View Javadoc

1   package com.atlassian.asap.api.server.http;
2   
3   import com.atlassian.asap.api.Jwt;
4   import com.atlassian.asap.api.exception.AuthenticationFailedException;
5   
6   /**
7    * HTTP servers can use this service to authenticate incoming HTTP requests that include a JWT bearer token in the
8    * Authorization header, conforming to the specification of ASAP protocol.
9    *
10   * @see <a href="http://s2sauth.bitbucket.org/">ASAP Authentication</a>
11   */
12  public interface RequestAuthenticator {
13      /**
14       * Authenticates a request by validating the given authorizationHeader according to the conventions.
15       * defined in ASAP Specification
16       *
17       * @param authorizationHeader the value of the 'Authorization' header of the request to validate. This 'Authorization' header
18       *                            should contain a JWT with the necessary authentication information
19       * @return a valid JWT object corresponding to the claims body of the validated token
20       * @throws AuthenticationFailedException if there is a problem validating the token in the header.  May be an
21       *                                       instance of PermanentAuthenticationFailureException (eg. for an incorrect
22       *                                       signature, or if the claims fail to pass the mandatory validations), or an
23       *                                       instance of TransientAuthenticationFailedException (when if there is a
24       *                                       temporary problem validating the token in the header, eg. a failure to
25       *                                       retrieve the required public key)
26       */
27      Jwt authenticateRequest(String authorizationHeader) throws AuthenticationFailedException;
28  }