Package com.authlete.jaxrs

Class BaseResourceEndpoint

    • Constructor Detail

      • BaseResourceEndpoint

        public BaseResourceEndpoint()

    • Method Detail

      • extractAccessToken

        public String extractAccessToken​(String authorization,
                                 String accessTokenInRequestParameters)
        Extract an access token from either Authorization header or request parameters.

        The first argument expects a value of Authorization header that complies with RFC 6750 (Bearer Token Usage). If the argument contains an access token, this method returns the access token without checking the second argument.

        The second argument expects a value of access_token request parameter. The value of this argument is returned when the first argument does not contain an access token.

        Parameters:
        authorization - A value of Authorization header whose scheme is Bearer or DPoP. For example, "Bearer SlAV32hkKG".
        accessTokenInRequestParameters - A value of access_token request parameter.
        Returns:
        An access token.

      • validateAccessToken

        public AccessTokenInfo validateAccessToken​(com.authlete.common.api.AuthleteApi api,
                                           String accessToken)
                                    throws javax.ws.rs.WebApplicationException
        Validate an access token. This method is an alias of validateAccessToken(AuthleteApi, AccessTokenValidator.Params).
        Parameters:
        api - Implementation of AuthleteApi interface.
        accessToken - An access token to validate.
        Returns:
        Information about the access token.
        Throws:
        javax.ws.rs.WebApplicationException - The access token is invalid. To be concrete, the access token does not exist or it has expired.

      • validateAccessToken

        public AccessTokenInfo validateAccessToken​(com.authlete.common.api.AuthleteApi api,
                                           String accessToken,
                                           String[] requiredScopes)
                                    throws javax.ws.rs.WebApplicationException
        Validate an access token. This method is an alias of validateAccessToken(AuthleteApi, AccessTokenValidator.Params).
        Parameters:
        api - Implementation of AuthleteApi interface.
        accessToken - An access token to validate.
        requiredScopes - Scopes that must be associated with the access token. null is okay.
        Returns:
        Information about the access token.
        Throws:
        javax.ws.rs.WebApplicationException - The access token is invalid. To be concrete, one or more of the following conditions meet.
        1. The access token does not exist.
        2. The access token has expired.
        3. The access token does not cover the required scopes.

      • validateAccessToken

        public AccessTokenInfo validateAccessToken​(com.authlete.common.api.AuthleteApi api,
                                           String accessToken,
                                           String[] requiredScopes,
                                           String requiredSubject)
                                    throws javax.ws.rs.WebApplicationException
        Validate an access token. This method is an alias of validateAccessToken(AuthleteApi, AccessTokenValidator.Params).
        Parameters:
        api - Implementation of AuthleteApi interface.
        accessToken - An access token to validate.
        requiredScopes - Scopes that must be associated with the access token. null is okay.
        requiredSubject - Subject (= user's unique identifier) that must be associated with the access token. null is okay.
        Returns:
        Information about the access token.
        Throws:
        javax.ws.rs.WebApplicationException - The access token is invalid. To be concrete, one or more of the following conditions meet.
        1. The access token does not exist.
        2. The access token has expired.
        3. The access token does not cover the required scopes.

      • validateAccessToken

        public AccessTokenInfo validateAccessToken​(com.authlete.common.api.AuthleteApi api,
                                           String accessToken,
                                           String[] requiredScopes,
                                           String requiredSubject,
                                           String clientCertificate)
                                    throws javax.ws.rs.WebApplicationException
        Validate an access token. This method is an alias of validateAccessToken(AuthleteApi, AccessTokenValidator.Params).
        Parameters:
        api - Implementation of AuthleteApi interface.
        accessToken - An access token to validate.
        requiredScopes - Scopes that must be associated with the access token. null is okay.
        requiredSubject - Subject (= user's unique identifier) that must be associated with the access token. null is okay.
        clientCertificate - TLS Certificate of the client presented during a call to the resource server, used with TLS-bound access tokens. Can be null if no certificate is presented.
        Returns:
        Information about the access token.
        Throws:
        javax.ws.rs.WebApplicationException - The access token is invalid. To be concrete, one or more of the following conditions meet.
        1. The access token does not exist.
        2. The access token has expired.
        3. The access token does not cover the required scopes.
        4. The access token is not associated with the required subject.
        5. The access token is bound to a client certificate, but the given one does not match.
        Since:
        2.8

      • validateAccessToken

        public AccessTokenInfo validateAccessToken​(com.authlete.common.api.AuthleteApi api,
                                           AccessTokenValidator.Params params)
                                    throws javax.ws.rs.WebApplicationException
        Validate an access token.

        This method internally creates an AccessTokenValidator instance and calls its validate() method. Then, this method uses the value returned from the validate() method as a response from this method.

        When AccessTokenValidator.validate() method raises a WebApplicationException, this method calls onError() method with the exception. The default implementation of onError() does nothing. You can override the method as necessary. After calling onError() method, this method re-throws the exception. The response contained in the exception complies with the requirements described in RFC 6750 (The OAuth 2.0 Authorization Framework: Bearer Token Usage).

        Parameters:
        api - Implementation of AuthleteApi interface.
        params - Parameters needed for access token validation.
        Returns:
        Information about the access token.
        Throws:
        javax.ws.rs.WebApplicationException - The Access Token is invalid.
        Since:
        2.27

      • validateAccessToken

        public com.authlete.common.dto.IntrospectionResponse validateAccessToken​(com.authlete.common.api.AuthleteApi api,
                                                                         com.authlete.common.dto.IntrospectionRequest request)
                                                                  throws javax.ws.rs.WebApplicationException
        Throws:
        javax.ws.rs.WebApplicationException