public class OAuthAuthenticationProvider extends StandardAuthenticationProvider
This authentication provider implements OAuth 2.0 (RFC 6749) Bearer Tokens (RFC 6750).
The provider can be either configured with an authorization code or with an existing bearer token. Token endpoint and client ID are always required. If a client secret is required depends on the authorization server.
Configuration with authorization code:
SessionFactory factory = ... Map<String, String> parameter = new HashMap<String, String>(); parameter.put(SessionParameter.ATOMPUB_URL, "http://localhost/cmis/atom"); parameter.put(SessionParameter.BINDING_TYPE, BindingType.ATOMPUB.value()); parameter.put(SessionParameter.REPOSITORY_ID, "myRepository"); parameter.put(SessionParameter.AUTHENTICATION_PROVIDER_CLASS, "org.apache.chemistry.opencmis.client.bindings.spi.OAuthAuthenticationProvider"); parameter.put(SessionParameter.OAUTH_TOKEN_ENDPOINT, "https://example.com/auth/oauth/token"); parameter.put(SessionParameter.OAUTH_CLIENT_ID, "s6BhdRkqt3"); parameter.put(SessionParameter.OAUTH_CLIENT_SECRET, "7Fjfp0ZBr1KtDRbnfVdmIw"); parameter.put(SessionParameter.OAUTH_CODE, "abc"); ... Session session = factory.createSession(parameter);
Configuration with existing bearer token:
SessionFactory factory = ... Map<String, String> parameter = new HashMap<String, String>(); parameter.put(SessionParameter.ATOMPUB_URL, "http://localhost/cmis/atom"); parameter.put(SessionParameter.BINDING_TYPE, BindingType.ATOMPUB.value()); parameter.put(SessionParameter.REPOSITORY_ID, "myRepository"); parameter.put(SessionParameter.AUTHENTICATION_PROVIDER_CLASS, "org.apache.chemistry.opencmis.client.bindings.spi.OAuthAuthenticationProvider"); parameter.put(SessionParameter.OAUTH_TOKEN_ENDPOINT, "https://example.com/auth/oauth/token"); parameter.put(SessionParameter.OAUTH_CLIENT_ID, "s6BhdRkqt3"); parameter.put(SessionParameter.OAUTH_CLIENT_SECRET, "7Fjfp0ZBr1KtDRbnfVdmIw"); parameter.put(SessionParameter.OAUTH_ACCESS_TOKEN, "2YotnFZFEjr1zCsicMWpAA"); parameter.put(SessionParameter.OAUTH_REFRESH_TOKEN, "tGzv3JOkF0XG5Qx2TlKWIA"); parameter.put(SessionParameter.OAUTH_EXPIRATION_TIMESTAMP, "1388237075127"); ... Session session = factory.createSession(parameter);
Getting tokens at runtime:
OAuthAuthenticationProvider authProvider = (OAuthAuthenticationProvider) session.getBinding() .getAuthenticationProvider(); // get the current token Token token = authProvider.getToken(); // listen for token refreshes authProvider.addTokenListener(new OAuthAuthenticationProvider.TokenListener() { public void tokenRefreshed(Token token) { // do something with the new token } });
OAuth errors can be handled like this:
try { ... // CMIS calls ... } catch (CmisConnectionException connEx) { if (connEx.getCause() instanceof CmisOAuthException) { CmisOAuthException oauthEx = (CmisOAuthException) connEx.getCause(); if (CmisOAuthException.ERROR_INVALID_GRANT.equals(oauthEx.getError()) || CmisOAuthException.ERROR_INVALID_TOKEN.equals(oauthEx.getError())) { // ask the user to authenticate again } else { // a configuration or server problem } } }
Modifier and Type | Class and Description |
---|---|
static class |
OAuthAuthenticationProvider.CmisOAuthException
Exception for OAuth errors.
|
static class |
OAuthAuthenticationProvider.Token
Token holder class.
|
static interface |
OAuthAuthenticationProvider.TokenListener
Listener for OAuth token events.
|
WSSE_NAMESPACE, WSU_NAMESPACE
Constructor and Description |
---|
OAuthAuthenticationProvider() |
Modifier and Type | Method and Description |
---|---|
void |
addTokenListener(OAuthAuthenticationProvider.TokenListener listner)
Adds a token listener.
|
protected void |
fireTokenListner(OAuthAuthenticationProvider.Token token)
Lets all token listeners know that there is a new token.
|
protected String |
getAccessToken()
Gets the access token.
|
Map<String,List<String>> |
getHTTPHeaders(String url)
Returns a set of HTTP headers (key-value pairs) that should be added to a
HTTP call.
|
protected boolean |
getSendBearerToken()
Returns if an OAuth Bearer token header should be sent.
|
OAuthAuthenticationProvider.Token |
getToken()
Returns the current token.
|
void |
removeTokenListener(OAuthAuthenticationProvider.TokenListener listner)
Removes a token listener.
|
void |
setSession(BindingSession session)
Sets the
BindingSession the authentication provider lives in. |
addSessionParameterHeadersToFixedHeaders, createBasicAuthHeaderValue, getFixedHeaders, getHandleCookies, getSendBasicAuth, getSendUsernameToken, getSOAPHeaders, putResponseHeaders
getBearerToken, getHandlerResolver, getHostnameVerifier, getPassword, getProxyPassword, getProxyUser, getSession, getSSLSocketFactory, getUser
public void setSession(BindingSession session)
AbstractAuthenticationProvider
BindingSession
the authentication provider lives in.setSession
in interface SessionAwareAuthenticationProvider
setSession
in class StandardAuthenticationProvider
public Map<String,List<String>> getHTTPHeaders(String url)
AuthenticationProvider
getHTTPHeaders
in interface AuthenticationProvider
getHTTPHeaders
in class StandardAuthenticationProvider
url
- the URL of the HTTP callnull
if no additional headers
should be setpublic OAuthAuthenticationProvider.Token getToken()
public void addTokenListener(OAuthAuthenticationProvider.TokenListener listner)
listner
- the listener objectpublic void removeTokenListener(OAuthAuthenticationProvider.TokenListener listner)
listner
- the listener objectprotected void fireTokenListner(OAuthAuthenticationProvider.Token token)
protected boolean getSendBearerToken()
StandardAuthenticationProvider
getSendBearerToken
in class StandardAuthenticationProvider
protected String getAccessToken()
Copyright © 2009-2015 The Apache Software Foundation. All Rights Reserved.