Java Code Examples for org.springframework.security.oauth2.core.OAuth2TokenValidatorResult#failure()

The following examples show how to use org.springframework.security.oauth2.core.OAuth2TokenValidatorResult#failure() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: XsuaaAudienceValidator.java    From cloud-security-xsuaa-integration with Apache License 2.0 6 votes vote down vote up 
@Override
public OAuth2TokenValidatorResult validate(Jwt token) {
	String tokenClientId = token.getClaimAsString(TokenClaims.CLAIM_CLIENT_ID);
	if (StringUtils.isEmpty(tokenClientId)) {
		return OAuth2TokenValidatorResult.failure(new OAuth2Error(OAuth2ErrorCodes.INVALID_CLIENT,
				"Jwt token must contain 'cid' (client_id)", null));
	}
	List<String> allowedAudiences = getAllowedAudiences(token);

	for (Map.Entry<String, String> xsuaaConfig : appIdClientIdMap.entrySet()) {
		if (checkMatch(xsuaaConfig.getKey(), xsuaaConfig.getValue(), tokenClientId, allowedAudiences)) {
			return OAuth2TokenValidatorResult.success();
		}
	}
	String description = String.format("Jwt token with allowed audiences %s matches none of these: %s",
			allowedAudiences, appIdClientIdMap.keySet().toString());
	return OAuth2TokenValidatorResult.failure(new OAuth2Error(OAuth2ErrorCodes.INVALID_CLIENT, description, null));
}
Example 2
Source File: AudienceValidator.java    From auth0-spring-security5-api-sample with MIT License 5 votes vote down vote up 
public OAuth2TokenValidatorResult validate(Jwt jwt) {
    OAuth2Error error = new OAuth2Error("invalid_token", "The required audience is missing", null);

    if (jwt.getAudience().contains(audience)) {
        return OAuth2TokenValidatorResult.success();
    }

    return OAuth2TokenValidatorResult.failure(error);
}
Example 3
Source File: AudienceValidator.java    From auth0-spring-security5-api-sample with MIT License 5 votes vote down vote up 
public OAuth2TokenValidatorResult validate(Jwt jwt) {
    if (jwt.getAudience().contains(audience)) {
        return OAuth2TokenValidatorResult.success();
    }

    return OAuth2TokenValidatorResult.failure(error);
}
Example 4
Source File: AudienceValidator.java    From java-microservices-examples with Apache License 2.0 5 votes vote down vote up 
public OAuth2TokenValidatorResult validate(Jwt jwt) {
    List<String> audience = jwt.getAudience();
    // Keycloak and Okta's default audiences, respectively
    if (audience.contains("account") || audience.contains("api://default")) {
        return OAuth2TokenValidatorResult.success();
    } else {
        log.warn("Invalid audience: {}", audience);
        return OAuth2TokenValidatorResult.failure(error);
    }
}
Example 5
Source File: AudienceValidator.java    From java-microservices-examples with Apache License 2.0 5 votes vote down vote up 
public OAuth2TokenValidatorResult validate(Jwt jwt) {
    List<String> audience = jwt.getAudience();
    // Keycloak and Okta's default audiences, respectively
    if (audience.contains("account") || audience.contains("api://default")) {
        return OAuth2TokenValidatorResult.success();
    } else {
        log.warn("Invalid audience: {}", audience);
        return OAuth2TokenValidatorResult.failure(error);
    }
}
Example 6
Source File: AudienceValidator.java    From java-microservices-examples with Apache License 2.0 5 votes vote down vote up 
public OAuth2TokenValidatorResult validate(Jwt jwt) {
    List<String> audience = jwt.getAudience();
    // Keycloak and Okta's default audiences, respectively
    if (audience.contains("account") || audience.contains("api://default")) {
        return OAuth2TokenValidatorResult.success();
    } else {
        log.warn("Invalid audience: {}", audience);
        return OAuth2TokenValidatorResult.failure(error);
    }
}
Example 7
Source File: TokenBlackListValidator.java    From oauth2-resource with MIT License 5 votes vote down vote up 
@Override
public OAuth2TokenValidatorResult validate(Jwt jwt) {
    if (checkTokenValid(jwt.getTokenValue())) {
        return OAuth2TokenValidatorResult.success();
    } else {
        return OAuth2TokenValidatorResult.failure(error);
    }
}
Example 8
Source File: FirebaseTokenValidator.java    From spring-cloud-gcp with Apache License 2.0 5 votes vote down vote up 
@Override
public OAuth2TokenValidatorResult validate(Jwt token) {
	List<OAuth2Error> errors = new LinkedList<>();
	validateAudience(errors, token);
	validateIssuedAt(errors, token);
	validateSubject(errors, token);
	validateAuthTime(errors, token);
	return OAuth2TokenValidatorResult.failure(errors);
}
Example 9
Source File: AudienceValidator.java    From spring-cloud-gcp with Apache License 2.0 5 votes vote down vote up 
@Override
public OAuth2TokenValidatorResult validate(Jwt t) {
	if (t.getAudience() != null) {
		for (String audience : audiences) {
			if (t.getAudience().contains(audience)) {
				return OAuth2TokenValidatorResult.success();
			}
		}
	}
	if (LOGGER.isWarnEnabled()) {
		LOGGER.warn(String.format(
				"Expected audience %s did not match token audience %s", this.audience, t.getAudience()));
	}
	return OAuth2TokenValidatorResult.failure(INVALID_AUDIENCE);
}
Example 10
Source File: AudienceValidator.java    From jhipster-registry with Apache License 2.0 5 votes vote down vote up 
public OAuth2TokenValidatorResult validate(Jwt jwt) {
    List<String> audience = jwt.getAudience();
    if(audience.stream().anyMatch(allowedAudience::contains)) {
        return OAuth2TokenValidatorResult.success();
    } else {
        log.warn("Invalid audience: {}", audience);
        return OAuth2TokenValidatorResult.failure(error);
    }
}