Package org.glassfish.jersey.server.oauth1

Class OAuth1ServerFilter

java.lang.Object

org.glassfish.jersey.server.oauth1.OAuth1ServerFilter

All Implemented Interfaces:

javax.ws.rs.container.ContainerRequestFilter

@Priority(1000)
class OAuth1ServerFilter
extends Object
implements javax.ws.rs.container.ContainerRequestFilter

OAuth request filter that filters all requests indicating in the Authorization header they use OAuth. Checks if the incoming requests are properly authenticated and populates the security context with the corresponding user principal and roles.

Field Summary

Fields

Modifier and Type	Field	Description
private final Pattern	ignorePathPattern	Regular expression pattern for path to ignore.
private final NonceManager	nonces	Manages and validates incoming nonces.
private OAuth1Signature	oAuth1Signature
private final boolean	optional
private OAuth1Provider	provider	OAuth Server
private javax.inject.Provider<ExtendedUriInfo>	uriInfo
private final Set<String>	versions	OAuth protocol versions that are supported.
private final String	wwwAuthenticateHeader	Value to return in www-authenticate header when 401 response returned.

Constructor Summary

Constructors

Constructor	Description
OAuth1ServerFilter(javax.ws.rs.core.Configuration rc)	Create a new filter.

Method Summary

Modifier and Type	Method	Description
void	filter(javax.ws.rs.container.ContainerRequestContext request)
private OAuth1SecurityContext	getSecurityContext(javax.ws.rs.container.ContainerRequestContext request)
private static boolean	match(Pattern pattern, String value)
private static OAuth1Exception	newBadRequestException()
private OAuth1Exception	newUnauthorizedException()
private static Pattern	pattern(String p)
private static String	requiredOAuthParam(String value)
private static String	supportedOAuthParam(String value, Set<String> set)
private boolean	verifySignature(OAuthServerRequest osr, OAuth1Parameters params, OAuth1Secrets secrets)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

provider

@Inject
private OAuth1Provider provider

OAuth Server

nonces

private final NonceManager nonces

Manages and validates incoming nonces.

wwwAuthenticateHeader

private final String wwwAuthenticateHeader

Value to return in www-authenticate header when 401 response returned.

versions

private final Set<String> versions

OAuth protocol versions that are supported.

ignorePathPattern

private final Pattern ignorePathPattern

Regular expression pattern for path to ignore.

oAuth1Signature

@Inject
private OAuth1Signature oAuth1Signature

uriInfo

@Inject
private javax.inject.Provider<ExtendedUriInfo> uriInfo

optional

private final boolean optional

Constructor Details

OAuth1ServerFilter

@Inject
public OAuth1ServerFilter(javax.ws.rs.core.Configuration rc)

Create a new filter.

Parameters:

rc - Resource config.

Method Details

filter

public void filter(javax.ws.rs.container.ContainerRequestContext request)
            throws IOException

Specified by:

filter in interface javax.ws.rs.container.ContainerRequestFilter

Throws:

IOException

getSecurityContext

private OAuth1SecurityContext getSecurityContext(javax.ws.rs.container.ContainerRequestContext request)
                                          throws OAuth1Exception

Throws:

OAuth1Exception

requiredOAuthParam

private static String requiredOAuthParam(String value)
                                  throws OAuth1Exception

Throws:

OAuth1Exception

supportedOAuthParam

private static String supportedOAuthParam(String value,
 Set<String> set)
                                   throws OAuth1Exception

Throws:

OAuth1Exception

pattern

private static Pattern pattern(String p)

match

private static boolean match(Pattern pattern,
 String value)

verifySignature

private boolean verifySignature(OAuthServerRequest osr,
 OAuth1Parameters params,
 OAuth1Secrets secrets)

newBadRequestException

private static OAuth1Exception newBadRequestException()
                                               throws OAuth1Exception

Throws:

OAuth1Exception

newUnauthorizedException

private OAuth1Exception newUnauthorizedException()
                                          throws OAuth1Exception

Throws:

OAuth1Exception