001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2014 ForgeRock AS.
015 */
016
017package org.forgerock.openig.filter.oauth2.challenge;
018
019import org.forgerock.openig.http.Response;
020
021/**
022 * Builds an error {@link Response} when the request is invalid (missing param, malformed, ...).
023 * <p>
024 * Example:
025 * <pre>
026 *     HTTP/1.1 400 Bad Request
027 *     WWW-Authenticate: Bearer realm="example",
028 *                              error="invalid_request",
029 *                              error_description="...."
030 * </pre>
031 */
032public class InvalidRequestChallengeHandler extends AuthenticateChallengeHandler {
033
034    private static final String INVALID_REQUEST_DESCRIPTION = "The request is missing a required parameter, "
035            + "includes an unsupported parameter or parameter value, repeats the same parameter, "
036            + "uses more than one method for including an access token, or is otherwise malformed.";
037
038    /**
039     * Builds a new InvalidRequestChallengeHandler with a default error description and no error page URI.
040     *
041     * @param realm
042     *         mandatory realm value.
043     */
044    public InvalidRequestChallengeHandler(final String realm) {
045        this(realm, null);
046    }
047
048    /**
049     * Builds a new InvalidRequestChallengeHandler with a default error description.
050     *
051     * @param realm
052     *         mandatory realm value.
053     * @param invalidRequestUri
054     *         error uri page (will be omitted if {@literal null})
055     */
056    public InvalidRequestChallengeHandler(final String realm,
057                                          final String invalidRequestUri) {
058        this(realm, INVALID_REQUEST_DESCRIPTION, invalidRequestUri);
059    }
060
061    /**
062     * Builds a new InvalidRequestChallengeHandler.
063     *
064     * @param realm
065     *         mandatory realm value.
066     * @param description
067     *         error description (will be omitted if {@literal null})
068     * @param invalidRequestUri
069     *         error uri page (will be omitted if {@literal null})
070     */
071    public InvalidRequestChallengeHandler(final String realm,
072                                          final String description,
073                                          final String invalidRequestUri) {
074        super(realm, "invalid_request", description, invalidRequestUri);
075    }
076
077    @Override
078    protected Response createResponse() {
079        Response response = new Response();
080        response.setStatus(400);
081        response.setReason("Bad Request");
082        return response;
083    }
084
085}