Bearer

The following code fragment shows how a BearerAccessToken utility class can be used to create Bearer tokens:

import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration; 
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; 
import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken; 

public class CustomOAuthDataProvider implements AuthorizationCodeDataProvider { 

   public ServerAccessToken createAccessToken(AccessTokenRegistration reg) 
      throws OAuthServiceException { 

      ServerAccessToken token = new BearerAccessToken(reg.getClient(), 3600L); 

      List<String> scope = reg.getApprovedScope().isEmpty() ? 
         reg.getRequestedScope() : reg.getApprovedScope(); 
      token.setScopes(convertScopeToPermissions(reg.getClient(), scope)); 
      token.setSubject(reg.getSubject()); 
      token.setGrantType(reg.getGrantType()); 

      // persist as needed and then return 

      return token; 
   } 
   // other methods not shown
}

CustomOAuthDataProvider will also be asked by OAuthRequestFilter to validate the incoming Bearer tokens given that they typically act as database key or key alias, if no Bearer token validator is registered.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here