public class AuthorizationServerFilter extends Object implements javax.servlet.Filter
Filter which can be used to protect all relevant resources by
validating the oauth access token with the Authorization server. This is an
example configuration:
<filter>
<filter-name>authorization-server</filter-name>
<filter-class>org.surfnet.oaaas.auth.AuthorizationServerFilter</filter-class>
<init-param>
<param-name>resource-server-key</param-name>
<param-value>university-foo</param-value>
</init-param>
<init-param>
<param-name>resource-server-secret</param-name>
<param-value>58b749f7-acb3-44b7-a38c-53d5ad740cf6</param-value>
</init-param>
<init-param>
<param-name>authorization-server-url</param-name>
<param-value>http://<host-name>/v1/tokeninfo</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>authorization-server</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
The response of the Authorization Server is put on the
HttpServletRequest with the name
VERIFY_TOKEN_RESPONSE.
Of course it might be better to use a properties file depending on the
environment (e.g. OTAP) to get the name, secret and url. This can be achieved
simple to override the init(FilterConfig)
Also note that by default the responses from the Authorization Server are
cached. This can easily be changed if you override
cacheAccessTokens() and to configure the
cache differently override AuthorizationServerFilter#buildCache()| Modifier and Type | Field and Description |
|---|---|
static String |
VERIFY_TOKEN_RESPONSE |
| Constructor and Description |
|---|
AuthorizationServerFilter() |
| Modifier and Type | Method and Description |
|---|---|
protected com.google.common.cache.Cache<String,VerifyTokenResponse> |
buildCache(boolean recordStats) |
protected boolean |
cacheAccessTokens() |
protected com.sun.jersey.api.client.Client |
createClient() |
protected org.codehaus.jackson.map.ObjectMapper |
createObjectMapper() |
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest servletRequest,
javax.servlet.ServletResponse servletResponse,
javax.servlet.FilterChain chain) |
com.google.common.cache.Cache<String,VerifyTokenResponse> |
getCache() |
protected VerifyTokenResponse |
getVerifyTokenResponse(String accessToken,
javax.servlet.http.HttpServletResponse response) |
void |
init(javax.servlet.FilterConfig filterConfig) |
protected void |
sendError(javax.servlet.http.HttpServletResponse response,
int statusCode,
String reason) |
void |
setAuthorizationServerUrl(String authorizationServerUrl) |
void |
setResourceServerKey(String resourceServerKey) |
void |
setResourceServerSecret(String resourceServerSecret) |
public static final String VERIFY_TOKEN_RESPONSE
public void init(javax.servlet.FilterConfig filterConfig)
throws javax.servlet.ServletException
init in interface javax.servlet.Filterjavax.servlet.ServletExceptionprotected org.codehaus.jackson.map.ObjectMapper createObjectMapper()
protected com.sun.jersey.api.client.Client createClient()
protected com.google.common.cache.Cache<String,VerifyTokenResponse> buildCache(boolean recordStats)
public void doFilter(javax.servlet.ServletRequest servletRequest,
javax.servlet.ServletResponse servletResponse,
javax.servlet.FilterChain chain)
throws IOException,
javax.servlet.ServletException
doFilter in interface javax.servlet.FilterIOExceptionjavax.servlet.ServletExceptionprotected VerifyTokenResponse getVerifyTokenResponse(String accessToken, javax.servlet.http.HttpServletResponse response)
protected void sendError(javax.servlet.http.HttpServletResponse response,
int statusCode,
String reason)
protected boolean cacheAccessTokens()
public void destroy()
destroy in interface javax.servlet.Filterpublic com.google.common.cache.Cache<String,VerifyTokenResponse> getCache()
public void setAuthorizationServerUrl(String authorizationServerUrl)
public void setResourceServerSecret(String resourceServerSecret)
public void setResourceServerKey(String resourceServerKey)
Copyright © 2012 SURFnet bv, The Netherlands. All Rights Reserved.