org.surfnet.oaaas.noop

Class NoopUserConsentHandler

java.lang.Object

org.surfnet.oaaas.auth.AbstractFilter

org.surfnet.oaaas.auth.AbstractUserConsentHandler

org.surfnet.oaaas.noop.NoopUserConsentHandler

All Implemented Interfaces:

javax.servlet.Filter

public class NoopUserConsentHandler
extends AbstractUserConsentHandler

A noop implementation of AbstractUserConsentHandler that contains no consent handling but only fulfills the contract of the UserConsentFilter. Useful for testing and demonstration purposes only, of course not safe for production.

Field Summary

Fields inherited from class org.surfnet.oaaas.auth.AbstractUserConsentHandler

CLIENT, GRANTED_SCOPES

Fields inherited from class org.surfnet.oaaas.auth.AbstractFilter

AUTH_STATE, RETURN_URI

Constructor Summary

Constructors

Constructor and Description
NoopUserConsentHandler()

Method Summary

Methods

Modifier and Type	Method and Description
void	handleUserConsent(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain, String authStateValue, String returnUri, Client client) Implement this method to perform the actual authentication.

Methods inherited from class org.surfnet.oaaas.auth.AbstractUserConsentHandler

destroy, doFilter, getClient, init, setGrantedScopes

Methods inherited from class org.surfnet.oaaas.auth.AbstractFilter

getAuthStateValue, getReturnUri, setAuthStateValue

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

NoopUserConsentHandler

public NoopUserConsentHandler()

Method Detail

handleUserConsent

public void handleUserConsent(javax.servlet.http.HttpServletRequest request,
                     javax.servlet.http.HttpServletResponse response,
                     javax.servlet.FilterChain chain,
                     String authStateValue,
                     String returnUri,
                     Client client)
                       throws IOException,
                              javax.servlet.ServletException

Description copied from class: AbstractUserConsentHandler

Implement this method to perform the actual authentication. Use FormUserConsentHandler as an example. In general, the contract is:

assert that the user has granted consent. You can use the request and response for this. When not yet granted consent:

• use AbstractFilter.getAuthStateValue(javax.servlet.ServletRequest) to pass-around for user agent communication
• use AbstractFilter.getReturnUri(javax.servlet.ServletRequest) if you need to step out and return to the current location
• use AbstractUserConsentHandler.getClient(javax.servlet.ServletRequest) for accessing the Client data

When consent granted:

• set the authState attribute, by calling AbstractFilter.setAuthStateValue(javax.servlet.ServletRequest, String)
• set the scopes (optional) the user has given consent for, by calling #setScopes
• call chain.doFilter(request, response) to let the flow continue..

Specified by:

handleUserConsent in class AbstractUserConsentHandler

Parameters:

request - the ServletRequest

response - the ServletResponse

chain - the original http servlet filter chain

authStateValue - the authState nonce to set back on the ServletRequest when done

returnUri - the startpoint of the chain if you want to return from a form or other (external) component

client - the Client wished to obtain an access token

Throws:

IOException

javax.servlet.ServletException