io.micronaut.security.endpoints.introspection

Class DefaultIntrospectionProcessor

java.lang.Object

io.micronaut.security.endpoints.introspection.DefaultIntrospectionProcessor

All Implemented Interfaces:

IntrospectionProcessor

@Singleton
public class DefaultIntrospectionProcessor
extends java.lang.Object
implements IntrospectionProcessor

Validates the IntrospectionRequest.getToken() with the available TokenValidator. Then it creates a IntrospectionResponse with the first Authentication object. If no TokenValidator is able to validate the token, it tries with RefreshTokenValidator. If it cannot authenticate it returns {active: false}

Since:

2.1.0

Author:

Sergio del Amo

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	AUDIENCE
static java.lang.String	CLIENT_ID
static java.lang.String	EXP
static java.util.List<java.lang.String>	FIELDS_ATTRIBUTE_NAMES
static java.lang.String	ISSUED_AT
static java.lang.String	ISSUER
static java.lang.String	JWT_ID
protected static org.slf4j.Logger	LOG
static java.lang.String	NOT_BEFORE
protected RefreshTokenValidator	refreshTokenValidator
static java.lang.String	SCOPE
static java.lang.String	SUBJECT
static java.lang.String	TOKEN_TYPE
protected TokenConfiguration	tokenConfiguration
protected java.util.Collection<TokenValidator>	tokenValidators
static java.lang.String	USERNAME

Constructor Summary

Constructors

Constructor and Description
DefaultIntrospectionProcessor(java.util.Collection<TokenValidator> tokenValidators, TokenConfiguration tokenConfiguration, RefreshTokenValidator refreshTokenValidator)

Method Summary

Modifier and Type	Method and Description
IntrospectionResponse	createIntrospectionResponse(Authentication authentication, io.micronaut.http.HttpRequest<?> httpRequest) Creates an IntrospectionResponse for an Authentication.
org.reactivestreams.Publisher<IntrospectionResponse>	introspect(Authentication authentication, io.micronaut.http.HttpRequest<?> httpRequest)
org.reactivestreams.Publisher<IntrospectionResponse>	introspect(IntrospectionRequest introspectionRequest, io.micronaut.http.HttpRequest<?> httpRequest)
protected void	populateAud(Authentication authentication, IntrospectionResponse introspectionResponse) Populates the introspection response with aud claim.
protected void	populateClientId(Authentication authentication, IntrospectionResponse introspectionResponse) Populates the introspection response client_id.
protected void	populateExpiration(Authentication authentication, IntrospectionResponse introspectionResponse) Populates the introspection response with the exp claim of authentication.
protected java.util.List<java.lang.String>	populateFields(Authentication authentication, IntrospectionResponse introspectionResponse)
protected void	populateIssuedAt(Authentication authentication, IntrospectionResponse introspectionResponse) Populates the introspection response with the iat claim of authentication.
protected void	populateIssuer(Authentication authentication, IntrospectionResponse introspectionResponse) Populates the introspection response with iss claim.
protected void	populateJwtId(Authentication authentication, IntrospectionResponse introspectionResponse) Populates the introspection response with jti username.
protected void	populateNotBefore(Authentication authentication, IntrospectionResponse introspectionResponse) Populates the introspection response with the nbf claim of authentication.
protected void	populateScope(Authentication authentication, IntrospectionResponse introspectionResponse) Populates the introspection response scope.
protected void	populateSub(Authentication authentication, IntrospectionResponse introspectionResponse) Populates the introspection response with sub claim.
protected void	populateTokenType(Authentication authentication, IntrospectionResponse introspectionResponse) Populates the introspection response token type.
protected void	populateUsername(Authentication authentication, IntrospectionResponse introspectionResponse) Populates the introspection response with the username.
protected java.util.Optional<java.lang.Long>	secondsSinceEpochOfAttribute(java.lang.String attributeName, Authentication authentication)
static long	toSecondsSinceEpoch(java.util.Date date)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CLIENT_ID

public static final java.lang.String CLIENT_ID

See Also:

Constant Field Values

USERNAME

public static final java.lang.String USERNAME

See Also:

Constant Field Values

TOKEN_TYPE

public static final java.lang.String TOKEN_TYPE

See Also:

Constant Field Values

ISSUER

public static final java.lang.String ISSUER

See Also:

Constant Field Values

SUBJECT

public static final java.lang.String SUBJECT

See Also:

Constant Field Values

EXP

public static final java.lang.String EXP

See Also:

Constant Field Values

NOT_BEFORE

public static final java.lang.String NOT_BEFORE

See Also:

Constant Field Values

ISSUED_AT

public static final java.lang.String ISSUED_AT

See Also:

Constant Field Values

JWT_ID

public static final java.lang.String JWT_ID

See Also:

Constant Field Values

AUDIENCE

public static final java.lang.String AUDIENCE

See Also:

Constant Field Values

SCOPE

public static final java.lang.String SCOPE

See Also:

Constant Field Values

FIELDS_ATTRIBUTE_NAMES

public static final java.util.List<java.lang.String> FIELDS_ATTRIBUTE_NAMES

LOG

protected static final org.slf4j.Logger LOG

tokenValidators

protected final java.util.Collection<TokenValidator> tokenValidators

tokenConfiguration

protected final TokenConfiguration tokenConfiguration

refreshTokenValidator

protected final RefreshTokenValidator refreshTokenValidator

Constructor Detail

DefaultIntrospectionProcessor

public DefaultIntrospectionProcessor(java.util.Collection<TokenValidator> tokenValidators,
                                     TokenConfiguration tokenConfiguration,
                                     @Nullable
                                     RefreshTokenValidator refreshTokenValidator)

Method Detail

introspect

@NonNull
public org.reactivestreams.Publisher<IntrospectionResponse> introspect(@NonNull
                                                                                IntrospectionRequest introspectionRequest,
                                                                                @NonNull
                                                                                io.micronaut.http.HttpRequest<?> httpRequest)

Specified by:

introspect in interface IntrospectionProcessor

Parameters:

introspectionRequest - A parameter representing the token along with optional parameters representing additional context

httpRequest - HTTP Request

Returns:

Introspection Response

introspect

@NonNull
public org.reactivestreams.Publisher<IntrospectionResponse> introspect(@NonNull
                                                                                Authentication authentication,
                                                                                @NonNull
                                                                                io.micronaut.http.HttpRequest<?> httpRequest)

Specified by:

introspect in interface IntrospectionProcessor

Parameters:

authentication - The authentication

httpRequest - HTTP Request

Returns:

Introspection Response

createIntrospectionResponse

@NonNull
public IntrospectionResponse createIntrospectionResponse(@NonNull
                                                                  Authentication authentication,
                                                                  @NonNull
                                                                  io.micronaut.http.HttpRequest<?> httpRequest)

Creates an IntrospectionResponse for an Authentication.

Parameters:

authentication - Authentication

httpRequest - HTTP Request

Returns:

an IntrospectionResponse

populateFields

@NonNull
protected java.util.List<java.lang.String> populateFields(@NonNull
                                                                   Authentication authentication,
                                                                   @NonNull
                                                                   IntrospectionResponse introspectionResponse)

Parameters:

authentication - Authentication

introspectionResponse - Introspection Response being populated

Returns:

A list of attribute names already processed

populateScope

protected void populateScope(@NonNull
                             Authentication authentication,
                             @NonNull
                             IntrospectionResponse introspectionResponse)

Populates the introspection response scope.

Parameters:

authentication - Authentication

introspectionResponse - Introspection Response being populated

populateTokenType

protected void populateTokenType(@NonNull
                                 Authentication authentication,
                                 @NonNull
                                 IntrospectionResponse introspectionResponse)

Populates the introspection response token type.

Parameters:

authentication - Authentication

introspectionResponse - Introspection Response being populated

populateClientId

protected void populateClientId(@NonNull
                                Authentication authentication,
                                @NonNull
                                IntrospectionResponse introspectionResponse)

Populates the introspection response client_id.

Parameters:

authentication - Authentication

introspectionResponse - Introspection Response being populated

populateAud

protected void populateAud(@NonNull
                           Authentication authentication,
                           @NonNull
                           IntrospectionResponse introspectionResponse)

Populates the introspection response with aud claim.

Parameters:

authentication - Authentication

introspectionResponse - Introspection Response being populated

populateSub

protected void populateSub(@NonNull
                           Authentication authentication,
                           @NonNull
                           IntrospectionResponse introspectionResponse)

Populates the introspection response with sub claim.

Parameters:

authentication - Authentication

introspectionResponse - Introspection Response being populated

populateIssuer

protected void populateIssuer(@NonNull
                              Authentication authentication,
                              @NonNull
                              IntrospectionResponse introspectionResponse)

Populates the introspection response with iss claim.

Parameters:

authentication - Authentication

introspectionResponse - Introspection Response being populated

populateJwtId

protected void populateJwtId(@NonNull
                             Authentication authentication,
                             @NonNull
                             IntrospectionResponse introspectionResponse)

Populates the introspection response with jti username.

Parameters:

authentication - Authentication

introspectionResponse - Introspection Response being populated

populateUsername

protected void populateUsername(@NonNull
                                Authentication authentication,
                                @NonNull
                                IntrospectionResponse introspectionResponse)

Populates the introspection response with the username.

Parameters:

authentication - Authentication

introspectionResponse - Introspection Response being populated

populateExpiration

protected void populateExpiration(@NonNull
                                  Authentication authentication,
                                  @NonNull
                                  IntrospectionResponse introspectionResponse)

Populates the introspection response with the exp claim of authentication.

Parameters:

authentication - Authentication

introspectionResponse - Introspection Response being populated

secondsSinceEpochOfAttribute

protected java.util.Optional<java.lang.Long> secondsSinceEpochOfAttribute(@NonNull
                                                                          java.lang.String attributeName,
                                                                          @NonNull
                                                                          Authentication authentication)

Parameters:

attributeName - The attribute name e.g. exp nbf iat

authentication - Authentication

Returns:

An empty optional if the authentication attribute is not found or it cannot be transformed to epoch seconds

populateNotBefore

protected void populateNotBefore(@NonNull
                                 Authentication authentication,
                                 @NonNull
                                 IntrospectionResponse introspectionResponse)

Populates the introspection response with the nbf claim of authentication.

Parameters:

authentication - Authentication

introspectionResponse - Introspection Response being populated

populateIssuedAt

protected void populateIssuedAt(@NonNull
                                Authentication authentication,
                                @NonNull
                                IntrospectionResponse introspectionResponse)

Populates the introspection response with the iat claim of authentication.

Parameters:

authentication - Authentication

introspectionResponse - Introspection Response being populated

toSecondsSinceEpoch

public static long toSecondsSinceEpoch(java.util.Date date)

Parameters:

date - Date

Returns:

seconds since epoch