Package org.eclipse.lyo.server.oauth.core.utils

Class AbstractAdapterCredentialsFilter<Credentials,Connection>

java.lang.Object
org.eclipse.lyo.server.oauth.core.utils.AbstractAdapterCredentialsFilter<Credentials,Connection>
Type Parameters:
Connection - Type for connection object to your tool
Credentials - Type for credentials for your tool. (e.g. UsernamePasswordCredentials)
All Implemented Interfaces:
jakarta.servlet.Filter
public abstract class AbstractAdapterCredentialsFilter<Credentials,Connection> extends Object implements jakarta.servlet.Filter

Overview

Purpose: Provide a JEE Servlet filter base implementation for accepting both HTTP basic and OAuth provider authentication, connecting your tool using the credentials, and managing the connections.

With this credentitals filter:

  • Your Webapp can accepts HTTP Basic authentication
  • Your Webapp can works as an OAuth provider

Once user entered credentials via HTTP Basic auth or OAuth, it is passed to a callback method getCredentialsFromRequest(HttpServletRequest) or getCredentialsForOAuth(String, String) so that your implementation can build a Credentials object from the given data. And then, next callback method login(Object, HttpServletRequest) is invoked for authenticate the credentials and building connection to your back-end tool. Concrete types of the credentials and the connection can be specified as type parameters of this class.

While processing a request, the credentials and the connection are available as attributes of the request. Your subsequent process such as HttpServlet.service(ServletRequest, ServletResponse) can extract and use them for accessing your tool. You can use getConnector(HttpServletRequest) and getCredentials(HttpServletRequest) to retrieve them from the request.

Usage

You have to subclass this class and give implementations for the following methods:

Then, add the follwoing filter-mapping to your web.xml: 
   <filter>
    <display-name>[YOUR FILTER CLASS NAME (MyFilter)]</display-name>
    <filter-name>[YOUR FILTER CLASS NAME (MyFilter)]</filter-name>
    <filter-class>[FULLY QUALIFIED YOUR FILTER CLASS NAME (com.example.MyFilter)]</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>[YOUR FILTER CLASS NAME (MyFilter)]</filter-name>
    <url-pattern>/services/*</url-pattern>
  </filter-mapping>

  • Field Details

  • Constructor Details

    • AbstractAdapterCredentialsFilter

      protected AbstractAdapterCredentialsFilter(String displayName, String realm)
      Constructor
      Parameters:
      displayName - application name displayed on the login prompt
      realm - realm for this adapter

  • Method Details

    • getCredentialsFromRequest

      protected abstract Credentials getCredentialsFromRequest(jakarta.servlet.http.HttpServletRequest request) throws UnauthorizedException
      Extract credentials from the request and return it.
      Parameters:
      request - HttpServletRequest
      Returns:
      credentials
      Throws:
      UnauthorizedException - iff no login credentials associated to the request.

    • getCredentialsForOAuth

      protected abstract Credentials getCredentialsForOAuth(String id, String password)
      Create a Credentials object from given user id and password.

      For OAuth two-legged request, the id is set to OAUTH_EMPTY_TOKEN_KEY object. Implementor can compare the value using == to identify the request. In the request the consumer key is set to the password. So you might find a functional user associated to the consumer key with the value.

      Parameters:
      id - user id or OAUTH_EMPTY_TOKEN_KEY
      password - password or OAuth consumer key
      Returns:
      credentials

    • login

      protected abstract Connection login(Credentials crdentials, jakarta.servlet.http.HttpServletRequest request) throws UnauthorizedException, jakarta.servlet.ServletException
      Create connection to your tool using the given credentials, and returns the connection.
      Parameters:
      crdentials - credentials for login
      request - HttpServletRequest
      Returns:
      connection that represents the successful login session
      Throws:
      UnauthorizedException - credentials is invalid
      jakarta.servlet.ServletException - other exceptional situation

    • logout

      protected void logout(Connection loginSession, jakarta.servlet.http.HttpSession session)
      Logout
      Parameters:
      loginSession -
      session -

    • isAdminSession

      protected abstract boolean isAdminSession(String id, Connection session, jakarta.servlet.http.HttpServletRequest request)
      Tell if this is an admin session. For admin session, Lyo provides user-interface to accept provisional authentication key.
      Parameters:
      id -
      session -
      request -
      Returns:

    • createConsumerStore

      protected abstract ConsumerStore createConsumerStore() throws Exception
      Invoked from this class to create ConsumerStore for OAuth keys. Typical implementation can be: 
      return new FileSystemConsumerStore("YourOAuthStore.xml");
      Returns:
      Throws:
      Exception

    • getServletUri

      protected String getServletUri()
      Gets the official servlet URL in case this can differ from that in the individual requests.
      See Also:

    • isProtectedResource

      protected boolean isProtectedResource(jakarta.servlet.http.HttpServletRequest request)
      Check if the resource is protected
      Returns:
      true - the resource is protected, otherwise false

    • setConnector

      public static <T> void setConnector(jakarta.servlet.http.HttpServletRequest request, T connector)
      set Connector for this session
      Parameters:
      request -
      connector -

    • setCredentials

      public static <T> void setCredentials(jakarta.servlet.http.HttpServletRequest request, T credentials)
      set Credentials for this session
      Parameters:
      request -
      credentials -

    • getConnector

      public static <T> T getConnector(jakarta.servlet.http.HttpServletRequest request)
      get Connector assigned to this request The connector should be placed in the session by the CredentialsFilter servlet filter
      Parameters:
      request -
      Returns:
      connector

    • getCredentials

      public static <T> T getCredentials(jakarta.servlet.http.HttpServletRequest request)
      Get Credentials for this session
      Parameters:
      request -
      Returns:
      credentials

    • removeConnector

      public static <T> void removeConnector(jakarta.servlet.http.HttpServletRequest request)
      remove Connector from this session
      Parameters:
      request -

    • removeCredentials

      public static <T> void removeCredentials(jakarta.servlet.http.HttpServletRequest request)
      remove Credentials from this session
      Parameters:
      request -

    • removeToken

      public static <T> void removeToken(jakarta.servlet.http.HttpServletRequest request)
      remove the mapping from the oauth token to the Connector saved in the current request. This is typically needed when the application deems that the oauth token is no longer valid. The application should also remove the Connector from the session.
      Parameters:
      request -

    • getOAuthRealm

      protected String getOAuthRealm()

    • getDisplayName

      protected String getDisplayName()

    • destroy

      public void destroy()
      Specified by:
      destroy in interface jakarta.servlet.Filter

    • doFilter

      public void doFilter(jakarta.servlet.ServletRequest servletRequest, jakarta.servlet.ServletResponse servletResponse, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException
      Check for OAuth or BasicAuth credentials and challenge if not found. Store the Connector in the HttpSession for retrieval in the REST services.
      Specified by:
      doFilter in interface jakarta.servlet.Filter
      Throws:
      IOException
      jakarta.servlet.ServletException

    • doChainDoFilterWithConnector

      protected void doChainDoFilterWithConnector(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain chain, Connection connector) throws IOException, jakarta.servlet.ServletException
      The default implementation is: 
       request.setAttribute(CONNECTOR_ATTRIBUTE, connector);
 chain.doFilter(request, response);
      Subclass may invoke the chain.doFilter() directly instead of invoking super method.
      Parameters:
      request - HttpServletRequest
      response - HttpServletResponse
      chain - FilterChain
      connector - AbstractAdapterCredentialsFilter to be used for processing rest of the chain (i.e. REST request)
      Throws:
      IOException
      jakarta.servlet.ServletException

    • handleUnauthorizedRequest

      protected boolean handleUnauthorizedRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws UnauthorizedException
      The default implementation is to thrown an UnauthorizedException, which in turn causes sendUnauthorizedResponse() to be called. This means chain.doFilter() is not called, and no filters in the chain are called.
      Parameters:
      response -
      request -
      Returns:
      true if the filter is to interrupt the chain of filters. that is, the current doFilter() method should simply return, without calling chain.doFilter().
      Throws:
      UnauthorizedException

    • init

      public void init(jakarta.servlet.FilterConfig filterConfig) throws jakarta.servlet.ServletException
      Specified by:
      init in interface jakarta.servlet.Filter
      Throws:
      jakarta.servlet.ServletException