Package org.eclipse.lyo.server.oauth.core.utils

Class AbstractAdapterCredentialsFilter<Credentials,Connection>

java.lang.Object

org.eclipse.lyo.server.oauth.core.utils.AbstractAdapterCredentialsFilter<Credentials,Connection>

Type Parameters:

Connection - Type for connection object to your tool

Credentials - Type for credentials for your tool. (e.g. UsernamePasswordCredentials)

All Implemented Interfaces:

Filter

public abstract class AbstractAdapterCredentialsFilter<Credentials,Connection>
extends Object
implements Filter

Overview

Purpose: Provide a JEE Servlet filter base implementation for accepting both HTTP basic and OAuth provider authentication, connecting your tool using the credentials, and managing the connections.

With this credentitals filter:

• Your Webapp can accepts HTTP Basic authentication
• Your Webapp can works as an OAuth provider

Once user entered credentials via HTTP Basic auth or OAuth, it is passed to a callback method getCredentialsFromRequest(HttpServletRequest) or getCredentialsForOAuth(String, String) so that your implementation can build a Credentials object from the given data. And then, next callback method login(Object, HttpServletRequest) is invoked for authenticate the credentials and building connection to your back-end tool. Concrete types of the credentials and the connection can be specified as type parameters of this class.

While processing a request, the credentials and the connection are available as attributes of the request. Your subsequent process such as HttpServlet.service(ServletRequest, ServletResponse) can extract and use them for accessing your tool. You can use getConnector(HttpServletRequest) and getCredentials(HttpServletRequest) to retrieve them from the request.

Usage

You have to subclass this class and give implementations for the following methods:

• login(Object, HttpServletRequest)
• getCredentialsFromRequest(HttpServletRequest)
• getCredentialsForOAuth(String, String)
• isAdminSession(String, Object, HttpServletRequest)
• createConsumerStore()
• logout(Object, HttpSession) (optional)

Then, add the follwoing filter-mapping to your web.xml:

   <filter>
    <display-name>[YOUR FILTER CLASS NAME (MyFilter)]</display-name>
    <filter-name>[YOUR FILTER CLASS NAME (MyFilter)]</filter-name>
    <filter-class>[FULLY QUALIFIED YOUR FILTER CLASS NAME (com.example.MyFilter)]</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>[YOUR FILTER CLASS NAME (MyFilter)]</filter-name>
    <url-pattern>/services/*</url-pattern>
  </filter-mapping>
 

Field Summary

Fields

Modifier and Type	Field	Description
static String	ADMIN_SESSION_ATTRIBUTE
static String	CONNECTOR_ATTRIBUTE
static String	CREDENTIALS_ATTRIBUTE
static String	JAZZ_INVALID_EXPIRED_TOKEN_OAUTH_PROBLEM
static String	OAUTH_EMPTY_TOKEN_KEY

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	AbstractAdapterCredentialsFilter(String displayName, String realm)	Constructor

Method Summary

Modifier and Type	Method	Description
protected abstract ConsumerStore	createConsumerStore()	Invoked from this class to create ConsumerStore for OAuth keys.
void	destroy()
protected void	doChainDoFilterWithConnector(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Connection connector)	The default implementation is:
void	doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)	Check for OAuth or BasicAuth credentials and challenge if not found.
static <T> T	getConnector(HttpServletRequest request)	get Connector assigned to this request The connector should be placed in the session by the CredentialsFilter servlet filter
static <T> T	getCredentials(HttpServletRequest request)	Get Credentials for this session
protected abstract Credentials	getCredentialsForOAuth(String id, String password)	Create a Credentials object from given user id and password.
protected abstract Credentials	getCredentialsFromRequest(HttpServletRequest request)	Extract credentials from the request and return it.
protected String	getDisplayName()
protected String	getOAuthRealm()
void	init(FilterConfig filterConfig)
protected abstract boolean	isAdminSession(String id, Connection session, HttpServletRequest request)	Tell if this is an admin session.
protected abstract Connection	login(Credentials crdentials, HttpServletRequest request)	Create connection to your tool using the given credentials, and returns the connection.
protected void	logout(Connection loginSession, HttpSession session)	Logout

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CONNECTOR_ATTRIBUTE

public static final String CONNECTOR_ATTRIBUTE

See Also:

Constant Field Values

CREDENTIALS_ATTRIBUTE

public static final String CREDENTIALS_ATTRIBUTE

See Also:

Constant Field Values

ADMIN_SESSION_ATTRIBUTE

public static final String ADMIN_SESSION_ATTRIBUTE

See Also:

Constant Field Values

JAZZ_INVALID_EXPIRED_TOKEN_OAUTH_PROBLEM

public static final String JAZZ_INVALID_EXPIRED_TOKEN_OAUTH_PROBLEM

See Also:

Constant Field Values

OAUTH_EMPTY_TOKEN_KEY

public static final String OAUTH_EMPTY_TOKEN_KEY

Constructor Detail

AbstractAdapterCredentialsFilter

protected AbstractAdapterCredentialsFilter(String displayName,
                                           String realm)

Constructor

Parameters:

displayName - application name displayed on the login prompt

realm - realm for this adapter

Method Detail

getCredentialsFromRequest

protected abstract Credentials getCredentialsFromRequest(HttpServletRequest request)
                                                  throws UnauthorizedException

Extract credentials from the request and return it.

Parameters:

request - HttpServletRequest

Returns:

credentials

Throws:

UnauthorizedException - iff no login credentials associated to the request.

getCredentialsForOAuth

protected abstract Credentials getCredentialsForOAuth(String id,
                                                      String password)

Create a Credentials object from given user id and password.

For OAuth two-legged request, the id is set to OAUTH_EMPTY_TOKEN_KEY object. Implementor can compare the value using == to identify the request. In the request the consumer key is set to the password. So you might find a functional user associated to the consumer key with the value.

Parameters:

id - user id or OAUTH_EMPTY_TOKEN_KEY

password - password or OAuth consumer key

Returns:

credentials

login

protected abstract Connection login(Credentials crdentials,
                                    HttpServletRequest request)
                             throws UnauthorizedException,
                                    ServletException

Create connection to your tool using the given credentials, and returns the connection.

Parameters:

crdentials - credentials for login

request - HttpServletRequest

Returns:

connection that represents the successful login session

Throws:

UnauthorizedException - credentials is invalid

ServletException - other exceptional situation

logout

protected void logout(Connection loginSession,
                      HttpSession session)

Logout

Parameters:

loginSession -

session -

isAdminSession

protected abstract boolean isAdminSession(String id,
                                          Connection session,
                                          HttpServletRequest request)

Tell if this is an admin session. For admin session, Lyo provides user-interface to accept provisional authentication key.

Parameters:

id -

session -

request -

Returns:

createConsumerStore

protected abstract ConsumerStore createConsumerStore()
                                              throws Exception

Invoked from this class to create ConsumerStore for OAuth keys. Typical implementation can be:

return new FileSystemConsumerStore("YourOAuthStore.xml");
 

Returns:

Throws:

Exception

getConnector

public static <T> T getConnector(HttpServletRequest request)

get Connector assigned to this request The connector should be placed in the session by the CredentialsFilter servlet filter

Parameters:

request -

Returns:

connector

getCredentials

public static <T> T getCredentials(HttpServletRequest request)

Get Credentials for this session

Parameters:

request -

Returns:

credentials

getOAuthRealm

protected String getOAuthRealm()

getDisplayName

protected String getDisplayName()

destroy

public void destroy()

Specified by:

destroy in interface Filter

doFilter

public void doFilter(ServletRequest servletRequest,
                     ServletResponse servletResponse,
                     FilterChain chain)
              throws IOException,
                     ServletException

Check for OAuth or BasicAuth credentials and challenge if not found. Store the Connector in the HttpSession for retrieval in the REST services.

Specified by:

doFilter in interface Filter

Throws:

IOException

ServletException

doChainDoFilterWithConnector

protected void doChainDoFilterWithConnector(HttpServletRequest request,
                                            HttpServletResponse response,
                                            FilterChain chain,
                                            Connection connector)
                                     throws IOException,
                                            ServletException

The default implementation is:

 request.setAttribute(CONNECTOR_ATTRIBUTE, connector);
 chain.doFilter(request, response);

Subclass may invoke the chain.doFilter() directly instead of invoking super method.

Parameters:

request - HttpServletRequest

response - HttpServletResponse

chain - FilterChain

connector - AbstractAdapterCredentialsFilter to be used for processing rest of the chain (i.e. REST request)

Throws:

IOException

ServletException

init

public void init(FilterConfig filterConfig)
          throws ServletException

Specified by:

init in interface Filter

Throws:

ServletException