Class AbstractAuthorizationFilter
- All Implemented Interfaces:
jakarta.ws.rs.container.ContainerRequestFilter
- Direct Known Subclasses:
HasRoleFilter,IsAuthenticatedFilter
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voidconfigureAuthenticationRequest(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext, AuthenticationRequest.Builder builder) Configures the authentication request when redirecting to the OpenID Provider.protected voiddoRedirectToAuthenticationEndpoint(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext) This method is called whenever the user is not authorized and the request is a safe navigation request.protected voiddoSendUnauthorized(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext) This method is called whenever the user is not authorized and the request is not a safe navigation request.voidfilter(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext) protected AuthenticationRedirectorReturns the configured authentication redirector.protected abstract booleanisAuthorized(jakarta.ws.rs.core.SecurityContext securityContext) Returns whether the user is authorized.protected voidredirectToAuthenticationEndpoint(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext) This method is called whenever the user is not authorized and the request is a safe navigation request.protected voidsendForbidden(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext) This method is called whenever the user is authenticated but not authorized.protected voidsendUnauthorized(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext) This method is called whenever the user is not authorized and the request is not a safe navigation request.
-
Field Details
-
IS_PRIVATE_PROPERTY_NAME
-
servletRequest
-
-
Constructor Details
-
AbstractAuthorizationFilter
public AbstractAuthorizationFilter()
-
-
Method Details
-
filter
public void filter(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext) throws IOException - Specified by:
filterin interfacejakarta.ws.rs.container.ContainerRequestFilter- Throws:
IOException
-
isAuthorized
protected abstract boolean isAuthorized(jakarta.ws.rs.core.SecurityContext securityContext) Returns whether the user is authorized. -
redirectToAuthenticationEndpoint
@ForOverride protected void redirectToAuthenticationEndpoint(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext) This method is called whenever the user is not authorized and the request is a safe navigation request.This implementation calls
sendForbidden(jakarta.ws.rs.container.ContainerRequestContext)whenever the user is authenticated, and defers to thedoRedirectToAuthenticationEndpoint(jakarta.ws.rs.container.ContainerRequestContext)otherwise. -
doRedirectToAuthenticationEndpoint
@ForOverride protected void doRedirectToAuthenticationEndpoint(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext) This method is called whenever the user is not authorized and the request is a safe navigation request.The default implementation simply calls the globally configured
AuthenticationRedirector, and allows configuring the authentication request.- See Also:
-
getAuthenticationRedirector
Returns the configured authentication redirector.The default implementation gets it from the request's servlet context.
-
configureAuthenticationRequest
@ForOverride protected void configureAuthenticationRequest(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext, AuthenticationRequest.Builder builder) Configures the authentication request when redirecting to the OpenID Provider.This method is called by the
AuthenticationRedirectorcalled byredirectToAuthenticationEndpoint(jakarta.ws.rs.container.ContainerRequestContext).- See Also:
-
sendUnauthorized
@ForOverride protected void sendUnauthorized(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext) This method is called whenever the user is not authorized and the request is not a safe navigation request.This implementation calls
sendForbidden(jakarta.ws.rs.container.ContainerRequestContext)whenever the user is authenticated, and defers todoSendUnauthorized(jakarta.ws.rs.container.ContainerRequestContext)otherwise. -
doSendUnauthorized
@ForOverride protected void doSendUnauthorized(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext) This method is called whenever the user is not authorized and the request is not a safe navigation request.The default implementation simply throws a
NotAuthorizedExceptionwithout aWWW-Authenticateresponse header. This is not strictly HTTP-compliant as it's missing theWWW-Authenticateresponse header, but is a good way to signal the error to JavaScript clients making an AJAX request.- See Also:
-
sendForbidden
@ForOverride protected void sendForbidden(jakarta.ws.rs.container.ContainerRequestContext containerRequestContext) This method is called whenever the user is authenticated but not authorized.The default implementation simply throws a
ForbiddenException.
-