com.sun.jersey.oauth.server.api
Class OAuthServerFilter

java.lang.Object
  extended by com.sun.jersey.oauth.server.api.OAuthServerFilter
All Implemented Interfaces:
ContainerRequestFilter

public class OAuthServerFilter
extends java.lang.Object
implements ContainerRequestFilter

OAuth request filter that filters all requests indicating in the Authorization header they use OAuth. Checks if the incoming requests are properly authenticated and populates the security context with the corresponding user principal and roles.

When an application is deployed as a Servlet or Filter this Jersey filter can be registered using the following initialization parameters:

 <init-param>
     <param-name>com.sun.jersey.spi.container.ContainerRequestFilters</param-name>
     <param-value>com.sun.jersey.oauth.server.api.OAuthServerFilter</param-value>
 </init-param>
 

This filter requires an implementation of OAuthProvider interface to be included in the list of providers of the application (e.g. by annotating it using the Provider annotation and having it on the scanning classpath).

The constants in this class indicate how you can parameterize this filter. E.g. when an application is deployed as a Servlet or Filter you can set the path patern to be ignored by this filter using the following initialization parameter:

 <init-param>
     <param-name>com.sun.jersey.config.property.oauth.ignorePathPattern</param-name>
     <param-value>/login</param-value>
 </init-param>
 

Author:
Paul C. Bryan , Martin Matula

Field Summary
static java.lang.String FEATURE_NO_FAIL
          If set to true makes the correct OAuth authentication optional - i.e.
static java.lang.String PROPERTY_GC_PERIOD
          Property that can be set to frequency of collecting nonces exceeding max.
static java.lang.String PROPERTY_IGNORE_PATH_PATTERN
          Property that can be set to a regular expression used to match the path (relative to the base URI) this filter should not be applied to.
static java.lang.String PROPERTY_MAX_AGE
          Can be set to max.
static java.lang.String PROPERTY_REALM
          OAuth realm.
 
Constructor Summary
OAuthServerFilter(ResourceConfig rc, OAuthProvider provider)
           
 
Method Summary
 ContainerRequest filter(ContainerRequest request)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

PROPERTY_REALM

public static final java.lang.String PROPERTY_REALM
OAuth realm. Default is set to "default".

See Also:
Constant Field Values

PROPERTY_IGNORE_PATH_PATTERN

public static final java.lang.String PROPERTY_IGNORE_PATH_PATTERN
Property that can be set to a regular expression used to match the path (relative to the base URI) this filter should not be applied to.

See Also:
Constant Field Values

PROPERTY_MAX_AGE

public static final java.lang.String PROPERTY_MAX_AGE
Can be set to max. age (in milliseconds) of nonces that should be tracked (default = 300000 ms = 5 min).

See Also:
Constant Field Values

PROPERTY_GC_PERIOD

public static final java.lang.String PROPERTY_GC_PERIOD
Property that can be set to frequency of collecting nonces exceeding max. age (default = 100 = every 100 requests).

See Also:
Constant Field Values

FEATURE_NO_FAIL

public static final java.lang.String FEATURE_NO_FAIL
If set to true makes the correct OAuth authentication optional - i.e. instead of returning the appropriate status code (Response.Status#BAD_REQUEST or Response.Status#UNAUTHORIZED) the filter will ignore this request (as if it was not authenticated) and let the web application deal with it.

See Also:
Constant Field Values
Constructor Detail

OAuthServerFilter

public OAuthServerFilter(@Context
                         ResourceConfig rc,
                         @Context
                         OAuthProvider provider)
Method Detail

filter

public ContainerRequest filter(ContainerRequest request)
Specified by:
filter in interface ContainerRequestFilter


Copyright © 2014 Oracle Corporation. All Rights Reserved.