Class SwtVerifyMiddleware
- java.lang.Object
-
- com.networknt.aws.lambda.handler.middleware.security.SwtVerifyMiddleware
-
- All Implemented Interfaces:
LambdaHandler,MiddlewareHandler
public class SwtVerifyMiddleware extends Object implements MiddlewareHandler
-
-
Field Summary
Fields Modifier and Type Field Description static com.networknt.security.SwtVerifierswtVerifier-
Fields inherited from interface com.networknt.aws.lambda.handler.LambdaHandler
DISABLED_LAMBDA_HANDLER_RETURN, SUCCESS_LAMBDA_HANDLER_RETURN
-
-
Constructor Summary
Constructors Constructor Description SwtVerifyMiddleware()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description com.networknt.status.Statusexecute(LightLambdaExchange exchange)voidgetCachedConfigurations()protected StringgetScopeToken(String authorization, Map<String,String> headerMap)Get authToken (JWT or SWT) from X-Scope-Token header.com.networknt.status.StatushandleSwt(LightLambdaExchange exchange, String reqPath, List<String> jwkServiceIds)protected com.networknt.status.StatushasValidScope(String scopeHeader, List<String> secondaryScopes, com.networknt.client.oauth.TokenInfo tokenInfo, com.networknt.oas.model.Operation operation)Makes sure the provided scope in the JWT or SWT is valid for the main scope or secondary scopes.protected com.networknt.status.StatushasValidSecondaryScopes(LightLambdaExchange exchange, String scopeSwt, List<String> secondaryScopes, String reqPath, List<String> jwkServiceIds, Map<String,Object> auditInfo)Check is the request has secondary scopes, and they are valid.booleanisAsynchronous()Indicate if this middleware handler is asynchronous or not.booleanisAudited()Indicate if this middleware handler is audited or not.booleanisContinueOnFailure()Indicate if this middleware handler will continue on failure or not.booleanisEnabled()Indicate if this handler is enabled or not.protected booleanmatchedScopes(List<String> tokenScopes, Collection<String> specScopes)voidregister()Register this handler to the handler registration.voidreload()Reload config values in case the config values changed by config server.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface com.networknt.aws.lambda.handler.LambdaHandler
disabledMiddlewareStatus, isResponseMiddleware, successMiddlewareStatus
-
-
-
-
Method Detail
-
execute
public com.networknt.status.Status execute(LightLambdaExchange exchange)
- Specified by:
executein interfaceLambdaHandler
-
handleSwt
public com.networknt.status.Status handleSwt(LightLambdaExchange exchange, String reqPath, List<String> jwkServiceIds)
-
hasValidScope
protected com.networknt.status.Status hasValidScope(String scopeHeader, List<String> secondaryScopes, com.networknt.client.oauth.TokenInfo tokenInfo, com.networknt.oas.model.Operation operation)
Makes sure the provided scope in the JWT or SWT is valid for the main scope or secondary scopes.- Parameters:
scopeHeader- - the scope headersecondaryScopes- - list of secondary scopes (can be empty)tokenInfo- - TokenInfo returned from the introspectionoperation- - the openapi operation- Returns:
- - return status to indicate if valid or not
-
matchedScopes
protected boolean matchedScopes(List<String> tokenScopes, Collection<String> specScopes)
-
hasValidSecondaryScopes
protected com.networknt.status.Status hasValidSecondaryScopes(LightLambdaExchange exchange, String scopeSwt, List<String> secondaryScopes, String reqPath, List<String> jwkServiceIds, Map<String,Object> auditInfo)
Check is the request has secondary scopes, and they are valid.- Parameters:
exchange- - current exchangescopeSwt- - the swt token that associate with a scopesecondaryScopes- - Initially an empty list that is then filled with the secondary scopes if there are any.reqPath- - the request path as stringjwkServiceIds- - a list of serviceIds for jwk loadingauditInfo- - a map of audit info properties- Returns:
- - return Status to indicate valid or not.
-
getScopeToken
protected String getScopeToken(String authorization, Map<String,String> headerMap)
Get authToken (JWT or SWT) from X-Scope-Token header. This covers situations where there is a secondary auth token.- Parameters:
authorization- - The auth token from authorization headerheaderMap- - complete header map- Returns:
- - return either x-scope-token or the initial auth token
-
getCachedConfigurations
public void getCachedConfigurations()
- Specified by:
getCachedConfigurationsin interfaceMiddlewareHandler
-
isEnabled
public boolean isEnabled()
Description copied from interface:LambdaHandlerIndicate if this handler is enabled or not.- Specified by:
isEnabledin interfaceLambdaHandler- Returns:
- boolean true if enabled
-
register
public void register()
Description copied from interface:LambdaHandlerRegister this handler to the handler registration.- Specified by:
registerin interfaceLambdaHandler
-
reload
public void reload()
Description copied from interface:LambdaHandlerReload config values in case the config values changed by config server.- Specified by:
reloadin interfaceLambdaHandler
-
isContinueOnFailure
public boolean isContinueOnFailure()
Description copied from interface:MiddlewareHandlerIndicate if this middleware handler will continue on failure or not.- Specified by:
isContinueOnFailurein interfaceMiddlewareHandler- Returns:
- boolean true if continue on failure
-
isAudited
public boolean isAudited()
Description copied from interface:MiddlewareHandlerIndicate if this middleware handler is audited or not.- Specified by:
isAuditedin interfaceMiddlewareHandler- Returns:
- boolean true if audited
-
isAsynchronous
public boolean isAsynchronous()
Description copied from interface:LambdaHandlerIndicate if this middleware handler is asynchronous or not.- Specified by:
isAsynchronousin interfaceLambdaHandler- Returns:
- boolean true if asynchronous
-
-