Class BearerTokenServlet

  • All Implemented Interfaces:
    TransactionFilter, edu.uiuc.ncsa.security.core.Logable, Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig
    Direct Known Subclasses:
    TokenManagerServlet, UserInfoServlet

    public abstract class BearerTokenServlet
    extends MyProxyDelegationServlet
    For endpoints that use bearer tokens. The issue is that bearer tokens may be JWTs and have to be verified, but the information to do so is not available until the transaction is recovered -- which may also be the result of a previous token exchange. Therefore this will do all the checks in a single method to get the right thing. Used by the UserInfoServlet, RFC7662 and RFC7009.

    Created by Jeff Gaynor
    on 5/19/21 at 12:19 PM

    See Also:
    Serialized Form