Author: buildbot
Date: Wed Dec 2 10:47:41 2015
New Revision: 974276
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html
==============================================================================
--- websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html (original)
+++ websites/production/cxf/content/docs/jaxrs-oauth2-assertions.html Wed Dec
2 10:47:41 2015
@@ -118,18 +118,22 @@ Apache CXF -- JAXRS OAuth2 Assertions
<!-- Content -->
<div class="wiki-content">
<div id="ConfluenceContent"><h1
id="JAXRSOAuth2Assertions-JAXRS:OAuth2Assertions">JAXRS: OAuth2
Assertions</h1><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1448628420980 {padding: 0px;}
-div.rbtoc1448628420980 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1448628420980 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1449053223153 {padding: 0px;}
+div.rbtoc1449053223153 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1449053223153 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1448628420980">
+/*]]>*/</style></p><div class="toc-macro rbtoc1449053223153">
<ul class="toc-indentation"><li><a shape="rect"
href="#JAXRSOAuth2Assertions-JAXRS:OAuth2Assertions">JAXRS: OAuth2
Assertions</a></li><li><a shape="rect"
href="#JAXRSOAuth2Assertions-Introduction">Introduction</a></li><li><a
shape="rect" href="#JAXRSOAuth2Assertions-Mavendependencies">Maven
dependencies</a></li><li><a shape="rect"
href="#JAXRSOAuth2Assertions-SAML2Bearer">SAML2 Bearer</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#JAXRSOAuth2Assertions-AccessTokenGrant">Access Token Grant</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#JAXRSOAuth2Assertions-Clientcode">Client code</a></li><li><a
shape="rect" href="#JAXRSOAuth2Assertions-AccessTokenService">Access Token
Service</a></li></ul>
</li><li><a shape="rect"
href="#JAXRSOAuth2Assertions-AuthenticationToken">Authentication Token</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#JAXRSOAuth2Assertions-ClientCode">Client Code</a></li><li><a
shape="rect" href="#JAXRSOAuth2Assertions-AccessTokenService.1">Access Token
Service</a></li></ul>
</li><li><a shape="rect"
href="#JAXRSOAuth2Assertions-ClientActingonBehalfofItself">Client Acting on
Behalf of Itself</a></li></ul>
-</li><li><a shape="rect" href="#JAXRSOAuth2Assertions-JWTBearer">JWT
Bearer</a></li></ul>
+</li><li><a shape="rect" href="#JAXRSOAuth2Assertions-JWTBearer">JWT Bearer</a>
+<ul class="toc-indentation"><li><a shape="rect"
href="#JAXRSOAuth2Assertions-AuthenticationToken.1">Authentication Token</a>
+<ul class="toc-indentation"><li><a shape="rect"
href="#JAXRSOAuth2Assertions-ClientCode.1">Client Code</a></li><li><a
shape="rect" href="#JAXRSOAuth2Assertions-AccessTokenService.2">Access Token
Service</a></li></ul>
+</li></ul>
+</li></ul>
</div><h1 id="JAXRSOAuth2Assertions-Introduction">Introduction</h1><p><a
shape="rect" class="external-link"
href="http://tools.ietf.org/html/draft-ietf-oauth-v2"; rel="nofollow">OAuth
2.0</a> supports different types of access token grants. <a shape="rect"
class="external-link"
href="http://tools.ietf.org/html/draft-ietf-oauth-assertions-10";
rel="nofollow">OAuth2 Assertions</a> draft "provides a framework for the use of
assertions with OAuth 2.0" and <a shape="rect" class="external-link"
href="http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-15";
rel="nofollow">SAML2 Bearer Assertion Profiles for OAuth2</a> draft
specifically provides for the use of SAML2 Bearer assertions.</p><p>These
assertions can be used as token grants, but also, if needed, for getting 3rd
party clients authenticated. Note the clients can use assertions as grants but
use for example Basic authentication mechanism, or use say an authorization
code grant and the assertion to authenticate, and finally, they
can use assertions as a grant and as an authentication token.</p><p>Currently
CXF supports SAML2 Bearer assertions as grants and authentication
tokens.</p><p>See the <a shape="rect" href="jax-rs-oauth2.html">JAX-RS
OAuth2</a> page for information about OAuth 2.0 support in CXF. Please also
check the <a shape="rect" href="jax-rs-saml.html">JAX-RS SAML</a> page for more
information about SAML support.</p><h1
id="JAXRSOAuth2Assertions-Mavendependencies">Maven dependencies</h1><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
<pre class="brush: xml; gutter: false; theme: Default"
style="font-size:12px;"><dependency>
<groupId>org.apache.cxf</groupId>
@@ -357,7 +361,47 @@ AccessTokenGrant accessTokenGrant = new
ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, accessTokenGrant);
</pre>
-</div></div><p> </p><h1 id="JAXRSOAuth2Assertions-JWTBearer">JWT
Bearer</h1><p> </p><p>To be documented shortly</p></div>
+</div></div><p> </p><h1 id="JAXRSOAuth2Assertions-JWTBearer">JWT
Bearer</h1><p> </p><h2
id="JAXRSOAuth2Assertions-AuthenticationToken.1">Authentication Token</h2><p>As
noted in the introduction, JWT Bearer tokens may also act as client
authentication credentials, when requesting an access token, irrespectively of
the actual grant type. For example:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">POST /token HTTP/1.1
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=authorization_code
+&code=12345678
+&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
+&client_assertion=X.Y.Z
+</pre>
+</div></div><p>Note "client_assertion_type" with a value
"urn:ietf:params:oauth:client-assertion-type:jwt-bearer" indicates that the
type of assertion used as an authentication token is
"urn:ietf:params:oauth:client-assertion-type:jwt-bearer", while the
"client_assertion" parameter carries the actual value of the token.</p><h3
id="JAXRSOAuth2Assertions-ClientCode.1">Client Code</h3><p>The following
example shows how to use JWT Bearer tokens as an authentication token:
TODO</p><p> </p><h3 id="JAXRSOAuth2Assertions-AccessTokenService.2">Access
Token Service</h3><p>Here is how one may configure Access Token
Service:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+<pre class="brush: xml; gutter: false; theme: Default"
style="font-size:12px;"><bean id="dataProvider"
class="org.apache.cxf.systest.jaxrs.security.oauth2.OAuthDataProviderImpl"/>
+<bean id="oauthJson"
class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
+<bean id="jwtAuthHandler"
class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerAuthHandler"/>
+
+<bean id="serviceBean"
class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
+ <property name="dataProvider" ref="dataProvider"/>
+ <property name="grantHandlers">
+ <list>
+ <!-- list of required grant handlers -->
+ </list>
+ </property>
+</bean>
+
+<jaxrs:server
+
address="https://localhost:${testutil.ports.jaxrs-oauth2}/oauth2-auth">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="oauthJson"/>
+ <ref bean="jwtAuthHandler"/>
+ </jaxrs:providers>
+
+ <jaxrs:properties>
+ <entry key="security.signature.properties"
+
value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ </jaxrs:properties>
+
+</jaxrs:server>
+</pre>
+</div></div></div>
</div>
<!-- Content -->
</td>
