        false);
        assertNotNull(at.getTokenKey());
    }

        Map<String, String> extraParams = new HashMap<String, String>();
        extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE, Constants.CLIENT_AUTH_SAML2_BEARER);
        extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, encodedAssertion);

        ClientAccessToken at = OAuthClientUtils.getAccessToken(wc,
                                                               new CustomGrant(),
                                                               extraParams);
        assertNotNull(at.getTokenKey());
    }

    @Test
    public void testSAML2BearerAuthenticationInterceptor() throws Exception {
        String address = "https://localhost:" + PORT + "/oauth2-auth/token";
        WebClient wc = createWebClientWithProps(address);

        ClientAccessToken at = OAuthClientUtils.getAccessToken(wc,
                                                               new CustomGrant());
        assertNotNull(at.getTokenKey());
    }

            AssertionWrapper assertionWrapper = new AssertionWrapper(token);

            Message message = PhaseInterceptorChain.getCurrentMessage();

            validateToken(message, assertionWrapper);
            UserSubject grantSubject = getGrantSubject(message, assertionWrapper);

            return doCreateAccessToken(client,
                                       grantSubject,
                                       Constants.SAML2_BEARER_GRANT,
                                       OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE)));

            }
            return new SamlUserSubject(jaxrsSc.getUserPrincipal().getName(),
                                       roles,
                                       jaxrsSc.getClaims());
        } else {
            return new UserSubject(sc.getUserPrincipal().getName());
        }

    }

    }


    protected SecurityContext createSecurityContext(HttpServletRequest request,
                                                    AccessTokenValidation accessTokenV) {
        UserSubject resourceOwnerSubject = accessTokenV.getTokenSubject();
        UserSubject clientSubject = accessTokenV.getClientSubject();

        final UserSubject theSubject =
            OAuthRequestFilter.this.useUserSubject ? resourceOwnerSubject : clientSubject;

        return new SecurityContext() {

            public Principal getUserPrincipal() {
                return theSubject != null ? new SimplePrincipal(theSubject.getLogin()) : null;
            }

            public boolean isUserInRole(String role) {
                if (theSubject == null) {
                    return false;
                }
                return theSubject.getRoles().contains(role);
            }
        };
    }

            return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_SCOPE);
        }


        // Create a UserSubject representing the end user
        UserSubject userSubject = createUserSubject(sc);

        // Request a new grant only if no pre-authorized token is available
        ServerAccessToken preauthorizedToken = getDataProvider().getPreauthorizedToken(
            client, requestedScope, userSubject, supportedGrantType);
        if (preauthorizedToken != null) {

        if (!requestedScope.containsAll(approvedScope)
            || !OAuthUtils.validateScopes(requestedScope, client.getRegisteredScopes(),
                                         partialMatchScopeValidation)) {
            return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_SCOPE);
        }
        UserSubject userSubject = createUserSubject(securityContext);

        // Request a new grant
        return createGrant(params,
                           client,
                           redirectUri,