001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2014-2015 ForgeRock AS.
015 */
016
017package org.forgerock.openig.filter.oauth2.challenge;
018
019import org.forgerock.http.protocol.Response;
020import org.forgerock.http.protocol.Status;
021
022/**
023 * Builds an error {@link Response} when the token extracted from the request is invalid (expired, revoked, ...).
024 * <p>
025 * Example:
026 * <pre>
027 *     {@code
028 *     HTTP/1.1 401 Unauthorized
029 *     WWW-Authenticate: Bearer realm="example",
030 *                              error="invalid_token",
031 *                              error_description="...."
032 *     }
033 * </pre>
034 */
035public class InvalidTokenChallengeHandler extends AuthenticateChallengeHandler {
036
037    private static final String INVALID_TOKEN_DESCRIPTION = "The access token provided is expired, revoked, "
038            + "malformed, or invalid for other reasons.";
039
040    /**
041     * Builds a new InvalidTokenChallengeHandler with a default description and no error page URI.
042     *
043     * @param realm
044     *         mandatory realm value.
045     */
046    public InvalidTokenChallengeHandler(final String realm) {
047        this(realm, null);
048    }
049
050    /**
051     * Builds a new InvalidTokenChallengeHandler with a default description.
052     *
053     * @param realm
054     *         mandatory realm value.
055     * @param invalidTokenUri
056     *         error uri page (will be omitted if {@literal null})
057     */
058    public InvalidTokenChallengeHandler(final String realm,
059                                          final String invalidTokenUri) {
060        this(realm, INVALID_TOKEN_DESCRIPTION, invalidTokenUri);
061    }
062
063    /**
064     * Builds a new InvalidTokenChallengeHandler.
065     *
066     * @param realm
067     *         mandatory realm value.
068     * @param description
069     *         error description (will be omitted if {@literal null})
070     * @param invalidTokenUri
071     *         error uri page (will be omitted if {@literal null})
072     */
073    public InvalidTokenChallengeHandler(final String realm,
074                                          final String description,
075                                          final String invalidTokenUri) {
076        super(realm, "invalid_token", description, invalidTokenUri);
077    }
078
079    @Override
080    protected Response createResponse() {
081        Response response = new Response();
082        response.setStatus(Status.UNAUTHORIZED);
083        return response;
084    }
085}