TokenAuthentication.java [src/csip] Revision: default Date:
/*
* $Id$
*
* This file is part of the Cloud Services Integration Platform (CSIP),
* a Model-as-a-Service framework, API and application suite.
*
* 2012-2022, Olaf David and others, OMSLab, Colorado State University.
*
* OMSLab licenses this file to you under the MIT license.
* See the LICENSE file in the project root for more information.
*/
package csip;
/**
*
* @author od
*/
interface TokenAuthentication extends AutoCloseable {
static final String AUTH_SCHEME = "Bearer";
/**
* Validates the token. If not valid it should throw a SecurityException.
*
* @param token
* @throws SecurityException
*/
void validate(String token) throws SecurityException;
/**
* Does this method require authentication?
*
* @return
*/
default boolean requiresAuthentication() {
return true;
}
@Override
default void close() throws Exception {
}
// Check if the Authorization header is valid
// It must not be null and must be prefixed with "Bearer" plus a whitespace
// The authentication scheme comparison must be case-insensitive
default boolean isTokenBasedAuthentication(String authHeader) {
return authHeader != null && authHeader.toLowerCase()
.startsWith(AUTH_SCHEME.toLowerCase() + " ");
}
// Extract the token from the Authorization header
default String getToken(String authHeader) {
return authHeader.substring(AUTH_SCHEME.length()).trim();
}
static TokenAuthentication NONE = new TokenAuthentication() {
@Override
public void validate(String token) throws SecurityException {
}
@Override
public boolean requiresAuthentication() {
return false;
}
};
}