Example 1 with AccessTokenValidator
use of org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator in project cxf by apache.
the class AbstractAccessTokenValidator method getAccessTokenValidation.
/**
* Get the access token
*/
protected AccessTokenValidation getAccessTokenValidation(String authScheme, String authSchemeData, MultivaluedMap<String, String> extraProps) {
if (dataProvider == null && tokenHandlers.isEmpty()) {
throw ExceptionUtils.toInternalServerErrorException(null, null);
}
AccessTokenValidation accessTokenV = null;
if (maxValidationDataCacheSize > 0) {
accessTokenV = accessTokenValidations.get(authSchemeData);
}
ServerAccessToken localAccessToken = null;
if (accessTokenV == null) {
// Get the registered handler capable of processing the token
AccessTokenValidator handler = findTokenValidator(authScheme);
if (handler != null) {
try {
// Convert the HTTP Authorization scheme data into a token
accessTokenV = handler.validateAccessToken(getMessageContext(), authScheme, authSchemeData, extraProps);
} catch (RuntimeException ex) {
AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(authScheme), realm);
}
}
// Default processing if no registered providers available
if (accessTokenV == null && dataProvider != null && authScheme.equals(DEFAULT_AUTH_SCHEME)) {
try {
String cacheKey = authSchemeData;
if (!persistJwtEncoding) {
JoseJwtConsumer theConsumer = jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer;
JwtToken token = theConsumer.getJwtToken(authSchemeData);
cacheKey = token.getClaims().getTokenId();
}
localAccessToken = dataProvider.getAccessToken(cacheKey);
} catch (JwtException | OAuthServiceException ex) {
// to be handled next
}
if (localAccessToken == null) {
AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(authScheme), realm);
}
accessTokenV = new AccessTokenValidation(localAccessToken);
}
}
if (accessTokenV == null) {
AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
}
// Check if token is still valid
if (OAuthUtils.isExpired(accessTokenV.getTokenIssuedAt(), accessTokenV.getTokenLifetime())) {
if (localAccessToken != null) {
removeAccessToken(localAccessToken);
} else if (maxValidationDataCacheSize > 0) {
accessTokenValidations.remove(authSchemeData);
}
AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
}
// Check nbf property
if (accessTokenV.getTokenNotBefore() > 0 && accessTokenV.getTokenNotBefore() > System.currentTimeMillis() / 1000L) {
AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
}
if (maxValidationDataCacheSize > 0) {
if (accessTokenValidations.size() >= maxValidationDataCacheSize) {
// or delete the ones expiring sooner than others, etc
accessTokenValidations.clear();
}
accessTokenValidations.put(authSchemeData, accessTokenV);
}
return accessTokenV;
}
Also used :
AccessTokenValidator(org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator)
JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken)
ServerAccessToken(org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)
OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)
AccessTokenValidation(org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation)
JwtException(org.apache.cxf.rs.security.jose.jwt.JwtException)
JoseJwtConsumer(org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer)
Aggregations
JoseJwtConsumer (org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer)1
JwtException (org.apache.cxf.rs.security.jose.jwt.JwtException)1
JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)1
AccessTokenValidation (org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation)1
ServerAccessToken (org.apache.cxf.rs.security.oauth2.common.ServerAccessToken)1
AccessTokenValidator (org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator)1
OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)1
