001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2014 ForgeRock AS. 015 */ 016 017package org.forgerock.openig.filter.oauth2.challenge; 018 019import org.forgerock.openig.http.Response; 020 021/** 022 * Builds an error {@link Response} when the token extracted from the request is invalid (expired, revoked, ...). 023 * <p> 024 * Example: 025 * <pre> 026 * HTTP/1.1 401 Unauthorized 027 * WWW-Authenticate: Bearer realm="example", 028 * error="invalid_token", 029 * error_description="...." 030 * </pre> 031 */ 032public class InvalidTokenChallengeHandler extends AuthenticateChallengeHandler { 033 034 private static final String INVALID_TOKEN_DESCRIPTION = "The access token provided is expired, revoked, " 035 + "malformed, or invalid for other reasons."; 036 037 /** 038 * Builds a new InvalidTokenChallengeHandler with a default description and no error page URI. 039 * 040 * @param realm 041 * mandatory realm value. 042 */ 043 public InvalidTokenChallengeHandler(final String realm) { 044 this(realm, null); 045 } 046 047 /** 048 * Builds a new InvalidTokenChallengeHandler with a default description. 049 * 050 * @param realm 051 * mandatory realm value. 052 * @param invalidTokenUri 053 * error uri page (will be omitted if {@literal null}) 054 */ 055 public InvalidTokenChallengeHandler(final String realm, 056 final String invalidTokenUri) { 057 this(realm, INVALID_TOKEN_DESCRIPTION, invalidTokenUri); 058 } 059 060 /** 061 * Builds a new InvalidTokenChallengeHandler. 062 * 063 * @param realm 064 * mandatory realm value. 065 * @param description 066 * error description (will be omitted if {@literal null}) 067 * @param invalidTokenUri 068 * error uri page (will be omitted if {@literal null}) 069 */ 070 public InvalidTokenChallengeHandler(final String realm, 071 final String description, 072 final String invalidTokenUri) { 073 super(realm, "invalid_token", description, invalidTokenUri); 074 } 075 076 @Override 077 protected Response createResponse() { 078 Response response = new Response(); 079 response.setStatus(401); 080 response.setReason("Unauthorized"); 081 return response; 082 } 083}