Re: OAuth2 username-password flow with Apache CXF

Fri, 13 Sep 2013 01:02:37 -0700 

Hi

Thanks for the query, forwarding to the users list,
On 12/09/13 18:37, Messina Andrea wrote:


I'm looking for an example code written using Apache CXF WebClient API and requesting an 
access token using the "Password Access grant Type".

The 
documentation(http://cxf.apache.org/docs/jax-rs-oauth2.html#JAX-RSOAuth2-ClientCredentials).
 is really very poor about this subject .


Right, looking at it now, agree a bit more info should go into it,

Basically, the idea you just register an access token grant handler with 
AccessTokenService, the documentation focuses on the code flow
and AccessTokenService tries to default to the code grant handler if no 
custom handlers have been registered, so I missed that no info is there 
at all on how the custom handlers can be added, it is really easy,


AccessTokenService has
public void setGrantHandlers(List<AccessTokenGrantHandler> handlers);
and
public void setGrantHandler(AccessTokenGrantHandler handler);


methods. so you set ResourceOwnerGrantHandler (not ClientCredentials 
which you linked to)


http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java


Note AccessTokenService will authenticate the client itself (using 
client_id and client_secret) and the handler will authenticate the 
resource owner, using ResourceOwnerLoginHandler.

Default ResourceOwnerLoginHandler implementation is JAAS based:

http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java

but you can implement your own logic.

Hope it helps

I'll work on improving the docs

Sergey




The only input parameters are:

1) Login endpoint URI
2) client_id and client_secret
3) user_id and user_secret

Thanks in advance, Andrea


Andrea Messina

Blue Reply
Via Cardinal Massaia, 83
10147 - Torino - ITALY
phone: +39 011 29100
[email protected]
www.reply.it




________________________________

--
The information transmitted is intended for the person or entity to which it is 
addressed and may contain confidential and/or privileged material. Any review, 
retransmission, dissemination or other use of, or taking of any action in 
reliance upon, this information by persons or entities other than the intended 
recipient is prohibited. If you received this in error, please contact the 
sender and delete the material from any computer.




--
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com






















					Reply via email to