OAuthAuthenticationServerValve (RESTEasy JAX-RS 3.0.13.Final API)

java.lang.Object
- org.apache.catalina.valves.ValveBase
- - org.apache.catalina.authenticator.AuthenticatorBase
  - - org.apache.catalina.authenticator.FormAuthenticator
    - - org.jboss.resteasy.skeleton.key.as7.OAuthAuthenticationServerValve

All Implemented Interfaces:

MBeanRegistration, org.apache.catalina.Authenticator, org.apache.catalina.Contained, org.apache.catalina.Lifecycle, org.apache.catalina.LifecycleListener, org.apache.catalina.Valve
```
public class OAuthAuthenticationServerValve
extends org.apache.catalina.authenticator.FormAuthenticator
implements org.apache.catalina.LifecycleListener
```
Turns a web deployment into an authentication server that follwos the OAuth 2 protocol and Skeleton Key bearer tokens. Authentication store is backed by a JBoss security domain.
Servlet FORM authentication that uses the local security domain to authenticate and for role mappings.
Supports bearer token creation and authentication. The client asking for access must be set up as a valid user within the security domain.
If no an OAuth access request, this works like normal FORM authentication and authorization.

Version:

$Revision: 1 $

Author:

Bill Burke

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

static class OAuthAuthenticationServerValve.AccessCode

Nested Classes
Modifier and Type	Class and Description
`static class`	`OAuthAuthenticationServerValve.AccessCode`

Field Summary

Fields
Modifier and Type	Field and Description
`protected ConcurrentHashMap<String,OAuthAuthenticationServerValve.AccessCode>`	`accessCodeMap`
`protected org.codehaus.jackson.map.ObjectWriter`	`accessTokenResponseWriter`
`protected org.codehaus.jackson.map.ObjectMapper`	`mapper`
`protected org.codehaus.jackson.map.ObjectWriter`	`mapWriter`
`protected ResteasyProviderFactory`	`providers`
`protected PrivateKey`	`realmPrivateKey`
`protected PublicKey`	`realmPublicKey`
`protected String`	`realmPublicKeyPem`
`protected ResourceMetadata`	`resourceMetadata`
`protected AuthServerConfig`	`skeletonKeyConfig`
`protected UserSessionManagement`	`userSessionManagement`

Fields inherited from class org.apache.catalina.authenticator.FormAuthenticator
characterEncoding, info, landingPage

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase
AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, lifecycle, REALM_NAME, securePagesWithPragma, SESSION_ID_BYTES, sm, sso, started

Fields inherited from class org.apache.catalina.valves.ValveBase
container, controller, domain, mserver, next, oname

Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors
Constructor and Description

OAuthAuthenticationServerValve()

Constructors
Constructor and Description
`OAuthAuthenticationServerValve()`

Method Summary

Methods
Modifier and Type	Method and Description
`protected AccessTokenResponse`	`accessTokenResponse(PrivateKey privateKey, SkeletonKeyToken token)`
`protected void`	`adminLogout(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response)`
`boolean`	`authenticate(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response, org.apache.catalina.deploy.LoginConfig config)`
`protected org.apache.catalina.realm.GenericPrincipal`	`basicAuth(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response)`
`protected void`	`basicAuthError(org.apache.catalina.connector.Response response)`
`boolean`	`bearer(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response, boolean propagate)`
`protected SkeletonKeyToken`	`buildToken(org.apache.catalina.realm.GenericPrincipal gp)`
`protected String`	`buildTokenString(PrivateKey privateKey, SkeletonKeyToken token)`
`protected org.apache.catalina.realm.GenericPrincipal`	`checkLoggedIn(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response)`
`protected ManagedResourceConfig`	`getRealmRepresentation(org.apache.catalina.connector.Request request)`
`protected boolean`	`handleLoginPage(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response)`
`protected void`	`handleOAuth(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response)`
`protected void`	`init()`
`void`	`invoke(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response)`
`void`	`lifecycleEvent(org.apache.catalina.LifecycleEvent event)`
`protected void`	`logoutCurrentUser(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response)`
`protected void`	`logoutResources(String username, String admin)`
`protected void`	`publishRealmInfoHtml(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response)`
`protected void`	`redirectAccessCode(boolean sso, org.apache.catalina.connector.Response response, String redirect_uri, String client_id, String state, org.apache.catalina.realm.GenericPrincipal gp)`
`protected void`	`redirectToWelcomePage(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response)`
`protected void`	`register(org.apache.catalina.connector.Request request, javax.servlet.http.HttpServletResponse response, Principal principal, String authType, String username, String password)`
`protected void`	`resolveAccessCode(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response)`
`void`	`start()`
`protected void`	`tokenGrant(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response)`

Methods inherited from class org.apache.catalina.authenticator.FormAuthenticator
forwardToErrorPage, forwardToLoginPage, getCharacterEncoding, getInfo, getLandingPage, matchRequest, restoreRequest, savedRequestURL, saveRequest, setCharacterEncoding, setLandingPage

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase
addLifecycleListener, associate, authenticate, findLifecycleListeners, generateSessionId, getCache, getContainer, getDisableProxyCaching, getSecurePagesWithPragma, isChangeSessionIdOnAuthentication, login, logout, reauthenticateFromSSO, removeLifecycleListener, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setSecurePagesWithPragma, stop, unregister

Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, createObjectName, event, getContainerName, getController, getDomain, getNext, getObjectName, getParentName, postDeregister, postRegister, preDeregister, preRegister, setController, setNext, setObjectName, toString

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

accessCodeMap

protected ConcurrentHashMap<String,OAuthAuthenticationServerValve.AccessCode> accessCodeMap

skeletonKeyConfig

protected AuthServerConfig skeletonKeyConfig

realmPrivateKey
```
protected PrivateKey realmPrivateKey
```

realmPublicKey
```
protected PublicKey realmPublicKey
```

realmPublicKeyPem
```
protected String realmPublicKeyPem
```

providers

protected ResteasyProviderFactory providers

resourceMetadata

protected ResourceMetadata resourceMetadata

userSessionManagement

protected UserSessionManagement userSessionManagement

mapper

protected org.codehaus.jackson.map.ObjectMapper mapper

accessTokenResponseWriter

protected org.codehaus.jackson.map.ObjectWriter accessTokenResponseWriter

mapWriter

protected org.codehaus.jackson.map.ObjectWriter mapWriter

Constructor Detail
- OAuthAuthenticationServerValve
```
public OAuthAuthenticationServerValve()
```

Method Detail

start
```
public void start()
           throws org.apache.catalina.LifecycleException
```
Specified by:

start in interface org.apache.catalina.Lifecycle

Overrides:

start in class org.apache.catalina.authenticator.AuthenticatorBase

Throws:

org.apache.catalina.LifecycleException

lifecycleEvent
```
public void lifecycleEvent(org.apache.catalina.LifecycleEvent event)
```
Specified by:

lifecycleEvent in interface org.apache.catalina.LifecycleListener

init
```
protected void init()
```

invoke

public void invoke(org.apache.catalina.connector.Request request,
          org.apache.catalina.connector.Response response)
            throws IOException,
                   javax.servlet.ServletException

Specified by:: invoke in interface org.apache.catalina.Valve
Overrides:: invoke in class org.apache.catalina.authenticator.AuthenticatorBase
Throws:: IOException; javax.servlet.ServletException

handleLoginPage

protected boolean handleLoginPage(org.apache.catalina.connector.Request request,
                      org.apache.catalina.connector.Response response)
                           throws IOException,
                                  javax.servlet.ServletException

Throws:: IOException; javax.servlet.ServletException

checkLoggedIn

protected org.apache.catalina.realm.GenericPrincipal checkLoggedIn(org.apache.catalina.connector.Request request,
                                                       javax.servlet.http.HttpServletResponse response)

adminLogout

protected void adminLogout(org.apache.catalina.connector.Request request,
               javax.servlet.http.HttpServletResponse response)
                    throws IOException

Throws:: IOException

logoutCurrentUser

protected void logoutCurrentUser(org.apache.catalina.connector.Request request,
                     javax.servlet.http.HttpServletResponse response)
                          throws IOException

Throws:: IOException

logoutResources

protected void logoutResources(String username,
                   String admin)

redirectToWelcomePage

protected void redirectToWelcomePage(org.apache.catalina.connector.Request request,
                         javax.servlet.http.HttpServletResponse response)
                              throws IOException

Throws:: IOException

publishRealmInfoHtml

protected void publishRealmInfoHtml(org.apache.catalina.connector.Request request,
                        javax.servlet.http.HttpServletResponse response)
                             throws IOException

Throws:: IOException

getRealmRepresentation

protected ManagedResourceConfig getRealmRepresentation(org.apache.catalina.connector.Request request)

bearer

public boolean bearer(org.apache.catalina.connector.Request request,
             javax.servlet.http.HttpServletResponse response,
             boolean propagate)
               throws IOException

Throws:: IOException

register

protected void register(org.apache.catalina.connector.Request request,
            javax.servlet.http.HttpServletResponse response,
            Principal principal,
            String authType,
            String username,
            String password)

Overrides:: register in class org.apache.catalina.authenticator.AuthenticatorBase

authenticate

public boolean authenticate(org.apache.catalina.connector.Request request,
                   javax.servlet.http.HttpServletResponse response,
                   org.apache.catalina.deploy.LoginConfig config)
                     throws IOException

Overrides:: authenticate in class org.apache.catalina.authenticator.FormAuthenticator
Throws:: IOException

resolveAccessCode

protected void resolveAccessCode(org.apache.catalina.connector.Request request,
                     org.apache.catalina.connector.Response response)
                          throws IOException

Throws:: IOException

accessTokenResponse

protected AccessTokenResponse accessTokenResponse(PrivateKey privateKey,
                                      SkeletonKeyToken token)

buildTokenString

protected String buildTokenString(PrivateKey privateKey,
                      SkeletonKeyToken token)

handleOAuth

protected void handleOAuth(org.apache.catalina.connector.Request request,
               org.apache.catalina.connector.Response response)
                    throws IOException

Throws:: IOException

tokenGrant

protected void tokenGrant(org.apache.catalina.connector.Request request,
              org.apache.catalina.connector.Response response)
                   throws IOException

Throws:: IOException

basicAuth

protected org.apache.catalina.realm.GenericPrincipal basicAuth(org.apache.catalina.connector.Request request,
                                                   org.apache.catalina.connector.Response response)
                                                        throws IOException

Throws:: IOException

basicAuthError

protected void basicAuthError(org.apache.catalina.connector.Response response)
                       throws IOException

Throws:: IOException

redirectAccessCode

protected void redirectAccessCode(boolean sso,
                      org.apache.catalina.connector.Response response,
                      String redirect_uri,
                      String client_id,
                      String state,
                      org.apache.catalina.realm.GenericPrincipal gp)
                           throws IOException

Throws:: IOException

buildToken

protected SkeletonKeyToken buildToken(org.apache.catalina.realm.GenericPrincipal gp)

Class OAuthAuthenticationServerValve

Nested Class Summary

Field Summary

Fields inherited from class org.apache.catalina.authenticator.FormAuthenticator

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

Fields inherited from class org.apache.catalina.valves.ValveBase

Fields inherited from interface org.apache.catalina.Lifecycle

Constructor Summary

Method Summary

Methods inherited from class org.apache.catalina.authenticator.FormAuthenticator

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

Methods inherited from class org.apache.catalina.valves.ValveBase

Methods inherited from class java.lang.Object

Field Detail

accessCodeMap

skeletonKeyConfig

realmPrivateKey

realmPublicKey

realmPublicKeyPem

providers

resourceMetadata

userSessionManagement

mapper

accessTokenResponseWriter

mapWriter

Constructor Detail

OAuthAuthenticationServerValve

Method Detail

start

lifecycleEvent

init

invoke

handleLoginPage

checkLoggedIn

adminLogout

logoutCurrentUser

logoutResources

redirectToWelcomePage

publishRealmInfoHtml

getRealmRepresentation

bearer

register

authenticate

resolveAccessCode

accessTokenResponse

buildTokenString

handleOAuth

tokenGrant

basicAuth

basicAuthError

redirectAccessCode

buildToken