org.restlet.ext.oauth
Class OAuthAuthorizer

java.lang.Object
  extended by org.restlet.Restlet
      extended by org.restlet.routing.Filter
          extended by org.restlet.security.Authorizer
              extended by org.restlet.security.RoleAuthorizer
                  extended by org.restlet.ext.oauth.OAuthAuthorizer
All Implemented Interfaces:
Uniform

public class OAuthAuthorizer
extends RoleAuthorizer

Authorizer for OAuth 2.0 protection of REST resources. Can be deployed outside the Authorization Server Restlet application. A Validation resource must be started and mapped in the auth server. In addition to the normal operation of a RoleAuthorizer the OAuthAuthorizer can authorize roles per request by setting a Request Attribute (defaults to DEFAULT_ROLE_ATTRIBUTE) with a Role[]. If that is present it will authorize those Roles instead of the global roles for the Authorizer. The OAuthAuthorizer also allows for authorizing against a specific owner - a person who has issued a token. The token provided to the authorizer will then be validated against that owner. The owner is also specified as request attribute (defaults to DEFAULT_OWNER_ATTRIBUTE) Example invocation:

 {
      @code
      public Restlet createInboundRoot(){
              ...
              OAuthAuthorizer auth = new OAuthAuthorizer(
              "http://localhost:8080/OAuth2Provider/validate");
              auth.setNext(ProtectedResource.class);
              router.attach("/me", auth);
              ...
      }
      
      //Set up an OAuthAuthorizer for SSL (can be set using global properties as well)
      public Restlet createInboundRoot(){
              ...
              Client client = new Client(Protocol.HTTPS);
              Context c = new Context();
              client.setContext(c);
              c.getParameters().add("truststorePath", "pathToKeyStoreFile");
                 c.getParameters(0.add("truststorePassword", "password");
              OAuthAuthorizer auth = new OAuthAuthorizer(
                      "https://path/to/validate", client);
              ...
      }
      
      //Set up an OAuthAuthorizer that validates owner as well
      public Restlet createInboundRoot(){
              ...
              OAuthAuthorizer auth = new OAuthAuthorizer(
              "http://localhost:8080/OAuth2Provider/validate");
              auth.setNext(ProtectedResource.class);
              router.attach("/{"+DEFAULT_OWNER_ATTRIBUTE+"}", auth);
              ...
      }
 }

Author:
Kristoffer Gronowski
See Also:
ValidationServerResource

Field Summary
protected  Client client
           
static String DEFAULT_OWNER_ATTRIBUTE
           
static String DEFAULT_ROLE_ATTRIBUTE
           
protected  Reference validateRef
           
 
Fields inherited from class org.restlet.security.Authorizer
ALWAYS, AUTHENTICATED, NEVER
 
Fields inherited from class org.restlet.routing.Filter
CONTINUE, SKIP, STOP
 
Constructor Summary
protected OAuthAuthorizer()
          Default constructor.
  OAuthAuthorizer(Reference validationRef)
          Sets up an OAuthAuthorizer
  OAuthAuthorizer(Reference validationRef, Client requestClient)
          Sets up a OAuthAuthorizer.
  OAuthAuthorizer(String validationRef)
          Sets up an OAuthAuthorizer
  OAuthAuthorizer(String validationRef, boolean local, Client requestClient)
          Set up an OAuthAuthorizer.
  OAuthAuthorizer(String validationRef, boolean local, Client requestClient, String ownerAttr, String roleAttr)
          Set up an OAuthAuthorizer.
  OAuthAuthorizer(String validationRef, Client requestClient)
          Set up an OAuthAuthorizer.
 
Method Summary
 boolean authorize(Request req, Response resp)
           
protected  int unauthorized(Request request, Response response)
           
 
Methods inherited from class org.restlet.security.RoleAuthorizer
getAuthorizedRoles, getForbiddenRoles, setAuthorizedRoles, setForbiddenRoles
 
Methods inherited from class org.restlet.security.Authorizer
authorized, beforeHandle, getIdentifier, setIdentifier
 
Methods inherited from class org.restlet.routing.Filter
afterHandle, doHandle, getNext, handle, hasNext, setNext, setNext, start, stop
 
Methods inherited from class org.restlet.Restlet
createFinder, finalize, getApplication, getAuthor, getContext, getDescription, getFinderClass, getLogger, getName, getOwner, handle, handle, handle, isStarted, isStopped, setAuthor, setContext, setDescription, setFinderClass, setName, setOwner
 
Methods inherited from class java.lang.Object
clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

validateRef

protected final Reference validateRef

client

protected final Client client

DEFAULT_OWNER_ATTRIBUTE

public static String DEFAULT_OWNER_ATTRIBUTE

DEFAULT_ROLE_ATTRIBUTE

public static String DEFAULT_ROLE_ATTRIBUTE
Constructor Detail

OAuthAuthorizer

protected OAuthAuthorizer()
Default constructor.


OAuthAuthorizer

public OAuthAuthorizer(Reference validationRef)
Sets up an OAuthAuthorizer

Parameters:
validationRef - The validation URI referencing the auth server validation resource.

OAuthAuthorizer

public OAuthAuthorizer(Reference validationRef,
                       Client requestClient)
Sets up a OAuthAuthorizer.

Parameters:
validationRef - The validation URI referencing the auth server validation resource.
requestClient - A predefined client that will be used for remote client request. Useful when you need to set e.g. SSL initialization parameters

OAuthAuthorizer

public OAuthAuthorizer(String validationRef)
Sets up an OAuthAuthorizer

Parameters:
validationRef - The validation URI referencing the auth server validation resource.

OAuthAuthorizer

public OAuthAuthorizer(String validationRef,
                       boolean local,
                       Client requestClient)
Set up an OAuthAuthorizer.

Parameters:
validationRef - The validation URI referencing the auth server validation resource.
local - If local is set to true "riap://application" will appended to the validationRef
requestClient - A predefined client that will be used for remote client request. Useful when you need to set e.g. SSL initialization parameters (not needed for e.g. local)

OAuthAuthorizer

public OAuthAuthorizer(String validationRef,
                       boolean local,
                       Client requestClient,
                       String ownerAttr,
                       String roleAttr)
Set up an OAuthAuthorizer.

Parameters:
validationRef - The validation URI referencing the auth server validation resource.
local - If local is set to true "riap://application" will appended to the validationRef
requestClient - A predefined client that will be used for remote client request. Useful when you need to set e.g. SSL initialization parameters (not needed for e.g. local)
ownerAttr - To dynamically authorize against a specific this Authorizer search for this request attribute. If null it will be set to DEFAULT_OWNER_ATTRIBUTE
roleAttr - To dynamically authorize against specific roles this Authorizer search for this request attribute. If null it will be set to DEFAULT_ROLE_ATTRIBUTE. Any dynamic roles will have precedence over default roles for this authorizer

OAuthAuthorizer

public OAuthAuthorizer(String validationRef,
                       Client requestClient)
Set up an OAuthAuthorizer.

Parameters:
validationRef - The validation URI referencing the auth server validation resource.
requestClient - A predefined client that will be used for remote client request. Useful when you need to set e.g. SSL initialization parameters (not needed for e.g. local)
Method Detail

authorize

public boolean authorize(Request req,
                         Response resp)
Overrides:
authorize in class RoleAuthorizer

unauthorized

protected int unauthorized(Request request,
                           Response response)
Overrides:
unauthorized in class Authorizer


Copyright © 2005-2013 Restlet.