OAuth Server JAX-RS endpoints

OAuth Server JAX-RS endpoints - 8.0

Talend ESB Service Developer Guide

Version

8.0

Language

English

Product

Talend Data Fabric

Talend Data Services Platform

Talend ESB

Talend MDM Platform

Talend Open Studio for ESB

Talend Real-Time Big Data Platform

Module

Talend ESB

Talend Runtime

Content

Design and Development

Installation and Upgrade

Last publication date

2023-11-06

With CXF offering OAuth service implementations and a custom OAuthDataProvider provider in place, it is time to deploy the OAuth2 server. Most likely, you'd want to deploy AccessTokenService as an independent JAX-RS endpoint, for example:

<!-- implements OAuthDataProvider -->
<bean id="oauthProvider" class="oauth.manager.OAuthManager"/>
     
<bean id="accessTokenService" 
  class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
  <property name="dataProvider" ref="oauthProvider"/>
</bean>

<jaxrs:server id="oauthServer" address="/oauth">
   <jaxrs:serviceBeans>
      <ref bean="accessTokenService"/>
  </jaxrs:serviceBeans>
</jaxrs:server>

AccessTokenService listens on a relative "/token" path. Given that jaxrs:server/@adress is "/oauth" and assuming a context name is "/services", the absolute address of AccessTokenService would be something like http://localhost:8080/services/oauth/token.

AuthorizationCodeGrantService is better to put where the main application endpoint is. It can be put alongside AccessTokenService - but the problem is that the end user is expected to authenticate itself with the resource server after it has been redirected by a third-party client to AuthorizationCodeGrantService. That would make it more complex for the OAuth server endpoint to manage both OAuth (third-party client) and the regular user authentication - that can be done, see more on it below in the Design considerations section, but the simpler option is to simply get AuthorizationCodeGrantService under the control of the security filter enforcing the end user authentication:

<bean id="authorizationService" 
  class="org.apache.cxf.rs.security.oauth2.services.  //
         AuthorizationCodeGrantService">
  <property name="dataProvider" ref="oauthProvider"/>
</bean>

<bean id="myApp" class="org.myapp.MyApp">
  <property name="dataProvider" ref="oauthProvider"/>
</bean>

<jaxrs:server id="oauthServer" address="/myapp">
   <jaxrs:serviceBeans>
      <ref bean="myApp"/>
      <ref bean="authorizationService"/>
  </jaxrs:serviceBeans>
</jaxrs:server>

AuthorizationCodeGrantService listens on a relative "/authorize" path so in this case its absolute address will be something like http://localhost:8080/services/myapp/authorize. This address and that of AccessTokenService will be used by third-party clients.