public class ResourceServerFilter extends Object implements Filter
Request
that contains an OAuth 2.0 access token. This filter expects an OAuth 2.0 token to be available in the HTTP Authorization header:
Authorization: Bearer 1fc0e143-f248-4e50-9c13-1d710360cec9
It extracts the token and validate it against a token info endpoint using the provided ResourceAccess
.
The provided ResourceAccess
must provides the scopes required by the
AccessTokenInfo
to access the protected resource.
Once the AccessTokenInfo
is validated, it is stored in an OAuth2Context
instance
which is forwarded with the Request
to the next Handler
.
The AccessTokenInfo
could be retrieve in downstream handlers with OAuth2Context.getAccessToken()
.
The realm constructor attribute specifies the name of the realm used in the authentication challenges returned back to the client in case of errors.
Constructor and Description |
---|
ResourceServerFilter(AccessTokenResolver resolver,
TimeService time,
ResourceAccess resourceAccess,
String realm)
Creates a new
OAuth2Filter . |
Modifier and Type | Method and Description |
---|---|
Promise<Response,NeverThrowsException> |
filter(Context context,
Request request,
Handler next)
Filters the request and/or response of an exchange.
|
public ResourceServerFilter(AccessTokenResolver resolver, TimeService time, ResourceAccess resourceAccess, String realm)
OAuth2Filter
.resolver
- A AccessTokenResolver
instance.time
- A TimeService
instance used to check if token is expired or not.resourceAccess
- A ResourceAccess
instance.realm
- Name of the realm (used in authentication challenge returned in case of error).public Promise<Response,NeverThrowsException> filter(Context context, Request request, Handler next)
Filter
next.handle(context, request)
.
This method may elect not to pass the request to the next filter or
handler, and instead handle the request itself. It can achieve this by
merely avoiding a call to next.handle(context, request)
and creating its own response object. The filter is also at liberty to
replace a response with another of its own by intercepting the response
returned by the next handler.
Copyright © 2010-2020, ForgeRock All Rights Reserved.