net.ltgt.oidc.servlet.HasRoleFilter

All Implemented Interfaces:: Filter, FilterConfig, Serializable

public class HasRoleFilter extends AbstractAuthorizationFilter

When the user is not authorized, the default implementation will return a 403 Forbidden error when the user is authenticated but is missing the required role, and defers to the parent behavior otherwise.

This filter should be installed after the UserFilter as it relies on HttpServletRequest.isUserInRole(java.lang.String).

See Also:

Field Summary

Fields

Modifier and Type

Field

Description

static final String

ROLE

Name of the init parameter used to configure the expected user role.

Fields inherited from class net.ltgt.oidc.servlet.AbstractAuthorizationFilter
IS_PRIVATE_REQUEST_ATTRIBUTE_NAME
Constructor Summary

Constructors

Constructor

Description

HasRoleFilter()

HasRoleFilter(String role)

Constructs a filter that checks for the given role.
Method Summary

Modifier and Type

Method

Description

protected final void

doRedirectToAuthenticationEndpoint(HttpServletRequest req, HttpServletResponse res)

Calls redirectToAuthenticationEndpoint(jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse) from the superclass.

protected final void

doSendUnauthorized(HttpServletRequest req, HttpServletResponse res)

Calls sendUnauthorized(jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse) from the superclass.

void

init()

protected final boolean

isAuthorized(HttpServletRequest req)

Returns whether the user is authorized.

protected void

redirectToAuthenticationEndpoint(HttpServletRequest req, HttpServletResponse res)

This method is called whenever the user is not authorized and the request is a safe navigation request.

protected void

sendForbidden(HttpServletRequest req, HttpServletResponse res)

This method is called whenever the user is authenticated but not authorized.

protected void

sendUnauthorized(HttpServletRequest req, HttpServletResponse res)

This method is called whenever is not authorized and the request is not a safe navigation request.

Methods inherited from class net.ltgt.oidc.servlet.AbstractAuthorizationFilter
configureAuthenticationRequest, doFilter, isCallbackServlet

Methods inherited from class jakarta.servlet.http.HttpFilter
doFilter

Methods inherited from class jakarta.servlet.GenericFilter
getFilterConfig, getFilterName, getInitParameter, getInitParameterNames, getServletContext, init

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface jakarta.servlet.Filter
destroy

Field Details
- ROLE
  
  public static final String ROLE
  
  Name of the init parameter used to configure the expected user role.
  See Also:
  
  Constant Field Values
Constructor Details
- HasRoleFilter
  
  public HasRoleFilter()
- HasRoleFilter
  
  public HasRoleFilter(String role)
  
  Constructs a filter that checks for the given role.
  When this constructor is used, the ROLE init parameter won't be read.
Method Details
- init
  
  @OverridingMethodsMustInvokeSuper public void init() throws ServletException
  
  Overrides:
  
  init in class AbstractAuthorizationFilter
  
  Throws:
  
  ServletException
- isAuthorized
  
  protected final boolean isAuthorized(HttpServletRequest req)
  
  Description copied from class: AbstractAuthorizationFilter
  
  Returns whether the user is authorized.
  Implementations should only use the requests getUserPrincipal() and/or isUserInRole().
  
  Specified by:
  
  isAuthorized in class AbstractAuthorizationFilter
- redirectToAuthenticationEndpoint
  
  @ForOverride protected void redirectToAuthenticationEndpoint(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException
  
  This method is called whenever the user is not authorized and the request is a safe navigation request.
  This implementation calls sendForbidden(jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse) whenever the user is authenticated, and defers to the parent behavior otherwise.
  Overrides:
  
  redirectToAuthenticationEndpoint in class AbstractAuthorizationFilter
  
  Throws:
  
  IOException
  
  ServletException
  
  See Also:
  
  AbstractAuthorizationFilter.configureAuthenticationRequest(jakarta.servlet.http.HttpServletRequest, com.nimbusds.openid.connect.sdk.AuthenticationRequest.Builder)
  
  HasRoleFilter
  
  AbstractAuthorizationFilter.sendUnauthorized(jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse)
- doRedirectToAuthenticationEndpoint
  
  protected final void doRedirectToAuthenticationEndpoint(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException
  
  Calls redirectToAuthenticationEndpoint(jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse) from the superclass. This is a hook allowing to bypass this class' override's implementation.
  
  Throws:
  
  IOException
  
  ServletException
- sendUnauthorized
  
  @ForOverride protected void sendUnauthorized(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException
  
  This method is called whenever is not authorized and the request is not a safe navigation request.
  This implementation calls sendForbidden(jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse) whenever the user is authenticated, and defers to the parent behavior otherwise.
  Overrides:
  
  sendUnauthorized in class AbstractAuthorizationFilter
  
  Throws:
  
  IOException
  
  ServletException
  
  See Also:
  
  AbstractAuthorizationFilter.redirectToAuthenticationEndpoint(jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse)
  
  HasRoleFilter
- doSendUnauthorized
  
  protected final void doSendUnauthorized(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException
  
  Calls sendUnauthorized(jakarta.servlet.http.HttpServletRequest, jakarta.servlet.http.HttpServletResponse) from the superclass. This is a hook allowing to bypass this class' override's implementation.
  
  Throws:
  
  IOException
  
  ServletException
- sendForbidden
  
  @ForOverride protected void sendForbidden(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException
  
  This method is called whenever the user is authenticated but not authorized.
  The default implementation simply calls res.sendError(SC_FORBIDDEN).
  
  Throws:
  
  IOException
  
  ServletException

Class HasRoleFilter

Field Summary

Fields inherited from class net.ltgt.oidc.servlet.AbstractAuthorizationFilter

Constructor Summary

Method Summary

Methods inherited from class net.ltgt.oidc.servlet.AbstractAuthorizationFilter

Methods inherited from class jakarta.servlet.http.HttpFilter

Methods inherited from class jakarta.servlet.GenericFilter

Methods inherited from class java.lang.Object

Methods inherited from interface jakarta.servlet.Filter

Field Details

ROLE

Constructor Details

HasRoleFilter

HasRoleFilter

Method Details

init

isAuthorized

redirectToAuthenticationEndpoint

doRedirectToAuthenticationEndpoint

sendUnauthorized

doSendUnauthorized

sendForbidden