Class AbstractAdapterCredentialsFilter<Credentials,Connection>
- java.lang.Object
-
- org.eclipse.lyo.server.oauth.core.utils.AbstractAdapterCredentialsFilter<Credentials,Connection>
-
- Type Parameters:
Connection
- Type for connection object to your toolCredentials
- Type for credentials for your tool. (e.g. UsernamePasswordCredentials)
- All Implemented Interfaces:
Filter
public abstract class AbstractAdapterCredentialsFilter<Credentials,Connection> extends Object implements Filter
Overview
Purpose: Provide a JEE Servlet filter base implementation for accepting both HTTP basic and OAuth provider authentication, connecting your tool using the credentials, and managing the connections.With this credentitals filter:
- Your Webapp can accepts HTTP Basic authentication
- Your Webapp can works as an OAuth provider
Once user entered credentials via HTTP Basic auth or OAuth, it is passed to a callback method
getCredentialsFromRequest(HttpServletRequest)
orgetCredentialsForOAuth(String, String)
so that your implementation can build a Credentials object from the given data. And then, next callback methodlogin(Object, HttpServletRequest)
is invoked for authenticate the credentials and building connection to your back-end tool. Concrete types of the credentials and the connection can be specified as type parameters of this class.While processing a request, the credentials and the connection are available as attributes of the request. Your subsequent process such as
HttpServlet.service(ServletRequest, ServletResponse)
can extract and use them for accessing your tool. You can usegetConnector(HttpServletRequest)
andgetCredentials(HttpServletRequest)
to retrieve them from the request.Usage
You have to subclass this class and give implementations for the following methods:
login(Object, HttpServletRequest)
getCredentialsFromRequest(HttpServletRequest)
getCredentialsForOAuth(String, String)
isAdminSession(String, Object, HttpServletRequest)
createConsumerStore()
logout(Object, HttpSession)
(optional)
<filter> <display-name>[YOUR FILTER CLASS NAME (MyFilter)]</display-name> <filter-name>[YOUR FILTER CLASS NAME (MyFilter)]</filter-name> <filter-class>[FULLY QUALIFIED YOUR FILTER CLASS NAME (com.example.MyFilter)]</filter-class> </filter> <filter-mapping> <filter-name>[YOUR FILTER CLASS NAME (MyFilter)]</filter-name> <url-pattern>/services/*</url-pattern> </filter-mapping>
-
-
Field Summary
Fields Modifier and Type Field Description static String
ADMIN_SESSION_ATTRIBUTE
static String
CONNECTOR_ATTRIBUTE
static String
CREDENTIALS_ATTRIBUTE
static String
JAZZ_INVALID_EXPIRED_TOKEN_OAUTH_PROBLEM
static String
OAUTH_EMPTY_TOKEN_KEY
-
Constructor Summary
Constructors Modifier Constructor Description protected
AbstractAdapterCredentialsFilter(String displayName, String realm)
Constructor
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected abstract ConsumerStore
createConsumerStore()
Invoked from this class to createConsumerStore
for OAuth keys.void
destroy()
protected void
doChainDoFilterWithConnector(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Connection connector)
The default implementation is:void
doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
Check for OAuth or BasicAuth credentials and challenge if not found.static <T> T
getConnector(HttpServletRequest request)
get Connector assigned to this request The connector should be placed in the session by the CredentialsFilter servlet filterstatic <T> T
getCredentials(HttpServletRequest request)
Get Credentials for this sessionprotected abstract Credentials
getCredentialsForOAuth(String id, String password)
Create a Credentials object from given user id and password.protected abstract Credentials
getCredentialsFromRequest(HttpServletRequest request)
Extract credentials from the request and return it.protected String
getDisplayName()
protected String
getOAuthRealm()
void
init(FilterConfig filterConfig)
protected abstract boolean
isAdminSession(String id, Connection session, HttpServletRequest request)
Tell if this is an admin session.protected abstract Connection
login(Credentials crdentials, HttpServletRequest request)
Create connection to your tool using the given credentials, and returns the connection.protected void
logout(Connection loginSession, HttpSession session)
Logout
-
-
-
Field Detail
-
CONNECTOR_ATTRIBUTE
public static final String CONNECTOR_ATTRIBUTE
- See Also:
- Constant Field Values
-
CREDENTIALS_ATTRIBUTE
public static final String CREDENTIALS_ATTRIBUTE
- See Also:
- Constant Field Values
-
ADMIN_SESSION_ATTRIBUTE
public static final String ADMIN_SESSION_ATTRIBUTE
- See Also:
- Constant Field Values
-
JAZZ_INVALID_EXPIRED_TOKEN_OAUTH_PROBLEM
public static final String JAZZ_INVALID_EXPIRED_TOKEN_OAUTH_PROBLEM
- See Also:
- Constant Field Values
-
OAUTH_EMPTY_TOKEN_KEY
public static final String OAUTH_EMPTY_TOKEN_KEY
-
-
Method Detail
-
getCredentialsFromRequest
protected abstract Credentials getCredentialsFromRequest(HttpServletRequest request) throws UnauthorizedException
Extract credentials from the request and return it.- Parameters:
request
-HttpServletRequest
- Returns:
- credentials
- Throws:
UnauthorizedException
- iff no login credentials associated to the request.
-
getCredentialsForOAuth
protected abstract Credentials getCredentialsForOAuth(String id, String password)
Create a Credentials object from given user id and password.For OAuth two-legged request, the
id
is set toOAUTH_EMPTY_TOKEN_KEY
object. Implementor can compare the value using==
to identify the request. In the request the consumer key is set to thepassword
. So you might find a functional user associated to the consumer key with the value.- Parameters:
id
- user id orOAUTH_EMPTY_TOKEN_KEY
password
- password or OAuth consumer key- Returns:
- credentials
-
login
protected abstract Connection login(Credentials crdentials, HttpServletRequest request) throws UnauthorizedException, ServletException
Create connection to your tool using the given credentials, and returns the connection.- Parameters:
crdentials
- credentials for loginrequest
-HttpServletRequest
- Returns:
- connection that represents the successful login session
- Throws:
UnauthorizedException
- credentials is invalidServletException
- other exceptional situation
-
logout
protected void logout(Connection loginSession, HttpSession session)
Logout- Parameters:
loginSession
-session
-
-
isAdminSession
protected abstract boolean isAdminSession(String id, Connection session, HttpServletRequest request)
Tell if this is an admin session. For admin session, Lyo provides user-interface to accept provisional authentication key.- Parameters:
id
-session
-request
-- Returns:
-
createConsumerStore
protected abstract ConsumerStore createConsumerStore() throws Exception
Invoked from this class to createConsumerStore
for OAuth keys. Typical implementation can be:return new FileSystemConsumerStore("YourOAuthStore.xml");
- Returns:
- Throws:
Exception
-
getConnector
public static <T> T getConnector(HttpServletRequest request)
get Connector assigned to this request The connector should be placed in the session by the CredentialsFilter servlet filter- Parameters:
request
-- Returns:
- connector
-
getCredentials
public static <T> T getCredentials(HttpServletRequest request)
Get Credentials for this session- Parameters:
request
-- Returns:
- credentials
-
getOAuthRealm
protected String getOAuthRealm()
-
getDisplayName
protected String getDisplayName()
-
doFilter
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException
Check for OAuth or BasicAuth credentials and challenge if not found. Store the Connector in the HttpSession for retrieval in the REST services.- Specified by:
doFilter
in interfaceFilter
- Throws:
IOException
ServletException
-
doChainDoFilterWithConnector
protected void doChainDoFilterWithConnector(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Connection connector) throws IOException, ServletException
The default implementation is:request.setAttribute(CONNECTOR_ATTRIBUTE, connector); chain.doFilter(request, response);
Subclass may invoke thechain.doFilter()
directly instead of invoking super method.- Parameters:
request
-HttpServletRequest
response
-HttpServletResponse
chain
-FilterChain
connector
-AbstractAdapterCredentialsFilter
to be used for processing rest of the chain (i.e. REST request)- Throws:
IOException
ServletException
-
init
public void init(FilterConfig filterConfig) throws ServletException
- Specified by:
init
in interfaceFilter
- Throws:
ServletException
-
-