Package net.ltgt.oidc.servlet.rs

Class AbstractAuthorizationFilter

java.lang.Object

net.ltgt.oidc.servlet.rs.AbstractAuthorizationFilter

All Implemented Interfaces:

jakarta.ws.rs.container.ContainerRequestFilter

Direct Known Subclasses:

HasRoleFilter, IsAuthenticatedFilter

@Priority(2000)
public abstract class AbstractAuthorizationFilter
extends Object
implements jakarta.ws.rs.container.ContainerRequestFilter

Field Summary

Fields

Modifier and Type	Field	Description
static final String	IS_PRIVATE_PROPERTY_NAME
protected HttpServletRequest	servletRequest

Constructor Summary

Constructors

Constructor	Description
AbstractAuthorizationFilter()

Method Summary

Modifier and Type	Method	Description
protected void	configureAuthenticationRequest(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext, AuthenticationRequest.Builder builder)	Configures the authentication request when redirecting to the OpenID Provider.
void	filter(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext)
protected AuthenticationRedirector	getAuthenticationRedirector()	Returns the configured authentication redirector.
protected abstract boolean	isAuthorized(jakarta.ws.rs.core.SecurityContext securityContext)	Returns whether the user is authorized.
protected void	redirectToAuthenticationEndpoint(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext)	This method is called whenever the user is not authorized and the request is a safe navigation request.
protected void	sendUnauthorized(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext)	This method is called whenever is not authorized and the request is not a safe navigation request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

IS_PRIVATE_PROPERTY_NAME

public static final String IS_PRIVATE_PROPERTY_NAME

servletRequest

@Context
protected HttpServletRequest servletRequest

Constructor Details

AbstractAuthorizationFilter

public AbstractAuthorizationFilter()

Method Details

filter

public void filter(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext)
            throws IOException

Specified by:

filter in interface jakarta.ws.rs.container.ContainerRequestFilter

Throws:

IOException

isAuthorized

protected abstract boolean isAuthorized(jakarta.ws.rs.core.SecurityContext securityContext)

Returns whether the user is authorized.

redirectToAuthenticationEndpoint

@ForOverride
protected void redirectToAuthenticationEndpoint(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext)

This method is called whenever the user is not authorized and the request is a safe navigation request.

The default implementation simply calls the globally configured AuthenticationRedirector, and allows configuring the authentication request.

Subclasses can override this method to conditionally generate different responses.

See Also:

• configureAuthenticationRequest(jakarta.ws.rs.container.ContainerRequestContext, com.nimbusds.openid.connect.sdk.AuthenticationRequest.Builder)
• HasRoleFilter
• sendUnauthorized(jakarta.ws.rs.container.ContainerRequestContext)

getAuthenticationRedirector

@ForOverride
protected AuthenticationRedirector getAuthenticationRedirector()

Returns the configured authentication redirector.

The default implementation gets it from the request's servlet context.

configureAuthenticationRequest

@ForOverride
protected void configureAuthenticationRequest(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext,
 AuthenticationRequest.Builder builder)

Configures the authentication request when redirecting to the OpenID Provider.

This method is called by the AuthenticationRedirector called by redirectToAuthenticationEndpoint(jakarta.ws.rs.container.ContainerRequestContext).

See Also:

• redirectToAuthenticationEndpoint(jakarta.ws.rs.container.ContainerRequestContext)

sendUnauthorized

@ForOverride
protected void sendUnauthorized(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext)

This method is called whenever is not authorized and the request is not a safe navigation request.

The default implementation simply throws a NotAuthorizedException without a WWW-Authenticate response header. This is not strictly HTTP-compliant as it's missing the WWW-Authenticate response header, but is a good way to signal the error to JavaScript clients making an AJAX request.

See Also:

• redirectToAuthenticationEndpoint(jakarta.ws.rs.container.ContainerRequestContext)
• HasRoleFilter