1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 package org.apache.amber.oauth2.rs.validator;
23
24 import java.util.Map;
25 import javax.servlet.http.HttpServletRequest;
26
27 import org.apache.amber.oauth2.common.OAuth;
28 import org.apache.amber.oauth2.common.error.OAuthError;
29 import org.apache.amber.oauth2.common.exception.OAuthProblemException;
30 import org.apache.amber.oauth2.common.utils.OAuthUtils;
31 import org.apache.amber.oauth2.common.validators.AbstractValidator;
32
33
34
35
36
37
38
39 public class BearerHeaderOAuthValidator extends AbstractValidator {
40
41 @Override
42 public void validateContentType(HttpServletRequest request) throws OAuthProblemException {
43 }
44
45 @Override
46 public void validateMethod(HttpServletRequest request) throws OAuthProblemException {
47 }
48
49 @Override
50 public void validateRequiredParameters(HttpServletRequest request) throws OAuthProblemException {
51
52 String authzHeader = request.getHeader(OAuth.HeaderType.AUTHORIZATION);
53 if (OAuthUtils.isEmpty(authzHeader)) {
54 throw OAuthProblemException.error("", "Missing authorization header.");
55 }
56
57
58 String authzMethod = OAuthUtils.getAuthzMethod(authzHeader);
59 if (!OAuth.OAUTH_HEADER_NAME.equals(authzMethod)) {
60 throw OAuthProblemException.error("", "Incorrect authorization method.");
61 }
62
63
64 String headerField = OAuthUtils.getAuthHeaderField(authzHeader);
65 if (OAuthUtils.isEmpty(headerField)) {
66 throw OAuthProblemException
67 .error(OAuthError.TokenResponse.INVALID_REQUEST, "Missing required parameter.");
68 }
69
70
71 Map<String, String> values = OAuthUtils.decodeOAuthHeader(authzHeader);
72 String oauthVersionDiff = values.get(OAuth.OAUTH_VERSION_DIFFER);
73 if (!OAuthUtils.isEmpty(oauthVersionDiff)) {
74 throw OAuthProblemException
75 .error(OAuthError.TokenResponse.INVALID_REQUEST,
76 "Incorrect OAuth version. Found OAuth V1.0.");
77 }
78 }
79 }