Package org.oa4mp.server.loader.oauth2.servlet

Class BearerTokenServlet

java.lang.Object

javax.servlet.GenericServlet

javax.servlet.http.HttpServlet

edu.uiuc.ncsa.security.servlet.AbstractServlet

org.oa4mp.server.api.storage.servlet.EnvServlet

org.oa4mp.server.api.storage.servlet.OA4MPServlet

org.oa4mp.server.loader.oauth2.servlet.BearerTokenServlet

All Implemented Interfaces:

edu.uiuc.ncsa.security.core.Logable, Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig, TransactionFilter

Direct Known Subclasses:

TokenManagerServlet, UserInfoServlet

public abstract class BearerTokenServlet
extends OA4MPServlet

For endpoints that use bearer tokens. The issue is that bearer tokens may be JWTs and have to be verified, but the information to do so is not available until the transaction is recovered -- which may also be the result of a previous token exchange. Therefore this will do all the checks in a single method to get the right thing. Used by the UserInfoServlet, RFC7662 and RFC7009.

Created by Jeff Gaynor
on 5/19/21 at 12:19 PM

See Also:

Serialized Form

Field Summary

Fields inherited from class org.oa4mp.server.api.storage.servlet.OA4MPServlet

caThread, kpt, lastAccessedThread, transactionCleanup

Fields inherited from class org.oa4mp.server.api.storage.servlet.EnvServlet

ERROR_NOTIFICATION_BODY_KEY, ERROR_NOTIFICATION_SUBJECT_KEY, notificationListeners, storeUpdatesDone

Fields inherited from class edu.uiuc.ncsa.security.servlet.AbstractServlet

environment, initialization, IP_HEADERS, PING_PARAMETER

Constructor Summary

Constructors

Constructor	Description
BearerTokenServlet()

Method Summary

Modifier and Type	Method	Description
protected OA2ServiceTransaction	findTransaction(AccessTokenImpl at, TokenManagerServlet.State state)	Find the transaction associated with the access token.

Methods inherited from class org.oa4mp.server.api.storage.servlet.OA4MPServlet

checkAdminClientStatus, checkClientApproval, createDebugger, destroy, getAGI, getATI, getClient, getClient, getClient, getFirstParameters, getFirstParameterValue, getGrantIDFromRequest, getServiceEnvironment, getTransaction, getTransactionByGrantID, getTransactionStore, isEmpty, loadProperties2, newTransaction, postprocess, preprocess, realStoreUpdates, say, shutdownCleanup, storeUpdates, verifyAndGet

Methods inherited from class org.oa4mp.server.api.storage.servlet.EnvServlet

addNotificationListener, loadEnvironment, processStoreCheck, removeNotificationListener

Methods inherited from class edu.uiuc.ncsa.security.servlet.AbstractServlet

checkContentType, CONST, debug, doGet, doIt, doPing, doPost, error, error, getConfigurationLoader, getEnvironment, getExceptionHandler, getInitialization, getMyLogger, getRequestIPAddress, handleException, info, init, isDebugOn, logOK, logOK, printAllParameters, printAllParameters, resetState, setConfigurationLoader, setDebugOn, setEnvironment, setExceptionHandler, setInitialization, warn

Methods inherited from class javax.servlet.http.HttpServlet

doDelete, doHead, doOptions, doPut, doTrace, getLastModified, service, service

Methods inherited from class javax.servlet.GenericServlet

getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, log, log

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BearerTokenServlet

public BearerTokenServlet()

Method Detail

findTransaction

protected OA2ServiceTransaction findTransaction(AccessTokenImpl at,
                                                TokenManagerServlet.State state)
                                         throws IOException

Find the transaction associated with the access token. Note that this will not return a null, but will throw a general error that the token was not found.

Parameters:

at -

state -

Returns:

Throws:

IOException