src/de/uhilger/httpserver/oauth/BearerAuthenticator.java
@@ -36,12 +36,10 @@ /** * Die Klasse Authenticator authentifziert gemäß OAuth-Spezifikation * * * "The OAuth 2.0 Authorization Framework: Bearer Token Usage" * https://datatracker.ietf.org/doc/html/rfc6750 * * * weitere Info-Links * https://www.oauth.com/oauth2-servers/making-authenticated-requests/refreshing-an-access-token/ * https://swagger.io/docs/specification/authentication/bearer-authentication/ * @@ -239,6 +237,7 @@ * im WWW-Authenticate Header bestimmen * * @param exchange * @return den Ausdruck fuer den WWW-Authenticate Header */ protected String getWWWAuthRealm(HttpExchange exchange) { return wwwAuthRealm; @@ -308,8 +307,7 @@ * WWW-Authenticate: Bearer realm="example" * * @param exchange * @return * @throws java.io.IOException * @return das Ergebnis */ protected Result unauthorized(HttpExchange exchange) { StringBuilder sb = new StringBuilder(); src/de/uhilger/httpserver/oauth/BearerLoginHandler.java
@@ -26,7 +26,6 @@ import de.uhilger.httpserver.base.handler.HttpHelper; import de.uhilger.httpserver.base.handler.HttpResponder; import java.io.IOException; import java.util.logging.Level; import java.util.logging.Logger; /** @@ -87,18 +86,6 @@ User user = getUser(exchange); LoginResponse response = auth.login(user.getName(), user.getPassword()); handleLoginResponse(exchange, response); /* if(response != null) { // hier erfolg melden // 200 OK setLoginHeader(exchange); HttpResponder r = new HttpResponder(); r.antwortSenden(exchange, 200, response.toJson()); } else { HttpResponder r = new HttpResponder(); r.antwortSenden(exchange, 406, "Login failed."); } */ } else { HttpResponder r = new HttpResponder(); r.antwortSenden(exchange, 500, "No suitable authenticator."); @@ -107,8 +94,6 @@ protected void handleLoginResponse(HttpExchange exchange, LoginResponse response) throws IOException { if(response != null) { // hier erfolg melden // 200 OK setLoginHeader(exchange); HttpResponder r = new HttpResponder(); r.antwortSenden(exchange, 200, response.toJson()); src/de/uhilger/httpserver/oauth/BearerRefreshHandler.java
@@ -19,14 +19,24 @@ import com.sun.net.httpserver.HttpContext; import com.sun.net.httpserver.HttpExchange; import com.sun.net.httpserver.HttpHandler; import de.uhilger.httpserver.base.handler.HttpHelper; import de.uhilger.httpserver.base.handler.HttpResponder; import static de.uhilger.httpserver.oauth.BearerLoginHandler.ATTR_AUTHENTICATOR; import java.io.IOException; /** * Einen abgelaufenen Token mit Hilfe eines Refresh Token erneuern * * Gemaess * https://www.oauth.com/oauth2-servers/making-authenticated-requests/refreshing-an-access-token/ * sieht die HTTP Anfrage zum Refresh wie folgt aus: * * POST /oauth/token HTTP/1.1 * Host: authorization-server.com * * grant_type=refresh_token * &refresh_token=xxxxxxxxxxx * &client_id=xxxxxxxxxx * &client_secret=xxxxxxxxxx * * @author Ulrich Hilger * @version 1, 08.06.2021
