20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpotts * The contents of this file are subject to the terms of the Common Development and
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpotts * Distribution License (the License). You may not use this file except in compliance with the
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpotts * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpotts * specific language governing permission and limitations under the License.
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpotts * When distributing Covered Software, include this CDDL Header Notice in each file and include
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpotts * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpotts * Header, with the fields enclosed by brackets [] replaced by your own identifying
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpotts * information: "Portions copyright [year] [name of copyright owner]".
558c2b62dd2867121c656f428e4f74f7aa945c81Peter Major * Copyright 2014-2015 ForgeRock AS.
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpottsimport org.forgerock.oauth2.core.AccessTokenVerifier;
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpottsimport org.forgerock.oauth2.core.OAuth2Constants;
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpottsimport org.forgerock.oauth2.core.OAuth2Request;
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpottsimport org.forgerock.oauth2.core.TokenStore;
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpottsimport org.restlet.representation.Representation;
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpotts * Verifies that a OAuth2 request that is made to one of the protected endpoints on the OAuth2 provider,
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpotts * (i.e. tokeninfo, userinfo) contains a valid access token specified in the request body.
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpotts * @since 12.0.0
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpottspublic class RestletFormBodyAccessTokenVerifier extends AccessTokenVerifier {
558c2b62dd2867121c656f428e4f74f7aa945c81Peter Major public RestletFormBodyAccessTokenVerifier(TokenStore tokenStore) {
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpotts * {@inheritDoc}
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpotts protected String obtainTokenId(OAuth2Request request) {
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpotts final Representation body = req.getEntity();
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpotts if (body == null || !MediaType.APPLICATION_WWW_FORM.equals(body.getMediaType())) {
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpotts logger.debug("Request does not contain form.");
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpotts if (!formBody.getNames().contains(OAuth2Constants.Params.ACCESS_TOKEN)) {
20f66235bb0ae0f3dcb4ee3ab4ef1ff9e9411d97James Phillpotts logger.debug("Request form does not contain access_token.");