001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2014-2015 ForgeRock AS. 015 */ 016 017package org.forgerock.openig.filter.oauth2.challenge; 018 019import org.forgerock.http.protocol.Response; 020import org.forgerock.http.protocol.Status; 021 022/** 023 * Builds an error {@link Response} when the token extracted from the request is invalid (expired, revoked, ...). 024 * <p> 025 * Example: 026 * <pre> 027 * {@code 028 * HTTP/1.1 401 Unauthorized 029 * WWW-Authenticate: Bearer realm="example", 030 * error="invalid_token", 031 * error_description="...." 032 * } 033 * </pre> 034 */ 035public class InvalidTokenChallengeHandler extends AuthenticateChallengeHandler { 036 037 private static final String INVALID_TOKEN_DESCRIPTION = "The access token provided is expired, revoked, " 038 + "malformed, or invalid for other reasons."; 039 040 /** 041 * Builds a new InvalidTokenChallengeHandler with a default description and no error page URI. 042 * 043 * @param realm 044 * mandatory realm value. 045 */ 046 public InvalidTokenChallengeHandler(final String realm) { 047 this(realm, null); 048 } 049 050 /** 051 * Builds a new InvalidTokenChallengeHandler with a default description. 052 * 053 * @param realm 054 * mandatory realm value. 055 * @param invalidTokenUri 056 * error uri page (will be omitted if {@literal null}) 057 */ 058 public InvalidTokenChallengeHandler(final String realm, 059 final String invalidTokenUri) { 060 this(realm, INVALID_TOKEN_DESCRIPTION, invalidTokenUri); 061 } 062 063 /** 064 * Builds a new InvalidTokenChallengeHandler. 065 * 066 * @param realm 067 * mandatory realm value. 068 * @param description 069 * error description (will be omitted if {@literal null}) 070 * @param invalidTokenUri 071 * error uri page (will be omitted if {@literal null}) 072 */ 073 public InvalidTokenChallengeHandler(final String realm, 074 final String description, 075 final String invalidTokenUri) { 076 super(realm, "invalid_token", description, invalidTokenUri); 077 } 078 079 @Override 080 protected Response createResponse() { 081 Response response = new Response(); 082 response.setStatus(Status.UNAUTHORIZED); 083 return response; 084 } 085}