Class GenericOAuth2Filter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
com.erudika.para.server.security.filters.GenericOAuth2Filter
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
public class GenericOAuth2Filter extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
A filter that handles authentication requests to a generic OAuth 2.0 identity server.
Author:
Alex Bogdanovski [[email protected]]

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    OAUTH2_ACTION
    The default filter mapping.
    static final String
    OAUTH2_SECOND_ACTION
    Second filter mapping.
    static final String
    OAUTH2_THIRD_ACTION
    Third filter mapping.

  • Constructor Summary

    Constructors
    Constructor
    Description
    GenericOAuth2Filter(String defaultFilterProcessesUrl)
    Default constructor.

  • Method Summary

    Modifier and Type
    Method
    Description
    org.springframework.security.core.Authentication
    attemptAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
    Handles an authentication request.
    UserAuthentication
    getOrCreateUser(com.erudika.para.core.App app, String accessToken)
    Calls an external API to get the user profile using a given access token.
    UserAuthentication
    getOrCreateUser(com.erudika.para.core.App app, String accessToken, String alias)
    Calls an external API to get the user profile using a given access token.
    boolean
    isAccessTokenDelegationEnabled(com.erudika.para.core.App app, com.erudika.para.core.User user)
    If true, access tokens from the IDP are stored inside the user object and sent back to IDP for validation.
    boolean
    isValidAccessToken(com.erudika.para.core.App app, com.erudika.para.core.User user)
    Validates the access token against the IDP server.

    Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

    afterPropertiesSet, doFilter, getRememberMeServices, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationConverter, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSecurityContextHolderStrategy, setSecurityContextRepository, setSessionAuthenticationStrategy

    Methods inherited from class org.springframework.web.filter.GenericFilterBean

    destroy, getEnvironment, getFilterConfig, init, setBeanName, setEnvironment, setServletContext

    Methods inherited from class java.lang.Object

    equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

  • Constructor Details

    • GenericOAuth2Filter

      public GenericOAuth2Filter(String defaultFilterProcessesUrl)
      Default constructor.
      Parameters:
      defaultFilterProcessesUrl - the url of the filter

  • Method Details

    • attemptAuthentication

      public org.springframework.security.core.Authentication attemptAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException
      Handles an authentication request.
      Overrides:
      attemptAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
      Parameters:
      request - HTTP request
      response - HTTP response
      Returns:
      an authentication object that contains the principal object if successful.
      Throws:
      IOException - ex

    • getOrCreateUser

      public UserAuthentication getOrCreateUser(com.erudika.para.core.App app, String accessToken) throws IOException
      Calls an external API to get the user profile using a given access token.
      Parameters:
      app - the app where the user will be created, use null for root app
      accessToken - access token
      Returns:
      UserAuthentication object or null if something went wrong
      Throws:
      IOException - ex if connection fails

    • getOrCreateUser

      public UserAuthentication getOrCreateUser(com.erudika.para.core.App app, String accessToken, String alias) throws IOException
      Calls an external API to get the user profile using a given access token.
      Parameters:
      app - the app where the user will be created, use null for root app
      accessToken - access token
      alias - alias
      Returns:
      UserAuthentication object or null if something went wrong
      Throws:
      IOException - ex if connection fails

    • isAccessTokenDelegationEnabled

      public boolean isAccessTokenDelegationEnabled(com.erudika.para.core.App app, com.erudika.para.core.User user)
      If true, access tokens from the IDP are stored inside the user object and sent back to IDP for validation.
      Parameters:
      app - an app object
      user - user
      Returns:
      false by default

    • isValidAccessToken

      public boolean isValidAccessToken(com.erudika.para.core.App app, com.erudika.para.core.User user)
      Validates the access token against the IDP server.
      Parameters:
      app - an app object
      user - the user object holding the tokens
      Returns:
      true if access token is valid