java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - org.opensaml.profile.action.AbstractProfileAction
  - - org.opensaml.profile.action.AbstractConditionalProfileAction
    - - net.shibboleth.idp.profile.AbstractProfileAction
      - net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCRequestAction<T>
        
        net.shibboleth.idp.plugin.oidc.op.oauth2.profile.impl.AbstractProcessTokenAction<T>

Type Parameters:

T - request message type

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

Direct Known Subclasses:

ProcessTokenForIntrospection, ProcessTokenForRevocation
```
public abstract class AbstractProcessTokenAction<T>
extends AbstractOIDCRequestAction<T>
```
Action that processes a token by validating it and populating the resulting JWTClaimsSet into an OAuth2TokenMgmtResponseContext placed beneath the outbound MessageContext.
If the token can't be validated, the context is not populated.

Since:

3.1.0

Event:

EventIds.PROCEED_EVENT_ID, IdPEventIds.INVALID_PROFILE_CONFIG

Postcondition:

If the token is valid for use, ProfileRequestContext.getOutboundMessageContext().getSubcontext( OAuth2TokenMgmtResponseContext.class) != null and the context contains the token's JWTClaimsSet.

Field Summary

Fields
Modifier and Type	Field	Description
`private net.shibboleth.oidc.jwt.claims.ClaimsValidator`	`claimsValidator`	The claims validator to use.
`private Function<ProfileRequestContext,net.shibboleth.oidc.jwt.claims.ClaimsValidator>`	`claimsValidatorLookupStrategy`	Lookup strategy for claims validator.
`private CredentialResolver`	`credentialResolver`	Source of signing keys.
`private DataSealer`	`dataSealer`	Data sealer for unwrapping token.
`private org.slf4j.Logger`	`log`	Class logger.
`private com.nimbusds.jwt.SignedJWT`	`signedJWT`	Copy of signed JWT for non-opaque access tokens.

Constructor Summary

Constructors
Constructor Description

AbstractProcessTokenAction()
Constructor.

Method Summary

All Methods Instance Methods Abstract Methods Concrete Methods
Modifier and Type	Method	Description
`protected void`	`doExecute(ProfileRequestContext profileRequestContext)`
`protected boolean`	`doPreExecute(ProfileRequestContext profileRequestContext)`
`protected abstract com.nimbusds.oauth2.sdk.token.Token`	`getToken(ProfileRequestContext profileRequestContext)`	Get the token to process.
`protected com.nimbusds.jwt.JWTClaimsSet`	`parseAccessToken(com.nimbusds.oauth2.sdk.token.Token token)`	Attempt to parse token.
`protected com.nimbusds.jwt.JWTClaimsSet`	`parseRefreshToken(com.nimbusds.oauth2.sdk.token.Token token)`	Attempt to parse refresh token.
`void`	`setClaimsValidatorLookupStrategy(Function<ProfileRequestContext,net.shibboleth.oidc.jwt.claims.ClaimsValidator> strategy)`	Set the claims validator lookup strategy.
`void`	`setCredentialResolver(CredentialResolver resolver)`	Set the source of signing keys to use for JWT signature verification.
`void`	`setDataSealer(DataSealer sealer)`	Set the data sealer instance to use.

Methods inherited from class net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCRequestAction
getRequest

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized

Field Detail

log
```
@Nonnull
private org.slf4j.Logger log
```
Class logger.

dataSealer

@Nullable
private DataSealer dataSealer

Data sealer for unwrapping token.

claimsValidatorLookupStrategy

@Nonnull
private Function<ProfileRequestContext,net.shibboleth.oidc.jwt.claims.ClaimsValidator> claimsValidatorLookupStrategy

Lookup strategy for claims validator.

claimsValidator

@Nullable
private net.shibboleth.oidc.jwt.claims.ClaimsValidator claimsValidator

The claims validator to use.

credentialResolver

@Nullable
private CredentialResolver credentialResolver

Source of signing keys.

signedJWT
```
@Nullable
private com.nimbusds.jwt.SignedJWT signedJWT
```
Copy of signed JWT for non-opaque access tokens.

Constructor Detail
- AbstractProcessTokenAction
```
public AbstractProcessTokenAction()
```
  Constructor.

Method Detail

setDataSealer

public void setDataSealer(@Nullable
                          DataSealer sealer)

Set the data sealer instance to use.

Parameters:: sealer - data sealer to use

setClaimsValidatorLookupStrategy

public void setClaimsValidatorLookupStrategy(@Nonnull
                                             Function<ProfileRequestContext,net.shibboleth.oidc.jwt.claims.ClaimsValidator> strategy)

Set the claims validator lookup strategy.

Parameters:: strategy - lookup strategy

setCredentialResolver

public void setCredentialResolver(@Nullable
                                  CredentialResolver resolver)

Set the source of signing keys to use for JWT signature verification.

Parameters:: resolver - signing key resolver

doPreExecute

protected boolean doPreExecute(@Nonnull
                               ProfileRequestContext profileRequestContext)

Overrides:: doPreExecute in class AbstractOIDCRequestAction<T>

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext)

Overrides:: doExecute in class AbstractProfileAction

parseAccessToken

@Nullable
protected com.nimbusds.jwt.JWTClaimsSet parseAccessToken(@Nonnull @NotEmpty
                                                         com.nimbusds.oauth2.sdk.token.Token token)

Attempt to parse token.

Parameters:: token - the token
Returns:: parsed claim set or null

parseRefreshToken

@Nullable
protected com.nimbusds.jwt.JWTClaimsSet parseRefreshToken(@Nonnull @NotEmpty
                                                          com.nimbusds.oauth2.sdk.token.Token token)

Attempt to parse refresh token.

Parameters:: token - the token
Returns:: parsed claim set or null

getToken

@Nullable
protected abstract com.nimbusds.oauth2.sdk.token.Token getToken(@Nonnull
                                                                ProfileRequestContext profileRequestContext)

Get the token to process.

Parameters:: profileRequestContext - current profile request context
Returns:: the token to process

Class AbstractProcessTokenAction<T>

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCRequestAction

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent