public class OAuthBearerExtensionsValidatorCallback
extends java.lang.Object
implements javax.security.auth.callback.Callback
Callback
for use by the SaslServer
implementation when it
needs to validate the SASL extensions for the OAUTHBEARER mechanism
Callback handlers should use the valid(String)
method to communicate valid extensions back to the SASL server.
Callback handlers should use the
error(String, String)
method to communicate validation errors back to
the SASL Server.
As per RFC-7628 (https://tools.ietf.org/html/rfc7628#section-3.1), unknown extensions must be ignored by the server.
The callback handler implementation should simply ignore unknown extensions,
not calling error(String, String)
nor valid(String)
.
Callback handlers should communicate other problems by raising an IOException
.
The OAuth bearer token is provided in the callback for better context in extension validation.
It is very important that token validation is done in its own OAuthBearerValidatorCallback
irregardless of provided extensions, as they are inherently insecure.
Constructor and Description |
---|
OAuthBearerExtensionsValidatorCallback(OAuthBearerToken token,
SaslExtensions extensions) |
Modifier and Type | Method and Description |
---|---|
void |
error(java.lang.String invalidExtensionName,
java.lang.String errorMessage)
Set the error value for a specific extension key-value pair if validation has failed
|
java.util.Map<java.lang.String,java.lang.String> |
ignoredExtensions() |
SaslExtensions |
inputExtensions() |
java.util.Map<java.lang.String,java.lang.String> |
invalidExtensions() |
OAuthBearerToken |
token() |
void |
valid(java.lang.String extensionName)
Validates a specific extension in the original
inputExtensions map |
java.util.Map<java.lang.String,java.lang.String> |
validatedExtensions() |
public OAuthBearerExtensionsValidatorCallback(OAuthBearerToken token, SaslExtensions extensions)
public OAuthBearerToken token()
OAuthBearerToken
the OAuth bearer token of the clientpublic SaslExtensions inputExtensions()
SaslExtensions
consisting of the unvalidated extension names and values that were sent by the clientpublic java.util.Map<java.lang.String,java.lang.String> validatedExtensions()
Map
consisting of the validated and recognized by the server extension names and valuespublic java.util.Map<java.lang.String,java.lang.String> invalidExtensions()
Map
consisting of the name->error messages of extensions which failed validationpublic java.util.Map<java.lang.String,java.lang.String> ignoredExtensions()
Map
consisting of the extensions that have neither been validated nor invalidatedpublic void valid(java.lang.String extensionName)
inputExtensions
mapextensionName
- - the name of the extension which was validatedpublic void error(java.lang.String invalidExtensionName, java.lang.String errorMessage)
invalidExtensionName
- the mandatory extension name which caused the validation failureerrorMessage
- error message describing why the validation failed