001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2014 ForgeRock AS.
015 */
016
017package org.forgerock.openig.filter.oauth2.challenge;
018
019import org.forgerock.openig.http.Response;
020
021/**
022 * Builds an error {@link Response} when the token extracted from the request is invalid (expired, revoked, ...).
023 * <p>
024 * Example:
025 * <pre>
026 *     HTTP/1.1 401 Unauthorized
027 *     WWW-Authenticate: Bearer realm="example",
028 *                              error="invalid_token",
029 *                              error_description="...."
030 * </pre>
031 */
032public class InvalidTokenChallengeHandler extends AuthenticateChallengeHandler {
033
034    private static final String INVALID_TOKEN_DESCRIPTION = "The access token provided is expired, revoked, "
035            + "malformed, or invalid for other reasons.";
036
037    /**
038     * Builds a new InvalidTokenChallengeHandler with a default description and no error page URI.
039     *
040     * @param realm
041     *         mandatory realm value.
042     */
043    public InvalidTokenChallengeHandler(final String realm) {
044        this(realm, null);
045    }
046
047    /**
048     * Builds a new InvalidTokenChallengeHandler with a default description.
049     *
050     * @param realm
051     *         mandatory realm value.
052     * @param invalidTokenUri
053     *         error uri page (will be omitted if {@literal null})
054     */
055    public InvalidTokenChallengeHandler(final String realm,
056                                          final String invalidTokenUri) {
057        this(realm, INVALID_TOKEN_DESCRIPTION, invalidTokenUri);
058    }
059
060    /**
061     * Builds a new InvalidTokenChallengeHandler.
062     *
063     * @param realm
064     *         mandatory realm value.
065     * @param description
066     *         error description (will be omitted if {@literal null})
067     * @param invalidTokenUri
068     *         error uri page (will be omitted if {@literal null})
069     */
070    public InvalidTokenChallengeHandler(final String realm,
071                                          final String description,
072                                          final String invalidTokenUri) {
073        super(realm, "invalid_token", description, invalidTokenUri);
074    }
075
076    @Override
077    protected Response createResponse() {
078        Response response = new Response();
079        response.setStatus(401);
080        response.setReason("Unauthorized");
081        return response;
082    }
083}