de.alpharogroup.service.rs.filter

Class AuthenticationFilter

java.lang.Object

de.alpharogroup.service.rs.filter.AuthenticationFilter

All Implemented Interfaces:

javax.ws.rs.container.ContainerRequestFilter

@Provider
 @Priority(value=1000)
public abstract class AuthenticationFilter
extends java.lang.Object
implements javax.ws.rs.container.ContainerRequestFilter

The class AuthenticationFilter authenticates given tokens from request of users or accounts.

An authentication scheme based on tokens follow these steps:

1. The client sends their credentials (username and password) to the server.
2. The server authenticates the credentials and, if they are valid, generate a token for the user.
3. The server stores the previously generated token in some storage along with the user identifier and an expiration date.
4. The server sends the generated token to the client.
5. The client sends the token to the server in each request.
6. The server, in each request, extracts the token from the incoming request. With the token, the server looks up the user details to perform authentication.
   • If the token is valid, the server accepts the request.
   • If the token is invalid, the server refuses the request.
7. Once the authentication has been performed, the server performs authorization.
8. The server can provide an endpoint to refresh tokens.

Note: The step 3 is not required if the server has issued a signed token (such as JWT, which allows you to perform stateless authentication). Note: also see Best practice for REST token-based authentication with JAX-RS and Jersey

Constructor Summary

Constructors

Constructor and Description
AuthenticationFilter()

Method Summary

Modifier and Type	Method and Description
void	filter(javax.ws.rs.container.ContainerRequestContext requestContext)
protected boolean	isSecured() Checks if is the resourceClass is annotated with the annotation Securable.
protected boolean	isSecureRequest(javax.servlet.http.HttpServletRequest request) Checks if the current request is a secure request, means that the scheme is https
protected boolean	isSigninPath(java.lang.String path) Checks if the given path is a sign in path.
protected boolean	isSigninRequest(javax.ws.rs.container.ContainerRequestContext requestContext) Checks if the current request is a is a sign request.
protected java.lang.String	newAuthenticationScheme() Factory callback method for create a new authentication scheme for the header key 'WWW-Authenticate'.
protected javax.ws.rs.core.Response	newFaultResponse() Factory callback method for create a new Response with a 401 status code
protected java.lang.String	newRealmValue() Factory callback method for create a new realm value for the header key 'WWW-Authenticate'.
protected javax.ws.rs.core.SecurityContext	newSecurityContext(java.lang.String username) Factory method for create a new security context with the given user name.
protected abstract java.lang.String	onValidateToken(java.lang.String token) Abstract callback method that checks if the given token is valid.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthenticationFilter

public AuthenticationFilter()

Method Detail

filter

public void filter(javax.ws.rs.container.ContainerRequestContext requestContext)
            throws java.io.IOException

Specified by:

filter in interface javax.ws.rs.container.ContainerRequestFilter

Throws:

java.io.IOException

isSecured

protected boolean isSecured()

Checks if is the resourceClass is annotated with the annotation Securable.

Returns:

true, if is the resourceClass is annotated with the annotation Securable.

isSigninPath

protected boolean isSigninPath(java.lang.String path)

Checks if the given path is a sign in path. Overwrite this method to provide specific sign in path for your application.

Parameters:

path - the sign in path to check.

Returns:

true, if the given path is a sign in path otherwise false.

isSigninRequest

protected boolean isSigninRequest(javax.ws.rs.container.ContainerRequestContext requestContext)
                           throws java.lang.Exception

Checks if the current request is a is a sign request.

Parameters:

requestContext - the request context

Returns:

true, if the current request is a is a sign request.

Throws:

java.lang.Exception - occurs if some error like the scheme is not https

isSecureRequest

protected boolean isSecureRequest(javax.servlet.http.HttpServletRequest request)

Checks if the current request is a secure request, means that the scheme is https

Parameters:

request - the request

Returns:

true, if is secure request

newAuthenticationScheme

protected java.lang.String newAuthenticationScheme()

Factory callback method for create a new authentication scheme for the header key 'WWW-Authenticate'. Overwrite to set specific application authentication scheme.

Returns:

the new authentication scheme.

newFaultResponse

protected javax.ws.rs.core.Response newFaultResponse()

Factory callback method for create a new Response with a 401 status code

Returns:

the new fault Response object

newRealmValue

protected java.lang.String newRealmValue()

Factory callback method for create a new realm value for the header key 'WWW-Authenticate'. Overwrite to set specific application realm value.

Returns:

the new realm value.

newSecurityContext

protected javax.ws.rs.core.SecurityContext newSecurityContext(java.lang.String username)

Factory method for create a new security context with the given user name.

Parameters:

username - the user name

Returns:

the security context

onValidateToken

protected abstract java.lang.String onValidateToken(java.lang.String token)
                                             throws java.lang.Exception

Abstract callback method that checks if the given token is valid. For instance if it is not expired.

Parameters:

token - the token

Returns:

the string the user name

Throws:

java.lang.Exception - if the token is not valid