AuthorizationRequestHandlerSpiAdapter (com.authlete:authlete-java-jaxrs 1.3 API)

java.lang.Object
- com.authlete.jaxrs.spi.AuthorizationRequestHandlerSpiAdapter

All Implemented Interfaces:

AuthorizationRequestHandlerSpi
```
public class AuthorizationRequestHandlerSpiAdapter
extends Object
implements AuthorizationRequestHandlerSpi
```
Empty implementation of AuthorizationRequestHandlerSpi interface.
If you have no mind to support prompt=none (3.1.2.1. Authentication Request in OpenID Connect Core 1.0), methods you must override are only generateAuthorizationPage(AuthorizationResponse).

Author:

Takahiko Kawasaki

Constructor Summary

Constructors
Constructor and Description

AuthorizationRequestHandlerSpiAdapter()

Constructors
Constructor and Description
`AuthorizationRequestHandlerSpiAdapter()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`javax.ws.rs.core.Response`	`generateAuthorizationPage(com.authlete.common.dto.AuthorizationResponse info)` Generate an authorization page (HTML) to ask an end-user whether to accept or deny an authorization request by a client application.
`String`	`getAcr()` Get the authentication context class reference (ACR) that was satisfied when the current end-user was authenticated.
`com.authlete.common.dto.Property[]`	`getProperties()` Get extra properties to associate with an access token and/or an authorization code.
`long`	`getUserAuthenticatedAt()` Get the time when the current end-user was authenticated in milliseconds since Unix epoch (1970-01-01).
`String`	`getUserSubject()` Get the subject (= unique identifier) of the current end-user.
`boolean`	`isUserAuthenticated()` Check whether an end-user has already logged in or not.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - AuthorizationRequestHandlerSpiAdapter
```
public AuthorizationRequestHandlerSpiAdapter()
```
- Method Detail
  - isUserAuthenticated
```
public boolean isUserAuthenticated()
```
    Description copied from interface: AuthorizationRequestHandlerSpi
    Check whether an end-user has already logged in or not.
    This method is called only when an authorization request comes with prompt=none. Therefore, if you have no mind to support prompt=none, always return false. See 3.1.2.1. Authentication Request in OpenID Connect Core 1.0 for details about prompt=none.
    
    Below is an example implementation using Apache Shiro.
    @Override public boolean isUserAuthenticated() { return SecurityUtils.getSubject().isAuthenticated(); }
    Specified by:
    
    isUserAuthenticated in interface AuthorizationRequestHandlerSpi
    
    Returns:
    
    true if an end-user has already logged in. Otherwise, false. When false is returned, the client application will receive error=login_required.
  - getUserAuthenticatedAt
```
public long getUserAuthenticatedAt()
```
    Description copied from interface: AuthorizationRequestHandlerSpi
    Get the time when the current end-user was authenticated in milliseconds since Unix epoch (1970-01-01).
    The value is used to check whether the elapsed time since the last authentication has exceeded the maximum authentication age or not. See max_age in "3.1.2.1. Authentication Request" in OpenID Connect Core 1.0, and default_max_age in "2. Client Metadata" in OpenID Connect Dynamic Client Registration 1.0 for details.
    
    This method is called only when an authorization request comes with prompt=none. Therefore, if you have no mind to support prompt=none, always return 0. See 3.1.2.1. Authentication Request in OpenID Connect Core 1.0 for details about prompt=none.
    
    Below is an example implementation using Apache Shiro.
    @Override public long getUserAuthenticatedAt() { Session session = SecurityUtils.getSubject().getSession(false); if (session == null) { return 0; } return session.getStartTimestamp().getTime(); }
    Specified by:
    
    getUserAuthenticatedAt in interface AuthorizationRequestHandlerSpi
    
    Returns:
    
    The time when the end-user was authenticated in milliseconds since Unix epoch (1970-01-01).
  - getUserSubject
```
public String getUserSubject()
```
    Description copied from interface: AuthorizationRequestHandlerSpi
    Get the subject (= unique identifier) of the current end-user. It must consist of only ASCII letters and its length must not exceed 100.
    This method is called only when an authorization request comes with prompt=none. Therefore, if you have no mind to support prompt=none, always return null. See 3.1.2.1. Authentication Request in OpenID Connect Core 1.0 for details about prompt=none.
    
    Below is an example implementation using Apache Shiro.
    @Override public long getUserAuthenticatedAt() { return (String)SecurityUtils.getSubject().getPrincipal(); }
    Specified by:
    
    getUserSubject in interface AuthorizationRequestHandlerSpi
    
    Returns:
    
    The subject (= unique identifier) of the current end-user.
  - getAcr
```
public String getAcr()
```
    Description copied from interface: AuthorizationRequestHandlerSpi
    
    Get the authentication context class reference (ACR) that was satisfied when the current end-user was authenticated.
    The value returned by this method has an important meaning only when an authorization requests acr claim as an essential claim. Practically speaking, it is unlikely to happen. See "5.5.1.1. Requesting the "acr" Claim" in OpenID Connect Core 1.0 if you are interested in the details.
    
    This method is called only when an authorization request comes with prompt=none. Therefore, if you have no mind to support prompt=none, always return null. See 3.1.2.1. Authentication Request in OpenID Connect Core 1.0 for details about prompt=none.
    
    If you don't know what ACR is, return null.
    
    Specified by:
    
    getAcr in interface AuthorizationRequestHandlerSpi
    
    Returns:
    
    The authentication context class reference (ACR) that was satisfied when the current end-user was authenticated.
  - generateAuthorizationPage
```
public javax.ws.rs.core.Response generateAuthorizationPage(com.authlete.common.dto.AuthorizationResponse info)
```
    Description copied from interface: AuthorizationRequestHandlerSpi
    
    Generate an authorization page (HTML) to ask an end-user whether to accept or deny an authorization request by a client application.
    Key information that should be displayed in an authorization page is stored in the info object. For example, the name of the client application can be obtained by calling info.getClient().getClientName() method. Likewise, requested scopes can be obtained as an array of Scope objects by calling info.getScopes() method.
    
    In an authorization page, an end-user will finally decide either to grant authorization to the client application or to reject the authorization request. The authorization server should receive the decision and call handle() method.
    
    Specified by:
    
    generateAuthorizationPage in interface AuthorizationRequestHandlerSpi
    
    Parameters:
    
    info - A response from Authlete's /api/auth/authorization API. Key information that should be displayed in an authorization page is stored in the object.
    
    Returns:
    
    A response to show an authorization page.
  - getProperties
```
public com.authlete.common.dto.Property[] getProperties()
```
    Description copied from interface: AuthorizationRequestHandlerSpi
    Get extra properties to associate with an access token and/or an authorization code.
    This method is expected to return an array of extra properties. The following is an example that returns an array containing one extra property.
```
 @Override
 public Property[] getProperties()
 {
     return new Property[] {
         new Property("example_parameter", "example_value")
     };
 }
```
    Extra properties returned from this method will appear as top-level entries in a JSON response from an authorization server as shown in 5.1. Successful Response in RFC 6749.
    
    Keys listed below should not be used and they would be ignored on the server side even if they were used. It's because they are reserved in RFC 6749 and OpenID Connect Core 1.0.
    - access_token
    - token_type
    - expires_in
    - refresh_token
    - scope
    - error
    - error_description
    - error_uri
    - id_token
    Note that there is an upper limit on the total size of extra properties. On the server side, the properties will be (1) converted to a multidimensional string array, (2) converted to JSON, (3) encrypted by AES/CBC/PKCS5Padding, (4) encoded by base64url, and then stored into the database. The length of the resultant string must not exceed 65,535 in bytes. This is the upper limit, but we think it is big enough.
    
    This method is called only when an authorization request comes with prompt=none. Therefore, if you have no mind to support prompt=none, always return null. See 3.1.2.1. Authentication Request in OpenID Connect Core 1.0 for details about prompt=none.
    Specified by:
    
    getProperties in interface AuthorizationRequestHandlerSpi
    
    Returns:
    
    Extra properties. If null is returned, any extra property will not be associated.

Class AuthorizationRequestHandlerSpiAdapter

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

AuthorizationRequestHandlerSpiAdapter

Method Detail

isUserAuthenticated

getUserAuthenticatedAt

getUserSubject

getAcr

generateAuthorizationPage

getProperties