Search in sources :

Example 1 with AccessTokenValidator

use of org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator in project cxf by apache.

the class AbstractAccessTokenValidator method getAccessTokenValidation.

/**
 * Get the access token
 */
protected AccessTokenValidation getAccessTokenValidation(String authScheme, String authSchemeData, MultivaluedMap<String, String> extraProps) {
    if (dataProvider == null && tokenHandlers.isEmpty()) {
        throw ExceptionUtils.toInternalServerErrorException(null, null);
    }
    AccessTokenValidation accessTokenV = null;
    if (maxValidationDataCacheSize > 0) {
        accessTokenV = accessTokenValidations.get(authSchemeData);
    }
    ServerAccessToken localAccessToken = null;
    if (accessTokenV == null) {
        // Get the registered handler capable of processing the token
        AccessTokenValidator handler = findTokenValidator(authScheme);
        if (handler != null) {
            try {
                // Convert the HTTP Authorization scheme data into a token
                accessTokenV = handler.validateAccessToken(getMessageContext(), authScheme, authSchemeData, extraProps);
            } catch (RuntimeException ex) {
                AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(authScheme), realm);
            }
        }
        // Default processing if no registered providers available
        if (accessTokenV == null && dataProvider != null && authScheme.equals(DEFAULT_AUTH_SCHEME)) {
            try {
                String cacheKey = authSchemeData;
                if (!persistJwtEncoding) {
                    JoseJwtConsumer theConsumer = jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer;
                    JwtToken token = theConsumer.getJwtToken(authSchemeData);
                    cacheKey = token.getClaims().getTokenId();
                }
                localAccessToken = dataProvider.getAccessToken(cacheKey);
            } catch (JwtException | OAuthServiceException ex) {
            // to be handled next
            }
            if (localAccessToken == null) {
                AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(authScheme), realm);
            }
            accessTokenV = new AccessTokenValidation(localAccessToken);
        }
    }
    if (accessTokenV == null) {
        AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
    }
    // Check if token is still valid
    if (OAuthUtils.isExpired(accessTokenV.getTokenIssuedAt(), accessTokenV.getTokenLifetime())) {
        if (localAccessToken != null) {
            removeAccessToken(localAccessToken);
        } else if (maxValidationDataCacheSize > 0) {
            accessTokenValidations.remove(authSchemeData);
        }
        AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
    }
    // Check nbf property
    if (accessTokenV.getTokenNotBefore() > 0 && accessTokenV.getTokenNotBefore() > System.currentTimeMillis() / 1000L) {
        AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
    }
    if (maxValidationDataCacheSize > 0) {
        if (accessTokenValidations.size() >= maxValidationDataCacheSize) {
            // or delete the ones expiring sooner than others, etc
            accessTokenValidations.clear();
        }
        accessTokenValidations.put(authSchemeData, accessTokenV);
    }
    return accessTokenV;
}
Also used : AccessTokenValidator(org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator) JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) AccessTokenValidation(org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation) JwtException(org.apache.cxf.rs.security.jose.jwt.JwtException) JoseJwtConsumer(org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer)

Aggregations

JoseJwtConsumer (org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer)1 JwtException (org.apache.cxf.rs.security.jose.jwt.JwtException)1 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)1 AccessTokenValidation (org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation)1 ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)1 AccessTokenValidator (org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator)1 OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)1