Module com.erudika.para.server
Class GenericOAuth2Filter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
com.erudika.para.server.security.filters.GenericOAuth2Filter
- All Implemented Interfaces:
javax.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.ApplicationEventPublisherAware
,org.springframework.context.EnvironmentAware
,org.springframework.context.MessageSourceAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
public class GenericOAuth2Filter
extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
A filter that handles authentication requests to a generic OAuth 2.0 identity server.
- Author:
- Alex Bogdanovski [[email protected]]
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.security.core.Authentication
attemptAuthentication
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Handles an authentication request.getOrCreateUser
(App app, String accessToken) Calls an external API to get the user profile using a given access token.getOrCreateUser
(App app, String accessToken, String alias) Calls an external API to get the user profile using a given access token.boolean
isAccessTokenDelegationEnabled
(App app, User user) If true, access tokens from the IDP are stored inside the user object and sent back to IDP for validation.boolean
isValidAccessToken
(App app, User user) Validates the access token against the IDP server.Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
afterPropertiesSet, doFilter, getRememberMeServices, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSecurityContextHolderStrategy, setSecurityContextRepository, setSessionAuthenticationStrategy
Methods inherited from class org.springframework.web.filter.GenericFilterBean
destroy, getEnvironment, getFilterConfig, init, setBeanName, setEnvironment, setServletContext
-
Field Details
-
OAUTH2_ACTION
The default filter mapping.- See Also:
-
OAUTH2_SECOND_ACTION
Second filter mapping.- See Also:
-
OAUTH2_THIRD_ACTION
Third filter mapping.- See Also:
-
-
Constructor Details
-
GenericOAuth2Filter
Default constructor.- Parameters:
defaultFilterProcessesUrl
- the url of the filter
-
-
Method Details
-
attemptAuthentication
public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException Handles an authentication request.- Specified by:
attemptAuthentication
in classorg.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- Parameters:
request
- HTTP requestresponse
- HTTP response- Returns:
- an authentication object that contains the principal object if successful.
- Throws:
IOException
- ex
-
getOrCreateUser
Calls an external API to get the user profile using a given access token.- Parameters:
app
- the app where the user will be created, use null for root appaccessToken
- access token- Returns:
UserAuthentication
object or null if something went wrong- Throws:
IOException
- ex if connection fails
-
getOrCreateUser
public UserAuthentication getOrCreateUser(App app, String accessToken, String alias) throws IOException Calls an external API to get the user profile using a given access token.- Parameters:
app
- the app where the user will be created, use null for root appaccessToken
- access tokenalias
- alias- Returns:
UserAuthentication
object or null if something went wrong- Throws:
IOException
- ex if connection fails
-
isAccessTokenDelegationEnabled
If true, access tokens from the IDP are stored inside the user object and sent back to IDP for validation.- Parameters:
app
- an app objectuser
- user- Returns:
- false by default
-
isValidAccessToken
Validates the access token against the IDP server.- Parameters:
app
- an app objectuser
- the user object holding the tokens- Returns:
- true if access token is valid
-