Should be
OAuthClientUtils.getAccessToken(webClient, consumer, new
ResourceOwnerGrant("resourceOwnerName", "resourceOwnerPassword"), false);
where 'false' means no Authorization header is created
Sergey
On 13/09/13 13:22, Sergey Beryozkin wrote:
Hi,
OAuthClientUtils has this method,
public static ClientAccessToken getAccessToken(WebClient
accessTokenService,
Consumer consumer,
AccessTokenGrant grant,
boolean
setAuthorizationHeader)
So, for example,
OAuthClientUtils.getAccessToken(webClient, consumer, new
ResourceOwnerGrant("resourceOwnerName", "resourceOwnerPassword"));
will do it, where 'consumer' represents Consumer initialized with a
client id & secret
Cheers, Sergey
On 13/09/13 13:12, Messina Andrea wrote:
Hi Sergey.
Thanks for reply.
Unfortunately I am unable to construct a working cxf-tree-objects to
perform a call for the 2-legged OAuth protocol.
The classes I have located are:
·*WebClient*
·*OauthClientUtils*
·*AccessTokenService*
·*AccessTokenGrant*
·*Consumer*
·*ResourceOwnerGrantHandler*
·*ResourceOwnerLoginHandler***
Could you sent an example implementation that would be able to invoke a
login endpoint supplying the following text in the body part of the HTTP
POST request ?
(PASSWORD GRANT so no user-direct authorization is required)
*grant_type=password&client_id=*XXX*&client_secret=*YYY*&username=*ZZZ*&password=*KKK
This could be also helpful for many people looking for it
(http://stackoverflow.com/questions/13793395/cxf-2-legged-oauth-example)!
Thanks,
Andrea
Andrea Messina
Blue Reply
Via Cardinal Massaia, 83
10147 - Torino - ITALY
phone: +39 011 29100
[email protected]
www.reply.it
Blue Reply
-----Original Message-----
From: Sergey Beryozkin [mailto:[email protected]]
Sent: giovedì 12 settembre 2013 22:21
To: [email protected]
Cc: Messina Andrea
Subject: Re: OAuth2 username-password flow with Apache CXF
Hi
Thanks for the query, forwarding to the users list, On 12/09/13 18:37,
Messina Andrea wrote:
>
> I'm looking for an example code written using Apache CXF WebClient
API and requesting an access token using the "Password Access grant
Type".
>
> The
documentation(http://cxf.apache.org/docs/jax-rs-oauth2.html#JAX-RSOAuth2-ClientCredentials).
is really very poor about this subject .
>
Right, looking at it now, agree a bit more info should go into it,
Basically, the idea you just register an access token grant handler with
AccessTokenService, the documentation focuses on the code flow and
AccessTokenService tries to default to the code grant handler if no
custom handlers have been registered, so I missed that no info is there
at all on how the custom handlers can be added, it is really easy,
AccessTokenService has
public void setGrantHandlers(List<AccessTokenGrantHandler> handlers);
and public void setGrantHandler(AccessTokenGrantHandler handler);
methods. so you set ResourceOwnerGrantHandler (not ClientCredentials
which you linked to)
http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
Note AccessTokenService will authenticate the client itself (using
client_id and client_secret) and the handler will authenticate the
resource owner, using ResourceOwnerLoginHandler.
Default ResourceOwnerLoginHandler implementation is JAAS based:
http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java
but you can implement your own logic.
Hope it helps
I'll work on improving the docs
Sergey
> The only input parameters are:
>
> 1) Login endpoint URI
> 2) client_id and client_secret
> 3) user_id and user_secret
>
> Thanks in advance, Andrea
>
>
> Andrea Messina
>
> Blue Reply
> Via Cardinal Massaia, 83
> 10147 - Torino - ITALY
> phone: +39 011 29100
> [email protected] <mailto:[email protected]>
> www.reply.it <http://www.reply.it>
>
>
>
>
> ________________________________
>
> --
> The information transmitted is intended for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the
material from any computer.
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
------------------------------------------------------------------------
--
The information transmitted is intended for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the
material from any computer.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
