Package com.nimbusds.common.oauth2
Interface MasterAccessTokenValidator
- All Known Implementing Classes:
BasicAccessTokenValidator
,SHA256BasedAccessTokenValidator
public interface MasterAccessTokenValidator
Master access token validator. Intended for validation of master API access
tokens for the Connect2id server and elsewhere.
-
Nested Class Summary
Modifier and TypeInterfaceDescriptionstatic class
Bearer token error response. -
Field Summary
Modifier and TypeFieldDescriptionstatic final MasterAccessTokenValidator.ErrorResponse
Error response: Invalid OAuth 2.0 Bearer access token.static final MasterAccessTokenValidator.ErrorResponse
Error response: Missing OAuth 2.0 Bearer access token.static final MasterAccessTokenValidator.ErrorResponse
Error response: Web API disabled. -
Method Summary
Modifier and TypeMethodDescriptionboolean
Returnstrue
if access is disabled (no access token configured).static byte[]
computeSHA256
(com.nimbusds.oauth2.sdk.token.BearerAccessToken token, byte[] salt) Computes the SHA-256 hash of the specified Bearer access token.org.apache.logging.log4j.Logger
Gets the optional logger.boolean
isValid
(com.nimbusds.oauth2.sdk.token.BearerAccessToken accessToken) Returnstrue
if the specified bearer access token is valid.void
setLogger
(org.apache.logging.log4j.Logger log) Sets the optional logger.boolean
validateBearerAccessToken
(jakarta.servlet.http.HttpServletRequest servletRequest, jakarta.servlet.http.HttpServletResponse servletResponse) Validates a bearer access token passed in the specified HTTP servlet request.void
validateBearerAccessToken
(String authzHeader) Validates a bearer access token passed in the specified HTTP Authorization header value.
-
Field Details
-
MISSING_BEARER_TOKEN
Error response: Missing OAuth 2.0 Bearer access token. -
INVALID_BEARER_TOKEN
Error response: Invalid OAuth 2.0 Bearer access token. -
WEB_API_DISABLED
Error response: Web API disabled.
-
-
Method Details
-
computeSHA256
Computes the SHA-256 hash of the specified Bearer access token.- Parameters:
token
- The Bearer access token. Must not benull
.salt
- Optional salt to use,null
if none.- Returns:
- The computed SHA-256 hash.
-
accessIsDisabled
boolean accessIsDisabled()Returnstrue
if access is disabled (no access token configured).- Returns:
true
if access is disabled, elsefalse
.
-
getLogger
org.apache.logging.log4j.Logger getLogger()Gets the optional logger.- Returns:
- The logger,
null
if not specified.
-
setLogger
Sets the optional logger.- Parameters:
log
- The logger,null
if not specified.
-
isValid
Returnstrue
if the specified bearer access token is valid.- Parameters:
accessToken
- The bearer access token to check,null
if not specified.- Returns:
true
if the specified bearer access token is valid, elsefalse
.
-
validateBearerAccessToken
Validates a bearer access token passed in the specified HTTP Authorization header value.- Parameters:
authzHeader
- The HTTP Authorization header value,null
if not specified.- Throws:
jakarta.ws.rs.WebApplicationException
- If the header value isnull
, the web API is disabled, or the Bearer access token is missing or invalid.
-
validateBearerAccessToken
boolean validateBearerAccessToken(jakarta.servlet.http.HttpServletRequest servletRequest, jakarta.servlet.http.HttpServletResponse servletResponse) throws IOException Validates a bearer access token passed in the specified HTTP servlet request.- Parameters:
servletRequest
- The HTTP servlet request. Must not benull
.servletResponse
- The HTTP servlet response. Must not benull
.- Returns:
true
if the bearer access token was successfully validated,false
.- Throws:
IOException
- If the response couldn't be written.
-