Package com.nimbusds.common.oauth2
Interface MasterAccessTokenValidator
- All Known Implementing Classes:
BasicAccessTokenValidator,SHA256BasedAccessTokenValidator
public interface MasterAccessTokenValidator
Master access token validator. Intended for validation of master API access
tokens for the Connect2id server and elsewhere.
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic classBearer token error response. -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final MasterAccessTokenValidator.ErrorResponseError response: Invalid OAuth 2.0 Bearer access token.static final MasterAccessTokenValidator.ErrorResponseError response: Missing OAuth 2.0 Bearer access token.static final MasterAccessTokenValidator.ErrorResponseError response: Web API disabled. -
Method Summary
Modifier and TypeMethodDescriptionbooleanReturnstrueif access is disabled (no access token configured).static byte[]computeSHA256(com.nimbusds.oauth2.sdk.token.BearerAccessToken token, byte[] salt) Computes the SHA-256 hash of the specified Bearer access token.org.apache.logging.log4j.LoggerGets the optional logger.booleanisValid(com.nimbusds.oauth2.sdk.token.BearerAccessToken accessToken) Returnstrueif the specified bearer access token is valid.voidsetLogger(org.apache.logging.log4j.Logger log) Sets the optional logger.booleanvalidateBearerAccessToken(jakarta.servlet.http.HttpServletRequest servletRequest, jakarta.servlet.http.HttpServletResponse servletResponse) Validates a bearer access token passed in the specified HTTP servlet request.voidvalidateBearerAccessToken(String authzHeader) Validates a bearer access token passed in the specified HTTP Authorization header value.
-
Field Details
-
MISSING_BEARER_TOKEN
Error response: Missing OAuth 2.0 Bearer access token. -
INVALID_BEARER_TOKEN
Error response: Invalid OAuth 2.0 Bearer access token. -
WEB_API_DISABLED
Error response: Web API disabled.
-
-
Method Details
-
computeSHA256
Computes the SHA-256 hash of the specified Bearer access token.- Parameters:
token- The Bearer access token. Must not benull.salt- Optional salt to use,nullif none.- Returns:
- The computed SHA-256 hash.
-
accessIsDisabled
boolean accessIsDisabled()Returnstrueif access is disabled (no access token configured).- Returns:
trueif access is disabled, elsefalse.
-
getLogger
org.apache.logging.log4j.Logger getLogger()Gets the optional logger.- Returns:
- The logger,
nullif not specified.
-
setLogger
Sets the optional logger.- Parameters:
log- The logger,nullif not specified.
-
isValid
Returnstrueif the specified bearer access token is valid.- Parameters:
accessToken- The bearer access token to check,nullif not specified.- Returns:
trueif the specified bearer access token is valid, elsefalse.
-
validateBearerAccessToken
Validates a bearer access token passed in the specified HTTP Authorization header value.- Parameters:
authzHeader- The HTTP Authorization header value,nullif not specified.- Throws:
jakarta.ws.rs.WebApplicationException- If the header value isnull, the web API is disabled, or the Bearer access token is missing or invalid.
-
validateBearerAccessToken
boolean validateBearerAccessToken(jakarta.servlet.http.HttpServletRequest servletRequest, jakarta.servlet.http.HttpServletResponse servletResponse) throws IOException Validates a bearer access token passed in the specified HTTP servlet request.- Parameters:
servletRequest- The HTTP servlet request. Must not benull.servletResponse- The HTTP servlet response. Must not benull.- Returns:
trueif the bearer access token was successfully validated,false.- Throws:
IOException- If the response couldn't be written.
-