Package com.networknt.aws.lambda.handler.middleware.security

Class SwtVerifyMiddleware

java.lang.Object
com.networknt.aws.lambda.handler.middleware.security.SwtVerifyMiddleware
All Implemented Interfaces:
LambdaHandler, MiddlewareHandler
public class SwtVerifyMiddleware extends Object implements MiddlewareHandler

  • Field Details

    • swtVerifier

      public static com.networknt.security.SwtVerifier swtVerifier

  • Constructor Details

    • SwtVerifyMiddleware

      public SwtVerifyMiddleware()

  • Method Details

    • execute

      public com.networknt.status.Status execute(LightLambdaExchange exchange)
      Specified by:
      execute in interface LambdaHandler

    • handleSwt

      public com.networknt.status.Status handleSwt(LightLambdaExchange exchange, String reqPath, List<String> jwkServiceIds)

    • hasValidScope

      protected com.networknt.status.Status hasValidScope(String scopeHeader, List<String> secondaryScopes, com.networknt.client.oauth.TokenInfo tokenInfo, com.networknt.oas.model.Operation operation)
      Makes sure the provided scope in the JWT or SWT is valid for the main scope or secondary scopes.
      Parameters:
      scopeHeader - - the scope header
      secondaryScopes - - list of secondary scopes (can be empty)
      tokenInfo - - TokenInfo returned from the introspection
      operation - - the openapi operation
      Returns:
      - return status to indicate if valid or not

    • matchedScopes

      protected boolean matchedScopes(List<String> tokenScopes, Collection<String> specScopes)

    • hasValidSecondaryScopes

      protected com.networknt.status.Status hasValidSecondaryScopes(LightLambdaExchange exchange, String scopeSwt, List<String> secondaryScopes, String reqPath, List<String> jwkServiceIds, Map<String,Object> auditInfo)
      Check is the request has secondary scopes, and they are valid.
      Parameters:
      exchange - - current exchange
      scopeSwt - - the swt token that associate with a scope
      secondaryScopes - - Initially an empty list that is then filled with the secondary scopes if there are any.
      reqPath - - the request path as string
      jwkServiceIds - - a list of serviceIds for jwk loading
      auditInfo - - a map of audit info properties
      Returns:
      - return Status to indicate valid or not.

    • getScopeToken

      protected String getScopeToken(String authorization, Map<String,String> headerMap)
      Get authToken (JWT or SWT) from X-Scope-Token header. This covers situations where there is a secondary auth token.
      Parameters:
      authorization - - The auth token from authorization header
      headerMap - - complete header map
      Returns:
      - return either x-scope-token or the initial auth token

    • getCachedConfigurations

      public void getCachedConfigurations()
      Specified by:
      getCachedConfigurations in interface MiddlewareHandler

    • isEnabled

      public boolean isEnabled()
      Description copied from interface: LambdaHandler
      Indicate if this handler is enabled or not.
      Specified by:
      isEnabled in interface LambdaHandler
      Returns:
      boolean true if enabled

    • register

      public void register()
      Description copied from interface: LambdaHandler
      Register this handler to the handler registration.
      Specified by:
      register in interface LambdaHandler

    • reload

      public void reload()
      Description copied from interface: LambdaHandler
      Reload config values in case the config values changed by config server.
      Specified by:
      reload in interface LambdaHandler

    • isContinueOnFailure

      public boolean isContinueOnFailure()
      Description copied from interface: MiddlewareHandler
      Indicate if this middleware handler will continue on failure or not.
      Specified by:
      isContinueOnFailure in interface MiddlewareHandler
      Returns:
      boolean true if continue on failure

    • isAudited

      public boolean isAudited()
      Description copied from interface: MiddlewareHandler
      Indicate if this middleware handler is audited or not.
      Specified by:
      isAudited in interface MiddlewareHandler
      Returns:
      boolean true if audited

    • isAsynchronous

      public boolean isAsynchronous()
      Description copied from interface: LambdaHandler
      Indicate if this middleware handler is asynchronous or not.
      Specified by:
      isAsynchronous in interface LambdaHandler
      Returns:
      boolean true if asynchronous