Class OA2HeaderUtils
- java.lang.Object
-
- edu.uiuc.ncsa.security.servlet.HeaderUtils
-
- org.oa4mp.server.loader.oauth2.servlet.OA2HeaderUtils
-
public class OA2HeaderUtils extends edu.uiuc.ncsa.security.servlet.HeaderUtilsUtilities for dealing with getting tokens that may be either sent as parameters or in the authorization header . Note that you should check that if a user sends both, that they match and throw an exception if they do not.Created by Jeff Gaynor
on 9/25/17 at 5:33 PM
-
-
Constructor Summary
Constructors Constructor Description OA2HeaderUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static BaseClientfindRFC7523Client(javax.servlet.http.HttpServletRequest request, OA2SE oa2SE, net.sf.json.JSONObject json)Finds the client from the §2.1 JSONRFC7523Constants.CLIENT_ASSERTION-- admin or regular -- and verifies that it is valid, has been approved etc.static BaseClientgetAndVerifyRFC7523Client(javax.servlet.http.HttpServletRequest request, OA2SE oa2SE)Assumption is that the request has the correctRFC7523Constants.CLIENT_ASSERTION_TYPEofRFC7523Constants.ASSERTION_JWT_BEARER, so we are decoding that.static BaseClientgetAndVerifyRFC7523Client(javax.servlet.http.HttpServletRequest request, OA2SE oa2SE, boolean isDeviceFlow)Just carries out verifying RFC 7523 §2.1.static StringgetATFromParameter(javax.servlet.http.HttpServletRequest request)static edu.uiuc.ncsa.security.core.IdentifiergetIDFromParameters(javax.servlet.http.HttpServletRequest request)static OA2ClientgetRFC7523Client(javax.servlet.http.HttpServletRequest request, OA2SE oa2SE)static voidverifyRFC7523Client(OA2Client client, javax.servlet.http.HttpServletRequest request, OA2SE oa2SE)-
Methods inherited from class edu.uiuc.ncsa.security.servlet.HeaderUtils
getAuthHeader, getBasicHeader, getBearerAuthHeader, getCredentialsFromHeaders, getCredentialsFromHeaders, getFirstParameters, getFirstParameterValue, getIDFromHeaders, getParameters, getSecretFromHeaders, hasBasicHeader, hasBearerHeader, headerToJSON, headerToJSON, throwException
-
-
-
-
Method Detail
-
getATFromParameter
public static String getATFromParameter(javax.servlet.http.HttpServletRequest request)
-
getIDFromParameters
public static edu.uiuc.ncsa.security.core.Identifier getIDFromParameters(javax.servlet.http.HttpServletRequest request)
-
findRFC7523Client
public static BaseClient findRFC7523Client(javax.servlet.http.HttpServletRequest request, OA2SE oa2SE, net.sf.json.JSONObject json) throws NoSuchAlgorithmException, InvalidKeySpecException
Finds the client from the §2.1 JSONRFC7523Constants.CLIENT_ASSERTION-- admin or regular -- and verifies that it is valid, has been approved etc.- Parameters:
request-oa2SE-- Returns:
- Throws:
NoSuchAlgorithmExceptionInvalidKeySpecException
-
getAndVerifyRFC7523Client
public static BaseClient getAndVerifyRFC7523Client(javax.servlet.http.HttpServletRequest request, OA2SE oa2SE) throws NoSuchAlgorithmException, InvalidKeySpecException
Assumption is that the request has the correctRFC7523Constants.CLIENT_ASSERTION_TYPEofRFC7523Constants.ASSERTION_JWT_BEARER, so we are decoding that.- Parameters:
request-- Throws:
NoSuchAlgorithmExceptionInvalidKeySpecException
-
getAndVerifyRFC7523Client
public static BaseClient getAndVerifyRFC7523Client(javax.servlet.http.HttpServletRequest request, OA2SE oa2SE, boolean isDeviceFlow) throws NoSuchAlgorithmException, InvalidKeySpecException
Just carries out verifying RFC 7523 §2.1. It returns the authorizing client- Parameters:
request-oa2SE-isDeviceFlow-- Returns:
- Throws:
NoSuchAlgorithmExceptionInvalidKeySpecException
-
getRFC7523Client
public static OA2Client getRFC7523Client(javax.servlet.http.HttpServletRequest request, OA2SE oa2SE) throws NoSuchAlgorithmException, InvalidKeySpecException
-
verifyRFC7523Client
public static void verifyRFC7523Client(OA2Client client, javax.servlet.http.HttpServletRequest request, OA2SE oa2SE) throws NoSuchAlgorithmException, InvalidKeySpecException
-
-