...
The AccessTokenValidatorService is a CXF specific OAuth2 service for accepting the remote access token validation requests. Typically, OAuthRequestFilter (see below) may choose to impersonate itself as a third-party client and will ask AccessTokenValidatorService to return the information relevant to the current access token, before setting up a security context. More on it below.
TokenIntrospectionService
The TokenIntrospectionService is a standard OAuth2 service for accepting the remote access token introspection requests. See RFC 7662.
TokenRevocationService
TokenRevocationService is a simple OAuth2 service supporting the clients wishing to revoke the access or refresh tokens they own themselves, please see OAuth2 Token Revocation Draft for more information.
...