public class OAuth2ResourceServerFilterHeaplet extends GenericHeaplet
Request
that contains an OAuth 2.0 access token.
This filter expects an OAuth 2.0 token to be available in the HTTP Authorization header:
Authorization: Bearer 1fc0e143-f248-4e50-9c13-1d710360cec9
It extracts the token and validates it against the specified access token resolver.
{
"type": "OAuth2ResourceServerFilter",
"config": {
"scopes" : [ expression, ... ], [REQUIRED - the list of OAuth2 scopes.]
"accessTokenResolver" : resolver, [REQUIRED]
"requireHttps" : boolean, [OPTIONAL - control if this filter only accepts requests
targeting the HTTPS scheme. By default,
it is enabled (only URI starting with
{@literal https://...} will be accepted, an
Exception is thrown otherwise).]
"realm" : string, [OPTIONAL - specifies the name of the realm used in the
authentication challenges returned back to
the client in case of errors. Defaults to
'OpenIG'.]
"executor" : executor, [OPTIONAL - by default uses the 'ScheduledThreadPool'
heap object.]
"cache" : object, [OPTIONAL - cache configuration. Default is no caching.]
"enabled" : boolean, [OPTIONAL - default to false. Enable for the caching
of access tokens.]
"defaultTimeout" : duration, [OPTIONAL - default to 1 minute. If no valid expiry
value is provided by the access token,
we'll cache it during that duration.]
"maxTimeout" : duration, [OPTIONAL - If a value is provided by the access token
but is greater that this value then we'll
use that value. ("zero" and "unlimited" are
not acceptable values).]
}
}
{
"name": "ProtectedResourceFilter",
"type": "OAuth2ResourceServerFilter",
"config": {
"scopes": [ "email", "profile" ],
"requireHttps": false,
"realm": "Informative realm name",
"accessTokenResolver" : "ForgeRock Authorisation Server"
}
}
Modifier and Type | Field and Description |
---|---|
static String |
DEFAULT_REALM_NAME
Name of the realm when none is specified in the heaplet.
|
Constructor and Description |
---|
OAuth2ResourceServerFilterHeaplet() |
Modifier and Type | Method and Description |
---|---|
Object |
create()
Called to request the heaplet create an object.
|
void |
destroy()
Called to indicate that the object created by the heaplet is going to be dereferenced.
|
create, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getSecretService, getType, meterRegistryHolder, start
public static final String DEFAULT_REALM_NAME
public Object create() throws HeapException
GenericHeaplet
Heaplet.create(Name, JsonValue, Heap)
after initializing
the protected field members. Implementations should parse configuration
but not acquire resources, start threads, or log any initialization
messages. These tasks should be performed by the GenericHeaplet.start()
method.create
in class GenericHeaplet
HeapException
- if an exception occurred during creation of the heap object
or any of its dependencies.public void destroy()
Heaplet
destroy
in interface Heaplet
destroy
in class GenericHeaplet
Copyright 2011-2017 ForgeRock AS.