Package org.wildfly.security.auth.realm.token.validator

Class OAuth2IntrospectValidator

java.lang.Object

org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator

All Implemented Interfaces:

TokenValidator

public class OAuth2IntrospectValidator
extends Object
implements TokenValidator

A RFC-7662 (OAuth2 Token Introspection) compliant TokenValidator.

Author:

Pedro Igor

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	OAuth2IntrospectValidator.Builder

Field Summary

Fields

Modifier and Type	Field	Description
private String	clientId
private String	clientSecret
private int	connectionTimeout
private HostnameVerifier	hostnameVerifier
private int	readTimeout
private SSLContext	sslContext
private URL	tokenIntrospectionUrl

Constructor Summary

Constructors

Constructor	Description
OAuth2IntrospectValidator(OAuth2IntrospectValidator.Builder configuration)

Method Summary

Modifier and Type	Method	Description
static OAuth2IntrospectValidator.Builder	builder()	Returns a OAuth2IntrospectValidator.Builder instance that can be used to configure and create a OAuth2IntrospectValidator.
private byte[]	buildParameters(Map<String,String> parameters)
private jakarta.json.JsonObject	introspectAccessToken(URL tokenIntrospectionUrl, String clientId, String clientSecret, String token, SSLContext sslContext, HostnameVerifier hostnameVerifier)	Introspects an OAuth2 Access Token using a RFC-7662 compatible endpoint.
private boolean	isValidToken(jakarta.json.JsonObject claims)
private HttpURLConnection	openConnection(URL url, SSLContext sslContext, HostnameVerifier hostnameVerifier)
Attributes	validate(BearerTokenEvidence evidence)	Validates a BearerTokenEvidence and returns an Attributes instance containing all information within a security token passed through evidence.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

tokenIntrospectionUrl

private final URL tokenIntrospectionUrl

clientId

private final String clientId

clientSecret

private final String clientSecret

sslContext

private final SSLContext sslContext

hostnameVerifier

private final HostnameVerifier hostnameVerifier

connectionTimeout

private final int connectionTimeout

readTimeout

private final int readTimeout

Constructor Detail

OAuth2IntrospectValidator

OAuth2IntrospectValidator(OAuth2IntrospectValidator.Builder configuration)

Method Detail

builder

public static OAuth2IntrospectValidator.Builder builder()

Returns a OAuth2IntrospectValidator.Builder instance that can be used to configure and create a OAuth2IntrospectValidator.

Returns:

the OAuth2IntrospectValidator.Builder

validate

public Attributes validate(BearerTokenEvidence evidence)
                    throws RealmUnavailableException

Description copied from interface: TokenValidator

Validates a BearerTokenEvidence and returns an Attributes instance containing all information within a security token passed through evidence.

Specified by:

validate in interface TokenValidator

Parameters:

evidence - a BearerTokenEvidence holding the security token to validate

Returns:

an Attributes instance containing all information from the security token, when valid. Otherwise, this method returns null to indicate that the security token is invalid

Throws:

RealmUnavailableException - if any error occurs when validating the evidence

isValidToken

private boolean isValidToken(jakarta.json.JsonObject claims)

introspectAccessToken

private jakarta.json.JsonObject introspectAccessToken(URL tokenIntrospectionUrl,
                                                      String clientId,
                                                      String clientSecret,
                                                      String token,
                                                      SSLContext sslContext,
                                                      HostnameVerifier hostnameVerifier)
                                               throws RealmUnavailableException

Introspects an OAuth2 Access Token using a RFC-7662 compatible endpoint.

Parameters:

tokenIntrospectionUrl - an URL pointing to a RFC-7662 compatible endpoint

clientId - the identifier of a client within the OAUth2 Authorization Server

clientSecret - the secret of the client

token - the access token to introspect

sslContext - the ssl context

hostnameVerifier - the hostname verifier

Returns:

a @{JsonObject} representing the response from the introspection endpoint or null if

Throws:

RealmUnavailableException

openConnection

private HttpURLConnection openConnection(URL url,
                                         SSLContext sslContext,
                                         HostnameVerifier hostnameVerifier)
                                  throws IOException

Throws:

IOException

buildParameters

private byte[] buildParameters(Map<String,String> parameters)
                        throws UnsupportedEncodingException

Throws:

UnsupportedEncodingException