svn commit: r839042 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-oauth2.html

Wed, 21 Nov 2012 09:48:24 -0800 

Author: buildbot
Date: Wed Nov 21 17:48:00 2012
New Revision: 839042

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/jax-rs-oauth2.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jax-rs-oauth2.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-oauth2.html (original)
+++ websites/production/cxf/content/docs/jax-rs-oauth2.html Wed Nov 21 17:48:00 
2012
@@ -815,6 +815,60 @@ how one can access a user login name tha
 
 <p>CXF provides the utility grant beans for all the grants it supports, <a 
shape="rect" class="external-link" 
href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java";>AuthorizationCodeGrant</a>,
 <a shape="rect" class="external-link" 
href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrant.java";>ClientCredentialsGrant</a>,
 <a shape="rect" class="external-link" 
href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrant.java";>ResourceOwnerGrant</a>
 and <a shape="rect" class="external-link" 
href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrant
 .java">RefreshTokenGrant</a>. Please use the appropriate grant bean relevant 
to your application when requesting an access token or create a custom 
AccessTokenGrant bean implementation.</p>
 
+<p>For example, consider a case where a client who already owns an authorized 
access token and accessing the end user resource gets HTTP 401 error back and 
the client also owns a refresh token. Here is one possible way to handle it:</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent 
panelContent">
+<pre class="code-java">
+
+<span class="code-keyword">import</span> javax.ws.rs.NotAuthorizedException;
+<span class="code-keyword">import</span> javax.ws.rs.core.HttpHeaders;
+
+<span class="code-keyword">import</span> 
org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
+<span class="code-keyword">import</span> 
org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.Consumer;
+<span class="code-keyword">import</span> 
org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrant;
+<span class="code-keyword">import</span> 
org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrant;
+<span class="code-keyword">import</span> 
org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+
+
+
+<span class="code-comment">// the pseudo-code <span 
class="code-keyword">for</span> getting the access token
+</span>Consumer consumer = ...
+AuthorizationCodeGrant codeGrant = ...
+
+ClientAccessToken accessToken = OAuthClientUtils.getAccessToken(codeGrant, 
consumer);
+
+WebClient endUserResourceClient = WebClient.create(endUserServerAddress);
+
+endUserResourceClient.header(HttpHeaders.AUTHORIZATION, 
+                             
OAuthClientUtils.createAuthorizationHeader(accessToken));
+<span class="code-keyword">try</span> {
+   <span class="code-keyword">return</span> endUserResourceClient.get();
+} <span class="code-keyword">catch</span> (NotAuthorizedException ex) {
+    <span class="code-object">String</span> refreshToken = 
accessToken.getRefreshToken();
+    <span class="code-keyword">if</span> (refreshToken != <span 
class="code-keyword">null</span>) {
+        <span class="code-comment">// retry once
+</span>
+        <span class="code-comment">// refresh the token
+</span>        accessToken = OAuthClientUtils.getAccessToken(<span 
class="code-keyword">new</span> RefreshTokenGrant(refreshToken), consumer);
+
+        <span class="code-comment">// reset Authorization header
+</span>        endUserResourceClient.replaceHeader(HttpHeaders.AUTHORIZATION, 
+                             
OAuthClientUtils.createAuthorizationHeader(accessToken)); 
+
+        <span class="code-comment">// <span class="code-keyword">try</span> to 
access the end user resource again
+</span>        <span class="code-keyword">return</span> 
endUserResourceClient.get();
+        
+    } <span class="code-keyword">else</span> {
+        <span class="code-keyword">throw</span> ex;
+    }
+
+}
+
+
+
+</pre>
+</div></div>
+
 <h1><a shape="rect" 
name="JAX-RSOAuth2-OAuth2withouttheExplicitAuthorization"></a>OAuth2 without 
the Explicit Authorization</h1>
 
 <p>Client Credentials is one of OAuth2 grants that does not require the 
explicit authorization and is currently supported by CXF.  </p>

Reply via email to