Package com.nimbusds.common.oauth2

Class BasicAccessTokenValidator

java.lang.Object

com.nimbusds.common.oauth2.BasicAccessTokenValidator

All Implemented Interfaces:

MasterAccessTokenValidator

@ThreadSafe
public class BasicAccessTokenValidator
extends Object

Basic access token validator. Supports servlet-based and JAX-RS based web applications.

Nested Class Summary

Nested classes/interfaces inherited from interface com.nimbusds.common.oauth2.MasterAccessTokenValidator

MasterAccessTokenValidator.ErrorResponse

Field Summary

Fields

Modifier and Type	Field	Description
protected final List<byte[]>	expectedTokenHashes	The expected access token hashes, empty list if access to the web API is disabled.
protected byte[]	hashSalt	Optional salt for computing the SHA-256 hashes.
protected org.apache.logging.log4j.Logger	log	Optional logger.

Fields inherited from interface com.nimbusds.common.oauth2.MasterAccessTokenValidator

INVALID_BEARER_TOKEN, MISSING_BEARER_TOKEN, WEB_API_DISABLED

Constructor Summary

Constructors

Constructor	Description
BasicAccessTokenValidator(com.nimbusds.oauth2.sdk.token.BearerAccessToken accessToken)	Creates a new basic access token validator.
BasicAccessTokenValidator(com.nimbusds.oauth2.sdk.token.BearerAccessToken... accessTokens)	Creates a new basic access token validator.

Method Summary

Modifier and Type	Method	Description
boolean	accessIsDisabled()	Returns true if access is disabled (no access token configured).
org.apache.logging.log4j.Logger	getLogger()	Gets the optional logger.
int	getNumberConfiguredTokens()	Returns the number of configured tokens.
boolean	isValid(com.nimbusds.oauth2.sdk.token.BearerAccessToken accessToken)	Returns true if the specified bearer access token is valid.
void	setLogger(org.apache.logging.log4j.Logger log)	Sets the optional logger.
boolean	validateBearerAccessToken(jakarta.servlet.http.HttpServletRequest servletRequest, jakarta.servlet.http.HttpServletResponse servletResponse)	Validates a bearer access token passed in the specified HTTP servlet request.
void	validateBearerAccessToken(String authzHeader)	Validates a bearer access token passed in the specified HTTP Authorization header value.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

expectedTokenHashes

protected final List<byte[]> expectedTokenHashes

The expected access token hashes, empty list if access to the web API is disabled.

hashSalt

protected byte[] hashSalt

Optional salt for computing the SHA-256 hashes.

log

protected org.apache.logging.log4j.Logger log

Optional logger.

Constructor Details

BasicAccessTokenValidator

public BasicAccessTokenValidator(com.nimbusds.oauth2.sdk.token.BearerAccessToken accessToken)

Creates a new basic access token validator.

Parameters:

accessToken - The Bearer access token. If null access to the web API will be disabled.

BasicAccessTokenValidator

public BasicAccessTokenValidator(com.nimbusds.oauth2.sdk.token.BearerAccessToken... accessTokens)

Creates a new basic access token validator.

Parameters:

accessTokens - The Bearer access tokens. If null access to the web API will be disabled.

Method Details

validateBearerAccessToken

public void validateBearerAccessToken(String authzHeader)
                               throws jakarta.ws.rs.WebApplicationException

Description copied from interface: MasterAccessTokenValidator

Validates a bearer access token passed in the specified HTTP Authorization header value.

Parameters:

authzHeader - The HTTP Authorization header value, null if not specified.

Throws:

jakarta.ws.rs.WebApplicationException - If the header value is null, the web API is disabled, or the Bearer access token is missing or invalid.

validateBearerAccessToken

public boolean validateBearerAccessToken(jakarta.servlet.http.HttpServletRequest servletRequest,
 jakarta.servlet.http.HttpServletResponse servletResponse)
                                  throws IOException

Description copied from interface: MasterAccessTokenValidator

Validates a bearer access token passed in the specified HTTP servlet request.

Parameters:

servletRequest - The HTTP servlet request. Must not be null.

servletResponse - The HTTP servlet response. Must not be null.

Returns:

true if the bearer access token was successfully validated, false.

Throws:

IOException - If the response couldn't be written.

accessIsDisabled

public boolean accessIsDisabled()

Description copied from interface: MasterAccessTokenValidator

Returns true if access is disabled (no access token configured).

Specified by:

accessIsDisabled in interface MasterAccessTokenValidator

Returns:

true if access is disabled, else false.

isValid

public boolean isValid(com.nimbusds.oauth2.sdk.token.BearerAccessToken accessToken)

Description copied from interface: MasterAccessTokenValidator

Returns true if the specified bearer access token is valid.

Specified by:

isValid in interface MasterAccessTokenValidator

Parameters:

accessToken - The bearer access token to check, null if not specified.

Returns:

true if the specified bearer access token is valid, else false.

getLogger

public org.apache.logging.log4j.Logger getLogger()

Description copied from interface: MasterAccessTokenValidator

Gets the optional logger.

Specified by:

getLogger in interface MasterAccessTokenValidator

Returns:

The logger, null if not specified.

setLogger

public void setLogger(org.apache.logging.log4j.Logger log)

Description copied from interface: MasterAccessTokenValidator

Sets the optional logger.

Specified by:

setLogger in interface MasterAccessTokenValidator

Parameters:

log - The logger, null if not specified.

getNumberConfiguredTokens

public int getNumberConfiguredTokens()

Returns the number of configured tokens.

Returns:

The number of configured tokens, zero if none.