com.sun.jersey.oauth.server.api
Class OAuthServerFilter

java.lang.Object
  extended by com.sun.jersey.oauth.server.api.OAuthServerFilter
All Implemented Interfaces:
ContainerRequestFilter

public class OAuthServerFilter
extends Object
implements ContainerRequestFilter

OAuth request filter that filters all requests indicating in the Authorization header they use OAuth. Checks if the incoming requests are properly authenticated and populates the security context with the corresponding user principal and roles.

When an application is deployed as a Servlet or Filter this Jersey filter can be registered using the following initialization parameters:

 <init-param>
     <param-name>com.sun.jersey.spi.container.ContainerRequestFilters</param-name>
     <param-value>com.sun.jersey.oauth.server.api.OAuthServerFilter</param-value>
 </init-param>
 

This filter requires an implementation of OAuthProvider interface to be registered through the PROPERTY_PROVIDER property.

The constants in this class indicate how you can parameterize this filter. E.g. when an application is deployed as a Servlet or Filter you can set the path patern to be ignored by this filter using the following initialization parameter:

 <init-param>
     <param-name>com.sun.jersey.config.property.oauth.ignorePathPattern</param-name>
     <param-value>/login</param-value>
 </init-param>
 

Author:
Paul C. Bryan , Martin Matula

Field Summary
static String FEATURE_NO_FAIL
          If set to true makes the correct OAuth authentication optional - i.e.
static String PROPERTY_GC_PERIOD
          Property that can be set to frequency of collecting nonces exceeding max.
static String PROPERTY_IGNORE_PATH_PATTERN
          Property that can be set to a regular expression used to match the path (relative to the base URI) this filter should not be applied to.
static String PROPERTY_MAX_AGE
          Can be set to max.
static String PROPERTY_PROVIDER
          Mandatory property - class name of the OAuthProvider class.
static String PROPERTY_REALM
          OAuth realm.
 
Constructor Summary
OAuthServerFilter(ResourceConfig rc, OAuthProvider provider)
           
 
Method Summary
 ContainerRequest filter(ContainerRequest request)
          Filter the request.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

PROPERTY_PROVIDER

public static final String PROPERTY_PROVIDER
Mandatory property - class name of the OAuthProvider class.

See Also:
Constant Field Values

PROPERTY_REALM

public static final String PROPERTY_REALM
OAuth realm. Default is set to "default".

See Also:
Constant Field Values

PROPERTY_IGNORE_PATH_PATTERN

public static final String PROPERTY_IGNORE_PATH_PATTERN
Property that can be set to a regular expression used to match the path (relative to the base URI) this filter should not be applied to.

See Also:
Constant Field Values

PROPERTY_MAX_AGE

public static final String PROPERTY_MAX_AGE
Can be set to max. age (in milliseconds) of nonces that should be tracked (default = 300000 ms = 5 min).

See Also:
Constant Field Values

PROPERTY_GC_PERIOD

public static final String PROPERTY_GC_PERIOD
Property that can be set to frequency of collecting nonces exceeding max. age (default = 100 = every 100 requests).

See Also:
Constant Field Values

FEATURE_NO_FAIL

public static final String FEATURE_NO_FAIL
If set to true makes the correct OAuth authentication optional - i.e. instead of returning the appropriate status code (Response.Status#BAD_REQUEST or Response.Status#UNAUTHORIZED) the filter will ignore this request (as if it was not authenticated) and let the web application deal with it.

See Also:
Constant Field Values
Constructor Detail

OAuthServerFilter

public OAuthServerFilter(@Context
                         ResourceConfig rc,
                         @Context
                         OAuthProvider provider)
Method Detail

filter

public ContainerRequest filter(ContainerRequest request)
Description copied from interface: ContainerRequestFilter
Filter the request.

An implementation may modify the state of the request or create a new instance.

Specified by:
filter in interface ContainerRequestFilter
Parameters:
request - the request.
Returns:
the request.


Copyright © 2013 Oracle Corporation. All Rights Reserved.