Class OAuth2IntrospectValidator
- java.lang.Object
-
- org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator
-
- All Implemented Interfaces:
TokenValidator
public class OAuth2IntrospectValidator extends Object implements TokenValidator
A RFC-7662 (OAuth2 Token Introspection) compliantTokenValidator
.- Author:
- Pedro Igor
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
OAuth2IntrospectValidator.Builder
-
Field Summary
Fields Modifier and Type Field Description private String
clientId
private String
clientSecret
private int
connectionTimeout
private HostnameVerifier
hostnameVerifier
private int
readTimeout
private SSLContext
sslContext
private URL
tokenIntrospectionUrl
-
Constructor Summary
Constructors Constructor Description OAuth2IntrospectValidator(OAuth2IntrospectValidator.Builder configuration)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static OAuth2IntrospectValidator.Builder
builder()
Returns aOAuth2IntrospectValidator.Builder
instance that can be used to configure and create aOAuth2IntrospectValidator
.private byte[]
buildParameters(Map<String,String> parameters)
private jakarta.json.JsonObject
introspectAccessToken(URL tokenIntrospectionUrl, String clientId, String clientSecret, String token, SSLContext sslContext, HostnameVerifier hostnameVerifier)
Introspects an OAuth2 Access Token using a RFC-7662 compatible endpoint.private boolean
isValidToken(jakarta.json.JsonObject claims)
private HttpURLConnection
openConnection(URL url, SSLContext sslContext, HostnameVerifier hostnameVerifier)
Attributes
validate(BearerTokenEvidence evidence)
Validates aBearerTokenEvidence
and returns anAttributes
instance containing all information within a security token passed throughevidence
.
-
-
-
Field Detail
-
tokenIntrospectionUrl
private final URL tokenIntrospectionUrl
-
clientId
private final String clientId
-
clientSecret
private final String clientSecret
-
sslContext
private final SSLContext sslContext
-
hostnameVerifier
private final HostnameVerifier hostnameVerifier
-
connectionTimeout
private final int connectionTimeout
-
readTimeout
private final int readTimeout
-
-
Constructor Detail
-
OAuth2IntrospectValidator
OAuth2IntrospectValidator(OAuth2IntrospectValidator.Builder configuration)
-
-
Method Detail
-
builder
public static OAuth2IntrospectValidator.Builder builder()
Returns aOAuth2IntrospectValidator.Builder
instance that can be used to configure and create aOAuth2IntrospectValidator
.- Returns:
- the
OAuth2IntrospectValidator.Builder
-
validate
public Attributes validate(BearerTokenEvidence evidence) throws RealmUnavailableException
Description copied from interface:TokenValidator
Validates a
BearerTokenEvidence
and returns anAttributes
instance containing all information within a security token passed throughevidence
.- Specified by:
validate
in interfaceTokenValidator
- Parameters:
evidence
- aBearerTokenEvidence
holding the security token to validate- Returns:
- an
Attributes
instance containing all information from the security token, when valid. Otherwise, this method returns null to indicate that the security token is invalid - Throws:
RealmUnavailableException
- if any error occurs when validating the evidence
-
isValidToken
private boolean isValidToken(jakarta.json.JsonObject claims)
-
introspectAccessToken
private jakarta.json.JsonObject introspectAccessToken(URL tokenIntrospectionUrl, String clientId, String clientSecret, String token, SSLContext sslContext, HostnameVerifier hostnameVerifier) throws RealmUnavailableException
Introspects an OAuth2 Access Token using a RFC-7662 compatible endpoint.- Parameters:
tokenIntrospectionUrl
- anURL
pointing to a RFC-7662 compatible endpointclientId
- the identifier of a client within the OAUth2 Authorization ServerclientSecret
- the secret of the clienttoken
- the access token to introspectsslContext
- the ssl contexthostnameVerifier
- the hostname verifier- Returns:
- a @{JsonObject} representing the response from the introspection endpoint or null if
- Throws:
RealmUnavailableException
-
openConnection
private HttpURLConnection openConnection(URL url, SSLContext sslContext, HostnameVerifier hostnameVerifier) throws IOException
- Throws:
IOException
-
buildParameters
private byte[] buildParameters(Map<String,String> parameters) throws UnsupportedEncodingException
- Throws:
UnsupportedEncodingException
-
-