Class OAuthFilter
- java.lang.Object
-
- com.sodius.oslc.server.services.HttpFilter
-
- com.sodius.oslc.server.oauth.services.OAuthFilter
-
- All Implemented Interfaces:
Filter
public abstract class OAuthFilter extends HttpFilter
A filter that configures a OAuthServer and ensures requests requiring restricted access are authenticated. Possible authentications are:- OAuth - check for valid Access token or perform the OAuth dance
- Basic - check for valid user credentials
- Session - if no Authorization header on the request, use the OAuthIdentity from the HTTP session, if any
com.sodius.oslc.server.accessControl
extension point to indicate servlet paths that require authentication of those which can be freely accessed.If the OSLC provider application does not run in an OSGi container, the access control should be done by overriding the
isProtected(HttpServletRequest request)
method.Starting the 3.3.0 version, this class requires an
OAuthIdentityTokenStrategy
implementationset as the token strategy
to work properly and usesClusterableTokenStrategy
by default. The tokens cache expiration is now defined byCacheConfiguration.OAUTH_TOKENS
cache configuration instead of theOptions.OAUTH_TOKEN_CACHE_DURATION
context parameter
.- Since:
- 1.3.0
- See Also:
OAuthServer.getInstance(ServletContext)
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
OAuthFilter()
Creates a new instance of the filter.
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected abstract OAuthApplication
createOAuthApplication(ServletContext context)
Creates a new OAuth Application given the specified servlet context.protected abstract OAuthServer
createOAuthServer(ServletContext context)
Creates a new OAuth Server given the specified servlet context.protected void
doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
If the servlet being accessed requires user authentication, this filter performs the authentication challenge.protected Optional<OAuthIdentity>
getLoggedInUser(HttpServletRequest request)
Gets the identity of the user currently logged in the application,null
if none is found.void
init(FilterConfig filterConfig)
Initialization is realized by configuring instances of OAuthServer and OAuthApplication for the given servlet context.protected boolean
isProtected(HttpServletRequest request)
Determines whether a request URI requires user authentication.-
Methods inherited from class com.sodius.oslc.server.services.HttpFilter
destroy, doFilter, handleOslcError
-
-
-
-
Method Detail
-
init
public void init(FilterConfig filterConfig) throws ServletException
Initialization is realized by configuring instances of OAuthServer and OAuthApplication for the given servlet context. Once this filter is initialized, theOAuthServer.getInstance(request)
method can safely be used.- Specified by:
init
in interfaceFilter
- Overrides:
init
in classHttpFilter
- Parameters:
filterConfig
- the configuration of the filter.- Throws:
ServletException
- not thrown by this implementation.- See Also:
createOAuthServer(ServletContext)
,createOAuthApplication(ServletContext)
,OAuthServer.getInstance(ServletContext)
-
createOAuthServer
protected abstract OAuthServer createOAuthServer(ServletContext context) throws ServletException
Creates a new OAuth Server given the specified servlet context.- Parameters:
context
- the servlet context.- Returns:
- the created OAuth Server.
- Throws:
ServletException
- if an error occurred while creating an instance.
-
createOAuthApplication
protected abstract OAuthApplication createOAuthApplication(ServletContext context) throws ServletException
Creates a new OAuth Application given the specified servlet context.- Parameters:
context
- the servlet context.- Returns:
- the created OAuth Application
- Throws:
ServletException
- if an error occurred while creating an instance.
-
isProtected
protected boolean isProtected(HttpServletRequest request)
Determines whether a request URI requires user authentication.This is a default implementation that requires an OSGi container, and is based on the
com.sodius.oslc.server.accessControl
extension point.- Parameters:
request
- the HTTP servlet request- Returns:
- true if the request requires an authentication, false otherwise
- Since:
- 1.8.0
-
doFilter
protected void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException
If the servlet being accessed requires user authentication, this filter performs the authentication challenge.An OSLC provider application can register extensions of the
com.sodius.oslc.server.accessControl
extension point to indicate servlet paths that require authentication of those which can be freely accessed.- Specified by:
doFilter
in classHttpFilter
- Parameters:
request
- the request.response
- the response.chain
- the filter chain to process.- Throws:
IOException
- if an I/O error occurs.ServletException
- if the filter execution fails.
-
getLoggedInUser
protected Optional<OAuthIdentity> getLoggedInUser(HttpServletRequest request)
Gets the identity of the user currently logged in the application,null
if none is found.- Parameters:
request
- the HTTP request- Returns:
- the logged-in user identity
- Since:
- 2.1.0
-
-