AuthorizationCode.java example

Explorer
uma-master
- oxAuth-master
/*
 * oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.
 *
 * Copyright (c) 2014, Gluu
 */

package org.xdi.oxauth.model.common;

import java.util.Date;

/**
 * <p>
 * The authorization code is obtained by using an authorization server as an
 * intermediary between the client and resource owner. Instead of requesting
 * authorization directly from the resource owner, the client directs the
 * resource owner to an authorization server (via its user- agent as defined in
 * [RFC2616]), which in turn directs the resource owner back to the client with
 * the authorization code.
 * </p>
 * <p>
 * Before directing the resource owner back to the client with the authorization
 * code, the authorization server authenticates the resource owner and obtains
 * authorization. Because the resource owner only authenticates with the
 * authorization server, the resource owner's credentials are never shared with
 * the client.
 * </p>
 * <p>
 * The authorization code provides a few important security benefits such as the
 * ability to authenticate the client, and the transmission of the access token
 * directly to the client without passing it through the resource owner's
 * user-agent, potentially exposing it to others, including the resource owner.
 * </p>
 *
 * @author Javier Rojas Blum Date: 09.29.2011
 */
public class AuthorizationCode extends AbstractToken {

    private boolean used;

    /**
     * <p>
     * Constructs an authorization code.
     * </p>
     * <p>
     * When created, a token is valid for a given lifetime, and after this
     * period of time, it will be marked as expired automatically by a
     * background process.
     * </p>
     * <p>
     * When required, the token can be marked as revoked.
     * </p>
     *
     * @param lifeTime The life time of the token.
     */
    public AuthorizationCode(int lifeTime) {
        super(lifeTime);
        used = false;
    }

    public AuthorizationCode(String code, Date creationDate, Date expirationDate) {
        super(code, creationDate, expirationDate);
        used = false;
        checkExpired();
    }

    /**
     * Checks whether a token is valid. An authorization code is valid if
     * it has not been used before, not revoked and not expired.
     */
    @Override
    public boolean isValid() {
        return super.isValid() && !used;
    }

    /**
     * Returns whether an authorization code has been used.
     *
     * @return <code>true</code> if the authorization code has been used.
     */
    public boolean isUsed() {
        return used;
    }

    /**
     * Sets the flag to indicate whether a token has been used.
     * The authorization code must be used only once and after
     * it must be marked as used.
     *
     * @param used Used or not.
     */
    public synchronized void setUsed(boolean used) {
        this.used = used;
    }
}