it's quite simple to secure/protect an ASP.NET Web API with OWIN (Katana). Now, I'm looking for a Java library that offers OWIN-similar features, so that I can secure my Java-based Web APIs. Only GET and POST requests with a Bearer token in the header are allowed, otherwise a HTTP 401 should be returned. Therefore the library should be able to verify the Bearer token.
Any hint, link, reference, etc. is highly appreciated. Thanks! Dominik
BearerToken.parse(String) in authlete-java-common covers the three ways to extract an access token described in RFC 6750 (Bearer Token Usage).
// Case 1:
// Extract an access token from 'Authorization' HTTP header.
// The value of 'Authorization' HTTP header.
String authorization = ...;
// Extract an access token from 'Authorization' HTTP header.
String accessToken = BearerToken.parse(authorization);
// Case 2:
// Extract an access token from the entity body of a POST request.
// Entity body formatted in 'application/x-www-url-encoded'.
String body = ...;
// Extract an access token.
String accessToken = BearerToken.parse(body);
// Case 3:
// Extract an access token from the query string of a GET request.
// Query string.
String query = ...;
// Extract an access token.
String accessToken = BearerToken.parse(query);
Maven:
<dependency>
<groupId>com.authlete</groupId>
<artifactId>authlete-java-common</artifactId>
<version>1.3</version>
</dependency>
It wouldn't take much time even if you implemented the same thing from scratch, though.
Source code -> BearerToken.java
