NoopUserConsentHandler (API Secure - authorization server 1.2.3 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.surfnet.oaaas.noop
Class NoopUserConsentHandler

java.lang.Object
  org.surfnet.oaaas.auth.AbstractFilter
      org.surfnet.oaaas.auth.AbstractUserConsentHandler
          org.surfnet.oaaas.noop.NoopUserConsentHandler

All Implemented Interfaces:: javax.servlet.Filter

public class NoopUserConsentHandler
extends AbstractUserConsentHandler
extends AbstractUserConsentHandler

A noop implementation of AbstractUserConsentHandler that contains no consent handling but only fulfills the contract of the UserConsentFilter. Useful for testing and demonstration purposes only, of course not safe for production.

Field Summary

Fields inherited from class org.surfnet.oaaas.auth.AbstractUserConsentHandler
`CLIENT, GRANTED_SCOPES`

Fields inherited from class org.surfnet.oaaas.auth.AbstractFilter
`AUTH_STATE, RETURN_URI`

Constructor Summary
`NoopUserConsentHandler()`

Method Summary
`void`	`handleUserConsent(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain, String authStateValue, String returnUri, Client client)` Implement this method to perform the actual authentication.

Methods inherited from class org.surfnet.oaaas.auth.AbstractUserConsentHandler
`destroy, doFilter, getClient, init, setGrantedScopes`

Methods inherited from class org.surfnet.oaaas.auth.AbstractFilter
`getAuthStateValue, getReturnUri, setAuthStateValue`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

NoopUserConsentHandler

public NoopUserConsentHandler()

Method Detail

handleUserConsent

public void handleUserConsent(javax.servlet.http.HttpServletRequest request,
                              javax.servlet.http.HttpServletResponse response,
                              javax.servlet.FilterChain chain,
                              String authStateValue,
                              String returnUri,
                              Client client)
                       throws IOException,
                              javax.servlet.ServletException

Description copied from class: AbstractUserConsentHandler

Implement this method to perform the actual authentication. Use FormUserConsentHandler as an example. In general, the contract is:

assert that the user has granted consent. You can use the request and response for this. When not yet granted consent:

use AbstractFilter.getAuthStateValue(javax.servlet.ServletRequest) to pass-around for user agent communication
use AbstractFilter.getReturnUri(javax.servlet.ServletRequest) if you need to step out and return to the current location
use AbstractUserConsentHandler.getClient(javax.servlet.ServletRequest) for accessing the Client data

When consent granted:

set the authState attribute, by calling AbstractFilter.setAuthStateValue(javax.servlet.ServletRequest, String)
set the scopes (optional) the user has given consent for, by calling #setScopes
call chain.doFilter(request, response) to let the flow continue..

Specified by:: handleUserConsent in class AbstractUserConsentHandler

Parameters:: request - the ServletRequest; response - the ServletResponse; chain - the original http servlet filter chain; authStateValue - the authState nonce to set back on the ServletRequest when done; returnUri - the startpoint of the chain if you want to return from a form or other (external) component; client - the Client wished to obtain an access token
Throws:: IOException; javax.servlet.ServletException