Package net.ltgt.oidc.servlet.rs

Class HasRoleFilter

java.lang.Object

net.ltgt.oidc.servlet.rs.AbstractAuthorizationFilter

net.ltgt.oidc.servlet.rs.HasRoleFilter

All Implemented Interfaces:

jakarta.ws.rs.container.ContainerRequestFilter

@Priority(2000)
public class HasRoleFilter
extends AbstractAuthorizationFilter

Ensures the user has a given role.

When the user is not authorized, the default implementation will return a 403 Forbidden error when the user is authenticated but is missing the required role, and defers to the parent behavior otherwise.

An instance of this class needs to be registered through a DynamicFeature, or a subclass needs to be created to be able to create and use a name binding.

Field Summary

Fields inherited from class net.ltgt.oidc.servlet.rs.AbstractAuthorizationFilter

IS_PRIVATE_PROPERTY_NAME, servletRequest

Constructor Summary

Constructors

Constructor	Description
HasRoleFilter(String role)	Constructs a filter that checks for the given role.

Method Summary

Modifier and Type	Method	Description
protected final void	doRedirectToAuthenticationEndpoint(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext)	Calls redirectToAuthenticationEndpoint(jakarta.ws.rs.container.ContainerRequestContext) from the superclass.
protected final void	doSendUnauthorized(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext)	Calls sendUnauthorized(jakarta.ws.rs.container.ContainerRequestContext) from the superclass.
protected final boolean	isAuthorized(jakarta.ws.rs.core.SecurityContext securityContext)	Returns whether the user is authorized.
protected void	redirectToAuthenticationEndpoint(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext)	This method is called whenever the user is not authorized and the request is a safe navigation request.
protected void	sendForbidden(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext)	This method is called whenever the user is authenticated but not authorized.
protected void	sendUnauthorized(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext)	This method is called whenever is not authorized and the request is not a safe navigation request.

Methods inherited from class net.ltgt.oidc.servlet.rs.AbstractAuthorizationFilter

configureAuthenticationRequest, filter, getAuthenticationRedirector

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

HasRoleFilter

public HasRoleFilter(String role)

Constructs a filter that checks for the given role.

Method Details

isAuthorized

protected final boolean isAuthorized(jakarta.ws.rs.core.SecurityContext securityContext)

Description copied from class: AbstractAuthorizationFilter

Returns whether the user is authorized.

Specified by:

isAuthorized in class AbstractAuthorizationFilter

redirectToAuthenticationEndpoint

@ForOverride
protected void redirectToAuthenticationEndpoint(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext)

This method is called whenever the user is not authorized and the request is a safe navigation request.

This implementation calls sendForbidden(jakarta.ws.rs.container.ContainerRequestContext) whenever the user is authenticated, and defers to the parent behavior otherwise.

Overrides:

redirectToAuthenticationEndpoint in class AbstractAuthorizationFilter

See Also:

• AbstractAuthorizationFilter.configureAuthenticationRequest(jakarta.ws.rs.container.ContainerRequestContext, com.nimbusds.openid.connect.sdk.AuthenticationRequest.Builder)
• HasRoleFilter
• AbstractAuthorizationFilter.sendUnauthorized(jakarta.ws.rs.container.ContainerRequestContext)

doRedirectToAuthenticationEndpoint

protected final void doRedirectToAuthenticationEndpoint(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext)

Calls redirectToAuthenticationEndpoint(jakarta.ws.rs.container.ContainerRequestContext) from the superclass. This is a hook allowing to bypass this class' override's implementation.

sendUnauthorized

@ForOverride
protected void sendUnauthorized(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext)

This method is called whenever is not authorized and the request is not a safe navigation request.

This implementation calls sendForbidden(jakarta.ws.rs.container.ContainerRequestContext) whenever the user is authenticated, and defers to the parent behavior otherwise.

Overrides:

sendUnauthorized in class AbstractAuthorizationFilter

See Also:

• AbstractAuthorizationFilter.redirectToAuthenticationEndpoint(jakarta.ws.rs.container.ContainerRequestContext)
• HasRoleFilter

doSendUnauthorized

protected final void doSendUnauthorized(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext)

Calls sendUnauthorized(jakarta.ws.rs.container.ContainerRequestContext) from the superclass. This is a hook allowing to bypass this class' override's implementation.

sendForbidden

@ForOverride
protected void sendForbidden(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext)

This method is called whenever the user is authenticated but not authorized.

The default implementation simply throws a ForbiddenException.