public final class Authorization extends Object
Filter
performing authentication and authorizations.Modifier and Type | Method and Description |
---|---|
static org.forgerock.http.Filter |
newAuthorizationFilter(Iterable<? extends ConditionalFilters.ConditionalFilter> filters)
Creates a new
Filter in charge of injecting an AuthenticatedConnectionContext . |
static ConditionalFilters.ConditionalFilter |
newConditionalDirectConnectionFilter(ConnectionFactory connectionFactory)
Creates a
ConditionalFilters.ConditionalFilter injecting an AuthenticatedConnectionContext with a connection issued
from the given connectionFactory. |
static ConditionalFilters.ConditionalFilter |
newConditionalHttpBasicAuthenticationFilter(AuthenticationStrategy authenticationStrategy,
Function<org.forgerock.http.protocol.Headers,Pair<String,String>,NeverThrowsException> credentialsExtractor)
Creates a new
ConditionalFilters.ConditionalFilter performing authentication. |
static ConditionalFilters.ConditionalFilter |
newConditionalOAuth2ResourceServerFilter(String realm,
Set<String> scopes,
org.forgerock.http.oauth2.AccessTokenResolver resolver,
String authzIdTemplate)
Creates a new optional OAuth2 authorization filter configured with provided parameters.
|
static org.forgerock.http.oauth2.AccessTokenResolver |
newCtsAccessTokenResolver(ConnectionFactory connectionFactory,
String ctsBaseDNTemplate)
Creates a new CTS access token resolver.
|
static org.forgerock.http.oauth2.AccessTokenResolver |
newFileAccessTokenResolver(String tokenFolder)
Creates a new file access token resolver which should only be used for test purpose.
|
static org.forgerock.http.Filter |
newOAuth2ResourceServerFilter(String realm,
Set<String> scopes,
org.forgerock.http.oauth2.AccessTokenResolver resolver,
String authzIdTemplate)
Creates a new OAuth2 authorization filter configured with provided parameters.
|
static org.forgerock.http.Filter |
newProxyAuthorizationFilter(ConnectionFactory connectionFactory)
Creates a filter injecting an
AuthenticatedConnectionContext given the information provided in the
SecurityContext . |
static org.forgerock.http.oauth2.AccessTokenResolver |
newTokenIntrospectionAccessTokenResolver(org.forgerock.http.Handler httpClient,
URI introspectionEndPointURL)
Creates a new RFC 7662 compliant
AccessTokenResolver . |
public static org.forgerock.http.Filter newAuthorizationFilter(Iterable<? extends ConditionalFilters.ConditionalFilter> filters)
Filter
in charge of injecting an AuthenticatedConnectionContext
. This
Filter
tries each of the provided filters until one can apply. If no filter can be applied, the last
filter in the list will be applied allowing it to formulate a valid, implementation specific, error response.filters
- Iterable
of authorization ConditionalFilters
to try. If empty, the returned filter
will always respond with 403 Forbidden.Filter
public static ConditionalFilters.ConditionalFilter newConditionalHttpBasicAuthenticationFilter(AuthenticationStrategy authenticationStrategy, Function<org.forgerock.http.protocol.Headers,Pair<String,String>,NeverThrowsException> credentialsExtractor)
ConditionalFilters.ConditionalFilter
performing authentication. If authentication succeed, it injects a
SecurityContext
with the authenticationId provided by the user. Otherwise, returns a HTTP 401 -
Unauthorized response. The condition of this ConditionalFilters.ConditionalFilter
will return true if the supplied requests
contains credentials information, false otherwise.authenticationStrategy
- AuthenticationStrategy
to validate the user's provided credentials.credentialsExtractor
- Function to extract the credentials from the received request.ConditionalFilters.ConditionalFilter
NullPointerException
- if a parameter is null.public static ConditionalFilters.ConditionalFilter newConditionalDirectConnectionFilter(ConnectionFactory connectionFactory)
ConditionalFilters.ConditionalFilter
injecting an AuthenticatedConnectionContext
with a connection issued
from the given connectionFactory. The condition is always true.connectionFactory
- The factory used to get the Connection
to inject.ConditionalFilters.ConditionalFilter
.NullPointerException
- if connectionFactory is nullpublic static org.forgerock.http.Filter newProxyAuthorizationFilter(ConnectionFactory connectionFactory)
AuthenticatedConnectionContext
given the information provided in the
SecurityContext
. The connection contained in the created AuthenticatedConnectionContext
will add
a ProxiedAuthV2RequestControl
to each LDAP requests.connectionFactory
- The connection factory used to create the connection which will be injected in the
AuthenticatedConnectionContext
NullPointerException
- if connectionFactory is nullpublic static org.forgerock.http.oauth2.AccessTokenResolver newTokenIntrospectionAccessTokenResolver(org.forgerock.http.Handler httpClient, URI introspectionEndPointURL)
AccessTokenResolver
.
httpClient
- Http client handler used to perform the requestintrospectionEndPointURL
- Introspect endpoint URL to use to resolve the access token.AccessTokenResolver
instance.public static org.forgerock.http.oauth2.AccessTokenResolver newCtsAccessTokenResolver(ConnectionFactory connectionFactory, String ctsBaseDNTemplate)
connectionFactory
- The ConnectionFactory
to use to perform search against the CTS.ctsBaseDNTemplate
- The base DN template to use to resolve the access token DN.public static org.forgerock.http.oauth2.AccessTokenResolver newFileAccessTokenResolver(String tokenFolder)
tokenFolder
- The folder where the access token to resolve must be stored.public static org.forgerock.http.Filter newOAuth2ResourceServerFilter(String realm, Set<String> scopes, org.forgerock.http.oauth2.AccessTokenResolver resolver, String authzIdTemplate)
realm
- The realm to displays in error responses.scopes
- Scopes that an access token must have to be access a resource.resolver
- The AccessTokenResolver
to use to resolve an access token.authzIdTemplate
- Authorization ID template.public static ConditionalFilters.ConditionalFilter newConditionalOAuth2ResourceServerFilter(String realm, Set<String> scopes, org.forgerock.http.oauth2.AccessTokenResolver resolver, String authzIdTemplate)
This filter will be used only if an OAuth2 Authorization header is present in the incoming request.
realm
- The realm to displays in error responses.scopes
- Scopes that an access token must have to be access a resource.resolver
- The AccessTokenResolver
to use to resolve an access token.authzIdTemplate
- Authorization ID template.Copyright 2010-2018 ForgeRock AS.