Package com.google.api.client.extensions.servlet.auth.oauth2

Class AbstractAuthorizationCodeCallbackServlet

java.lang.Object
javax.servlet.GenericServlet
javax.servlet.http.HttpServlet
com.google.api.client.extensions.servlet.auth.oauth2.AbstractAuthorizationCodeCallbackServlet
All Implemented Interfaces:
Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig
public abstract class AbstractAuthorizationCodeCallbackServlet extends javax.servlet.http.HttpServlet
Thread-safe OAuth 2.0 authorization code callback servlet to process the authorization code or error response from authorization page redirect.

This is designed to simplify the flow in which an end-user authorizes your web application to access their protected data. The main servlet class extends AbstractAuthorizationCodeServlet which if the end-user credentials are not found, will redirect the end-user to an authorization page. If the end-user grants authorization, they will be redirected to this servlet that extends AbstractAuthorizationCodeCallbackServlet and the onSuccess(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.google.api.client.auth.oauth2.Credential) will be called. Similarly, if the end-user grants authorization, they will be redirected to this servlet and onError(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.google.api.client.auth.oauth2.AuthorizationCodeResponseUrl) will be called.

Sample usage: 

public class ServletCallbackSample extends AbstractAuthorizationCodeCallbackServlet {

  @Override
  protected void onSuccess(HttpServletRequest req, HttpServletResponse resp, Credential credential)
      throws ServletException, IOException {
    resp.sendRedirect("/");
  }

  @Override
  protected void onError(
      HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse)
      throws ServletException, IOException {
    // handle error
  }

  @Override
  protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException {
    GenericUrl url = new GenericUrl(req.getRequestURL().toString());
    url.setRawPath("/oauth2callback");
    return url.build();
  }

  @Override
  protected AuthorizationCodeFlow initializeFlow() throws IOException {
    return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),
        new NetHttpTransport(),
        new JacksonFactory(),
        new GenericUrl("https://server.example.com/token"),
        new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"),
        "s6BhdRkqt3",
        "https://server.example.com/authorize").setCredentialStore(
        new JdoCredentialStore(JDOHelper.getPersistenceManagerFactory("transactions-optional")))
        .build();
  }

  @Override
  protected String getUserId(HttpServletRequest req) throws ServletException, IOException {
    // return user ID
  }
}
Since:
1.7
See Also:

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    private AuthorizationCodeFlow
    flow
    Authorization code flow to be used across all HTTP servlet requests or null before initialized in initializeFlow().
    private final Lock
    lock
    Lock on the flow.
    private static final long
    serialVersionUID
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    AbstractAuthorizationCodeCallbackServlet()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected final void
    doGet(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
     
    protected abstract String
    getRedirectUri(javax.servlet.http.HttpServletRequest req)
    Returns the redirect URI for the given HTTP servlet request.
    protected abstract String
    getUserId(javax.servlet.http.HttpServletRequest req)
    Returns the user ID for the given HTTP servlet request.
    protected abstract AuthorizationCodeFlow
    initializeFlow()
    Loads the authorization code flow to be used across all HTTP servlet requests (only called during the first HTTP servlet request with an authorization code).
    protected void
    onError(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse)
    Handles an error to the authorization, such as when an end user denies authorization.
    protected void
    onSuccess(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, Credential credential)
    Handles a successfully granted authorization.

    Methods inherited from class javax.servlet.http.HttpServlet

    doDelete, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service, service

    Methods inherited from class javax.servlet.GenericServlet

    destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, init, log, log

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

  • Constructor Details

    • AbstractAuthorizationCodeCallbackServlet

      public AbstractAuthorizationCodeCallbackServlet()

  • Method Details

    • doGet

      protected final void doGet(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp) throws javax.servlet.ServletException, IOException
      Overrides:
      doGet in class javax.servlet.http.HttpServlet
      Throws:
      javax.servlet.ServletException
      IOException

    • initializeFlow

      protected abstract AuthorizationCodeFlow initializeFlow() throws javax.servlet.ServletException, IOException
      Loads the authorization code flow to be used across all HTTP servlet requests (only called during the first HTTP servlet request with an authorization code).
      Throws:
      javax.servlet.ServletException
      IOException

    • getRedirectUri

      protected abstract String getRedirectUri(javax.servlet.http.HttpServletRequest req) throws javax.servlet.ServletException, IOException
      Returns the redirect URI for the given HTTP servlet request.
      Throws:
      javax.servlet.ServletException
      IOException

    • getUserId

      protected abstract String getUserId(javax.servlet.http.HttpServletRequest req) throws javax.servlet.ServletException, IOException
      Returns the user ID for the given HTTP servlet request.
      Throws:
      javax.servlet.ServletException
      IOException

    • onSuccess

      protected void onSuccess(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, Credential credential) throws javax.servlet.ServletException, IOException
      Handles a successfully granted authorization.

      Default implementation is to do nothing, but subclasses should override and implement. Sample implementation: 

            resp.sendRedirect("/granted");
      Parameters:
      req - HTTP servlet request
      resp - HTTP servlet response
      credential - credential
      Throws:
      javax.servlet.ServletException - HTTP servlet exception
      IOException - some I/O exception

    • onError

      protected void onError(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse) throws javax.servlet.ServletException, IOException
      Handles an error to the authorization, such as when an end user denies authorization.

      Default implementation is to do nothing, but subclasses should override and implement. Sample implementation: 

            resp.sendRedirect("/denied");
      Parameters:
      req - HTTP servlet request
      resp - HTTP servlet response
      errorResponse - error response (AuthorizationCodeResponseUrl.getError() is not null)
      Throws:
      javax.servlet.ServletException - HTTP servlet exception
      IOException - some I/O exception