in edge-service/src/main/java/org/apache/servicecomb/fence/edge/AuthHandler.java [34:75]
public void handle(Invocation invocation, AsyncResponse asyncResponse) throws Exception {
String token = invocation.getContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION);
String tokenType = invocation.getContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION_TYPE);
if (token == null) {
asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated"));
return;
}
OpenIDTokenStore openIDTokenStore = BeanUtils.getBean(CommonConstants.BEAN_AUTH_OPEN_ID_TOKEN_STORE);
if (CommonConstants.AUTHORIZATION_TYPE_ID_TOKEN.equals(tokenType)) {
JWTToken jwtToken = openIDTokenStore.createIDTokenByValue(token);
if (jwtToken == null || jwtToken.isExpired()) {
asyncResponse.consumerFail(new InvocationException(403, "forbidden", "token expired or not valid."));
return;
}
// send id_token to services to apply state less validation
invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION, jwtToken.getValue());
invocation.next(asyncResponse);
} else if (CommonConstants.AUTHORIZATION_TYPE_ACCESS_TOKEN.equals(tokenType)) {
CompletableFuture<OpenIDToken> openIDTokenFuture = openIDTokenStore.readTokenByAccessToken(token);
openIDTokenFuture.whenComplete((res, ex) -> {
if (openIDTokenFuture.isCompletedExceptionally() || res == null || res.isExpired()) {
asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated"));
return;
}
// send id_token to services to apply state less validation
invocation.addContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION, res.getIdToken().getValue());
try {
invocation.next(asyncResponse);
} catch (Exception e) {
asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated"));
return;
}
});
} else {
asyncResponse.consumerFail(new InvocationException(403, "forbidden", "not authenticated"));
return;
}
}