org.restlet.ext.oauth
Class AuthPageServerResource

java.lang.Object
  extended by org.restlet.resource.Resource
      extended by org.restlet.resource.UniformResource
          extended by org.restlet.resource.ServerResource
              extended by org.restlet.ext.oauth.OAuthServerResource
                  extended by org.restlet.ext.oauth.AuthPageServerResource

public class AuthPageServerResource
extends OAuthServerResource

Helper class to the AuhorizationResource Handles Authorization requests. By default it will accept all scopes requested. To intercept and allow a user to control authorization you should set the OAuthHelper.setAuthPageTemplate parameter. It should contain a static HTML page or a FreeMarker page that will be loaded with the CLAP protocol straight from root. Example. Add an AuthPageResource to your inbound root.

 {
      @code
      public Restlet createInboundRoot(){
              ...
              root.attach(OAuthHelper.getAuthPage(getContext()), AuthPageServerResource.class);
              //Set Template for AuthPage:
              OAuthHelper.setAuthPageTemplate("authorize.html", getContext());
              //Dont ask for approval if previously approved
              OAuthHelper.setAuthSkipApproved(true, getContext());
              ...
      }
      
 }
 
The FreeMarker data model looks like the following
 {
     @code
     HashMap<String, Object> data = new HashMap<String, Object>();
     data.put("target", "/oauth/auth_page");
     data.put("clientId", clientId);
     data.put("clientDescription", client.toString());
     data.put("clientCallback", client.getRedirectUri());
     data.put("clientName", client.getApplicationName());
     data.put("requestingScopes", scopes);
     data.put("grantedScopes", previousScopes);
 }
 
Below is an example of a simple FreeMarker page for authorization
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
 <link rel="stylesheet" href="resources/style.css" type="text/css" media="screen"
   charset="utf-8">
 <title>OAuth2 Authorization Server</title>
 </head>
 <body>
   <div id="container">
    <div id="header">
      <h2>OAuth authorization page</h2>
      <section id="intro">
         <h2>Application requesting scope</h2>
         <p>Client ClientId = ${clientId} CB = ${clientDescription} wants to get access to your information.</p>
       </section>
     </div>
     <aside>
     <form action="${target}" method="get">
    <h4>The following private info is requested</h4>
 
     <#list requestingScopes as r> <input type="checkbox" name="scope" value="${r}" checked />
       <b>${r}</b><br/>
     </#list> 
     <#if grantedScopes?has_content>
       <hr />
       <h4>Previously approved scopes</h4>
       <#list grantedScopes as g> <input type="checkbox" name="scope" value="${g}" checked />
         <b>${g}</b><br/>
       </#list>
     </#if>
     <br/>
     <input type="submit" name="action" value="Reject"/>
     <input type="submit" name="action" value="Accept" />
     </form>
     </aside>
     <footer>
       <p class="copyright">Copyright &copy; 2010 Ericsson Inc. All rights reserved.</p>
     </footer>
   </div>
 </body>
 </html>
 
 
should be set in the attributes. It should contain a static HTML page or a FreeMarker page that will be loaded with the CLAP protocol straight from root.

Author:
Kristoffer Gronowski

Field Summary
 
Fields inherited from class org.restlet.ext.oauth.OAuthServerResource
ACCESS_TOKEN, ASSERTION, ASSERTION_TYPE, AUTONOMOUS_USER, CLIENT_ID, CLIENT_SECRET, ClientCookieID, clients, CODE, ERROR, ERROR_DESC, ERROR_URI, EXPIRES_IN, generator, GRANT_TYPE, noCache, noStore, OAUTH_TOKEN, PASSWORD, REDIR_URI, REFRESH_TOKEN, RESPONSE_TYPE, SCOPE, STATE, TOKEN_SERVER_MAX_TIME_SEC, TOKEN_SERVER_TIME_SEC, tokenMaxTimeSec, tokenTimeSec, USERNAME
 
Constructor Summary
AuthPageServerResource()
           
 
Method Summary
protected  Representation getPage(String authPage)
          Helper method if a auth page was present in a context attribute.
protected  void handleAction(String action, String[] scopes)
          Helper method to handle a FORM response.
protected  void sendError(org.restlet.ext.oauth.internal.AuthSession session, OAuthError error, String state, String description, String errorUri)
          Helper method to format error responses according to OAuth2 spec.
 Representation showPage()
          Entry point to the AuthPageResource.
 
Methods inherited from class org.restlet.ext.oauth.OAuthServerResource
doInit, generateAgentToken, generateCode, getParameter, parseScope
 
Methods inherited from class org.restlet.resource.ServerResource
abort, commit, delete, delete, describeVariants, doCatch, doConditionalHandle, doError, doHandle, doHandle, doNegotiatedHandle, get, get, getAttribute, getInfo, getInfo, getOnSent, getPreferredVariant, getVariants, getVariants, handle, hasAnnotations, head, head, isAnnotated, isAutoCommitting, isCommitted, isConditional, isExisting, isInRole, isNegotiated, options, options, post, post, put, put, redirectPermanent, redirectPermanent, redirectSeeOther, redirectSeeOther, redirectTemporary, redirectTemporary, setAllowedMethods, setAnnotated, setAttribute, setAutoCommitting, setChallengeRequests, setCommitted, setConditional, setCookieSettings, setDimensions, setExisting, setLocationRef, setLocationRef, setNegotiated, setOnSent, setProxyChallengeRequests, setServerInfo, setStatus, setStatus, setStatus, setStatus, updateAllowedMethods, updateDimensions
 
Methods inherited from class org.restlet.resource.Resource
doError, doRelease, getAllowedMethods, getApplication, getChallengeRequests, getChallengeResponse, getClientInfo, getConditions, getConnegService, getContext, getConverterService, getCookies, getCookieSettings, getDimensions, getHostRef, getLocationRef, getLogger, getMatrix, getMatrixValue, getMaxForwards, getMetadataService, getMethod, getOriginalRef, getProtocol, getProxyChallengeRequests, getProxyChallengeResponse, getQuery, getQueryValue, getRanges, getReference, getReferrerRef, getRequest, getRequestAttributes, getRequestCacheDirectives, getRequestEntity, getResponse, getResponseAttributes, getResponseCacheDirectives, getResponseEntity, getRootRef, getServerInfo, getStatus, getStatusService, init, isConfidential, isLoggable, release, setApplication, setQueryValue, setRequest, setResponse, toObject, toRepresentation, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

AuthPageServerResource

public AuthPageServerResource()
Method Detail

showPage

@Get(value="html")
public Representation showPage()
Entry point to the AuthPageResource. The AuthorizationResource dispatches the call to this method. Should also be invoked by an eventual HTML page FORM. In the from HTTP GET should be used and a result parameter: action = Accept results in approving requested scope while action = Reject results in a rejection error back to the requestor.

Returns:
HTML page with the graphical policy page

handleAction

protected void handleAction(String action,
                            String[] scopes)
Helper method to handle a FORM response. Returns with setting a 307 with the location header. Token if the token flow was requested or code is included.

Parameters:
action - as interacted by the user.
scopes - the scopes that was approved.

getPage

protected Representation getPage(String authPage)
Helper method if a auth page was present in a context attribute. The Freemarker Data model looks the following : HashMap data = new HashMap(); data.put("target", "/oauth/auth_page"); data.put("clientId", clientId); data.put("clientDescription", client.toString()); data.put("clientCallback", client.getRedirectUri()); data.put("clientName", client.getApplicationName()); data.put("requestingScopes", scopes); data.put("grantedScopes", previousScopes);

Parameters:
authPage - name of the page in class loader context
Returns:
html page representation

sendError

protected void sendError(org.restlet.ext.oauth.internal.AuthSession session,
                         OAuthError error,
                         String state,
                         String description,
                         String errorUri)
Helper method to format error responses according to OAuth2 spec.

Parameters:
session - local server session object
error - code, one of the valid from spec
state - state parameter as presented in the initial auth request
description - any text describing the error
errorUri - uri to a page with more description about the error


Copyright © 2005-2013 Restlet.