|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.restlet.Restlet
org.restlet.routing.Filter
org.restlet.security.Authorizer
org.restlet.security.RoleAuthorizer
org.restlet.ext.oauth.OAuthAuthorizer
public class OAuthAuthorizer
Authorizer for OAuth 2.0 protection of REST resources. Can be deployed outside the Authorization Server Restlet application. A Validation resource must be started and mapped in the auth server. In addition to the normal operation of a RoleAuthorizer the OAuthAuthorizer can authorize roles per request by setting a Request Attribute (defaults to DEFAULT_ROLE_ATTRIBUTE) with a Role[]. If that is present it will authorize those Roles instead of the global roles for the Authorizer. The OAuthAuthorizer also allows for authorizing against a specific owner - a person who has issued a token. The token provided to the authorizer will then be validated against that owner. The owner is also specified as request attribute (defaults to DEFAULT_OWNER_ATTRIBUTE) Example invocation:
{ @code public Restlet createInboundRoot(){ ... OAuthAuthorizer auth = new OAuthAuthorizer( "http://localhost:8080/OAuth2Provider/validate"); auth.setNext(ProtectedResource.class); router.attach("/me", auth); ... } //Set up an OAuthAuthorizer for SSL (can be set using global properties as well) public Restlet createInboundRoot(){ ... Client client = new Client(Protocol.HTTPS); Context c = new Context(); client.setContext(c); c.getParameters().add("truststorePath", "pathToKeyStoreFile"); c.getParameters(0.add("truststorePassword", "password"); OAuthAuthorizer auth = new OAuthAuthorizer( "https://path/to/validate", client); ... } //Set up an OAuthAuthorizer that validates owner as well public Restlet createInboundRoot(){ ... OAuthAuthorizer auth = new OAuthAuthorizer( "http://localhost:8080/OAuth2Provider/validate"); auth.setNext(ProtectedResource.class); router.attach("/{"+DEFAULT_OWNER_ATTRIBUTE+"}", auth); ... } }
ValidationServerResource
Field Summary | |
---|---|
protected Client |
client
|
static String |
DEFAULT_OWNER_ATTRIBUTE
|
static String |
DEFAULT_ROLE_ATTRIBUTE
|
protected Reference |
validateRef
|
Fields inherited from class org.restlet.security.Authorizer |
---|
ALWAYS, AUTHENTICATED, NEVER |
Fields inherited from class org.restlet.routing.Filter |
---|
CONTINUE, SKIP, STOP |
Constructor Summary | |
---|---|
protected |
OAuthAuthorizer()
Default constructor. |
|
OAuthAuthorizer(Reference validationRef)
Sets up an OAuthAuthorizer |
|
OAuthAuthorizer(Reference validationRef,
Client requestClient)
Sets up a OAuthAuthorizer. |
|
OAuthAuthorizer(String validationRef)
Sets up an OAuthAuthorizer |
|
OAuthAuthorizer(String validationRef,
boolean local,
Client requestClient)
Set up an OAuthAuthorizer. |
|
OAuthAuthorizer(String validationRef,
boolean local,
Client requestClient,
String ownerAttr,
String roleAttr)
Set up an OAuthAuthorizer. |
|
OAuthAuthorizer(String validationRef,
Client requestClient)
Set up an OAuthAuthorizer. |
Method Summary | |
---|---|
boolean |
authorize(Request req,
Response resp)
|
protected int |
unauthorized(Request request,
Response response)
|
Methods inherited from class org.restlet.security.RoleAuthorizer |
---|
getAuthorizedRoles, getForbiddenRoles, setAuthorizedRoles, setForbiddenRoles |
Methods inherited from class org.restlet.security.Authorizer |
---|
authorized, beforeHandle, getIdentifier, setIdentifier |
Methods inherited from class org.restlet.routing.Filter |
---|
afterHandle, doHandle, getNext, handle, hasNext, setNext, setNext, start, stop |
Methods inherited from class org.restlet.Restlet |
---|
createFinder, finalize, getApplication, getAuthor, getContext, getDescription, getFinderClass, getLogger, getName, getOwner, handle, handle, handle, isStarted, isStopped, setAuthor, setContext, setDescription, setFinderClass, setName, setOwner |
Methods inherited from class java.lang.Object |
---|
clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected final Reference validateRef
protected final Client client
public static String DEFAULT_OWNER_ATTRIBUTE
public static String DEFAULT_ROLE_ATTRIBUTE
Constructor Detail |
---|
protected OAuthAuthorizer()
public OAuthAuthorizer(Reference validationRef)
validationRef
- The validation URI referencing the auth server validation
resource.public OAuthAuthorizer(Reference validationRef, Client requestClient)
validationRef
- The validation URI referencing the auth server validation
resource.requestClient
- A predefined client that will be used for remote client
request. Useful when you need to set e.g. SSL initialization
parameterspublic OAuthAuthorizer(String validationRef)
validationRef
- The validation URI referencing the auth server validation
resource.public OAuthAuthorizer(String validationRef, boolean local, Client requestClient)
validationRef
- The validation URI referencing the auth server validation
resource.local
- If local is set to true "riap://application" will appended to
the validationRefrequestClient
- A predefined client that will be used for remote client
request. Useful when you need to set e.g. SSL initialization
parameters (not needed for e.g. local)public OAuthAuthorizer(String validationRef, boolean local, Client requestClient, String ownerAttr, String roleAttr)
validationRef
- The validation URI referencing the auth server validation
resource.local
- If local is set to true "riap://application" will appended to
the validationRefrequestClient
- A predefined client that will be used for remote client
request. Useful when you need to set e.g. SSL initialization
parameters (not needed for e.g. local)ownerAttr
- To dynamically authorize against a specific this Authorizer
search for this request attribute. If null it will be set to
DEFAULT_OWNER_ATTRIBUTEroleAttr
- To dynamically authorize against specific roles this Authorizer
search for this request attribute. If null it will be set to
DEFAULT_ROLE_ATTRIBUTE. Any dynamic roles will have precedence over
default roles for this authorizerpublic OAuthAuthorizer(String validationRef, Client requestClient)
validationRef
- The validation URI referencing the auth server validation
resource.requestClient
- A predefined client that will be used for remote client
request. Useful when you need to set e.g. SSL initialization
parameters (not needed for e.g. local)Method Detail |
---|
public boolean authorize(Request req, Response resp)
authorize
in class RoleAuthorizer
protected int unauthorized(Request request, Response response)
unauthorized
in class Authorizer
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |