• Home
• org.cloudfoundry.identity
• cloudfoundry-identity-server
• 4.30.0
• source code
• IntrospectEndpoint.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.cloudfoundry.identity.uaa.oauth.IntrospectEndpoint Maven / Gradle / Ivy

package org.cloudfoundry.identity.uaa.oauth;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.oauth.jwt.JwtHelper;
import org.cloudfoundry.identity.uaa.oauth.token.IntrospectionClaims;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.stereotype.Controller;
import org.springframework.web.HttpRequestMethodNotSupportedException;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.servlet.http.HttpServletRequest;

import static org.springframework.web.bind.annotation.RequestMethod.POST;

@Controller
public class IntrospectEndpoint {
    protected final Log logger = LogFactory.getLog(getClass());

    private ResourceServerTokenServices resourceServerTokenServices;

    @RequestMapping(value = "/introspect", method = POST)
    @ResponseBody
    public IntrospectionClaims introspect(@RequestParam("token") String token) {
        IntrospectionClaims introspectionClaims = new IntrospectionClaims();

        try {
            OAuth2AccessToken oAuth2AccessToken = resourceServerTokenServices.readAccessToken(token);
            if (oAuth2AccessToken.isExpired()) {
                introspectionClaims.setActive(false);
                return introspectionClaims;
            }
            resourceServerTokenServices.loadAuthentication(token);
            introspectionClaims = getClaimsForToken(oAuth2AccessToken.getValue());
            introspectionClaims.setActive(true);
        } catch (InvalidTokenException e) {
            introspectionClaims.setActive(false);
            return introspectionClaims;
        }

        return introspectionClaims;
    }

    @RequestMapping(value = "/introspect")
    @ResponseBody
    public IntrospectionClaims methodNotSupported(HttpServletRequest request) throws HttpRequestMethodNotSupportedException {
        throw new HttpRequestMethodNotSupportedException(request.getMethod());
    }


    private IntrospectionClaims getClaimsForToken(String token) {
        org.springframework.security.jwt.Jwt tokenJwt;
        tokenJwt = JwtHelper.decode(token);

        IntrospectionClaims claims;
        try {
            // we assume token.getClaims is never null due to previously parsing token when verifying the token
            claims = JsonUtils.readValue(tokenJwt.getClaims(), IntrospectionClaims.class);
        } catch (JsonUtils.JsonUtilException e) {
            logger.error("Can't parse introspection claims in token. Is it a valid JSON?");
            throw new InvalidTokenException("Cannot read token claims", e);
        }

        return claims;
    }

    public void setTokenServices(ResourceServerTokenServices resourceServerTokenServices) {
        this.resourceServerTokenServices = resourceServerTokenServices;
    }
}