org.apache.chemistry.opencmis.client.bindings.spi

Class OAuthAuthenticationProvider

java.lang.Object

org.apache.chemistry.opencmis.client.bindings.spi.AbstractAuthenticationProvider

org.apache.chemistry.opencmis.client.bindings.spi.StandardAuthenticationProvider

org.apache.chemistry.opencmis.client.bindings.spi.OAuthAuthenticationProvider

All Implemented Interfaces:

Serializable, SessionAwareAuthenticationProvider, AuthenticationProvider

public class OAuthAuthenticationProvider
extends StandardAuthenticationProvider

OAuth 2.0 Authentication Provider.

This authentication provider implements OAuth 2.0 (RFC 6749) Bearer Tokens (RFC 6750).

The provider can be either configured with an authorization code or with an existing bearer token. Token endpoint and client ID are always required. If a client secret is required depends on the authorization server.

Configuration with authorization code:

 SessionFactory factory = ...
 
 Map<String, String> parameter = new HashMap<String, String>();
 
 parameter.put(SessionParameter.ATOMPUB_URL, "http://localhost/cmis/atom");
 parameter.put(SessionParameter.BINDING_TYPE, BindingType.ATOMPUB.value());
 parameter.put(SessionParameter.REPOSITORY_ID, "myRepository");
 
 parameter.put(SessionParameter.AUTHENTICATION_PROVIDER_CLASS, "org.apache.chemistry.opencmis.client.bindings.spi.OAuthAuthenticationProvider");
 
 parameter.put(SessionParameter.OAUTH_TOKEN_ENDPOINT, "https://example.com/auth/oauth/token");
 parameter.put(SessionParameter.OAUTH_CLIENT_ID, "s6BhdRkqt3");
 parameter.put(SessionParameter.OAUTH_CLIENT_SECRET, "7Fjfp0ZBr1KtDRbnfVdmIw");
 
 parameter.put(SessionParameter.OAUTH_CODE, "abc");
 
 ...
 Session session = factory.createSession(parameter);
 

Configuration with existing bearer token:

 SessionFactory factory = ...
 
 Map<String, String> parameter = new HashMap<String, String>();
 
 parameter.put(SessionParameter.ATOMPUB_URL, "http://localhost/cmis/atom");
 parameter.put(SessionParameter.BINDING_TYPE, BindingType.ATOMPUB.value());
 parameter.put(SessionParameter.REPOSITORY_ID, "myRepository");
 
 parameter.put(SessionParameter.AUTHENTICATION_PROVIDER_CLASS, "org.apache.chemistry.opencmis.client.bindings.spi.OAuthAuthenticationProvider");
  
 parameter.put(SessionParameter.OAUTH_TOKEN_ENDPOINT, "https://example.com/auth/oauth/token");
 parameter.put(SessionParameter.OAUTH_CLIENT_ID, "s6BhdRkqt3");
 parameter.put(SessionParameter.OAUTH_CLIENT_SECRET, "7Fjfp0ZBr1KtDRbnfVdmIw");
 
 parameter.put(SessionParameter.OAUTH_ACCESS_TOKEN, "2YotnFZFEjr1zCsicMWpAA");
 parameter.put(SessionParameter.OAUTH_REFRESH_TOKEN, "tGzv3JOkF0XG5Qx2TlKWIA");
 parameter.put(SessionParameter.OAUTH_EXPIRATION_TIMESTAMP, "1388237075127");
 
 ...
 Session session = factory.createSession(parameter);
 

Getting tokens at runtime:

 OAuthAuthenticationProvider authProvider = (OAuthAuthenticationProvider) session.getBinding()
         .getAuthenticationProvider();
 
 // get the current token
 Token token = authProvider.getToken();
 
 // listen for token refreshes
 authProvider.addTokenListener(new OAuthAuthenticationProvider.TokenListener() {
     public void tokenRefreshed(Token token) {
         // do something with the new token
     }
 });
 

OAuth errors can be handled like this:

  try {
      ...
      // CMIS calls
      ...
  } catch (CmisConnectionException connEx) {
      if (connEx.getCause() instanceof CmisOAuthException) {
          CmisOAuthException oauthEx = (CmisOAuthException) connEx.getCause();
 
          if (CmisOAuthException.ERROR_INVALID_GRANT.equals(oauthEx.getError()) ||
              CmisOAuthException.ERROR_INVALID_TOKEN.equals(oauthEx.getError())) {
              // ask the user to authenticate again
          } else {
             // a configuration or server problem
          }
    }
 }
 

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	OAuthAuthenticationProvider.CmisOAuthException Exception for OAuth errors.
static class	OAuthAuthenticationProvider.Token Token holder class.
static interface	OAuthAuthenticationProvider.TokenListener Listener for OAuth token events.

Field Summary

Fields inherited from class org.apache.chemistry.opencmis.client.bindings.spi.StandardAuthenticationProvider

WSSE_NAMESPACE, WSU_NAMESPACE

Constructor Summary

Constructors

Constructor and Description
OAuthAuthenticationProvider()

Method Summary

Methods

Modifier and Type	Method and Description
void	addTokenListener(OAuthAuthenticationProvider.TokenListener listner) Adds a token listener.
protected void	fireTokenListner(OAuthAuthenticationProvider.Token token) Lets all token listeners know that there is a new token.
protected String	getAccessToken() Gets the access token.
Map<String,List<String>>	getHTTPHeaders(String url) Returns a set of HTTP headers (key-value pairs) that should be added to a HTTP call.
protected boolean	getSendBearerToken() Returns if an OAuth Bearer token header should be sent.
OAuthAuthenticationProvider.Token	getToken() Returns the current token.
void	removeTokenListener(OAuthAuthenticationProvider.TokenListener listner) Removes a token listener.
void	setSession(BindingSession session) Sets the BindingSession the authentication provider lives in.

Methods inherited from class org.apache.chemistry.opencmis.client.bindings.spi.StandardAuthenticationProvider

addSessionParameterHeadersToFixedHeaders, createBasicAuthHeaderValue, getFixedHeaders, getHandleCookies, getSendBasicAuth, getSendUsernameToken, getSOAPHeaders, putResponseHeaders

Methods inherited from class org.apache.chemistry.opencmis.client.bindings.spi.AbstractAuthenticationProvider

getBearerToken, getHandlerResolver, getHostnameVerifier, getPassword, getProxyPassword, getProxyUser, getSession, getSSLSocketFactory, getUser

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

OAuthAuthenticationProvider

public OAuthAuthenticationProvider()

Method Detail

setSession

public void setSession(BindingSession session)

Description copied from class: AbstractAuthenticationProvider

Sets the BindingSession the authentication provider lives in.

Specified by:

setSession in interface SessionAwareAuthenticationProvider

Overrides:

setSession in class StandardAuthenticationProvider

getHTTPHeaders

public Map<String,List<String>> getHTTPHeaders(String url)

Description copied from interface: AuthenticationProvider

Returns a set of HTTP headers (key-value pairs) that should be added to a HTTP call. This will be called by the AtomPub and the Web Services binding. You might want to check the binding in use before you set the headers.

Specified by:

getHTTPHeaders in interface AuthenticationProvider

Overrides:

getHTTPHeaders in class StandardAuthenticationProvider

Parameters:

url - the URL of the HTTP call

Returns:

the HTTP headers or null if no additional headers should be set

getToken

public OAuthAuthenticationProvider.Token getToken()

Returns the current token.

Returns:

the current token

addTokenListener

public void addTokenListener(OAuthAuthenticationProvider.TokenListener listner)

Adds a token listener.

Parameters:

listner - the listener object

removeTokenListener

public void removeTokenListener(OAuthAuthenticationProvider.TokenListener listner)

Removes a token listener.

Parameters:

listner - the listener object

fireTokenListner

protected void fireTokenListner(OAuthAuthenticationProvider.Token token)

Lets all token listeners know that there is a new token.

getSendBearerToken

protected boolean getSendBearerToken()

Description copied from class: StandardAuthenticationProvider

Returns if an OAuth Bearer token header should be sent. (All bindings.)

Overrides:

getSendBearerToken in class StandardAuthenticationProvider

getAccessToken

protected String getAccessToken()

Gets the access token. If no access token is present or the access token is expired, a new token is requested.

Returns:

the access token