Package de.businesscode.bcdui.subjectsettings.oauth2

Class OAuthRealm

  • All Implemented Interfaces:
    org.apache.shiro.authc.LogoutAware, org.apache.shiro.cache.CacheManagerAware, org.apache.shiro.realm.Realm, org.apache.shiro.util.Initializable, org.apache.shiro.util.Nameable
    public class OAuthRealm
extends org.apache.shiro.realm.AuthenticatingRealm
    This one is an authenticating realm only as such we obtain identity from resource server and let other realms obtain authorization data from elsewhere

    • Constructor Summary

      Constructors 
      Constructor Description
      OAuthRealm()  

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected java.lang.String createAccessToken​(OAuthToken oauthToken)
      call against oauth2.0 "/token" endpoint to obtain an access token
      protected org.apache.shiro.authc.AuthenticationInfo doGetAuthenticationInfo​(org.apache.shiro.authc.AuthenticationToken authToken)
      creates access token via createAccessToken(OAuthToken) and passes to getUserPrincipal(String) then constructs SimpleAuthenticationInfo with returned principal
      java.lang.String getApiEndpoint()  
      OAuthAuthenticatingFilter getAuthenticator()  
      java.lang.String getPrincipalPropertyName()  
      java.lang.String getTokenEndpoint()  
      protected java.lang.Object getUserPrincipal​(java.lang.String accessToken)
      implements getting user principal from resource server
      protected com.google.gson.JsonElement readJsonProperty​(java.lang.String jsonString, java.lang.String propertyName)
      helper to access plain property of a json string, i.e. readJsonProperty('{ foo:"bar" }', "foo").getAsString() returns "bar"
      void setApiEndpoint​(java.lang.String apiEndPoint)
      the API endpoint to obtain information about user basically providing JSON data containing getPrincipalPropertyName() to extract
      void setAuthenticator​(OAuthAuthenticatingFilter authenticator)
      we need to set the instance of filter class to determine in realm if that should support processing, incase we have many realms bound with multiple authenticators for given token
      void setClientSecret​(java.lang.String clientSecret)
      secret we need to obtain access token from /token endpoint, used in createAccessToken(OAuthToken)
      void setPrincipalPropertyName​(java.lang.String principalPropertyName)
      this is the property we extract from JSON response and use as a principal
      void setTokenEndpoint​(java.lang.String tokenEndpoint)
      sets the endpoint to /token API
      boolean supports​(org.apache.shiro.authc.AuthenticationToken token)
      accepts OAuthToken and only from given authenticator, if provided

      • Methods inherited from class org.apache.shiro.realm.AuthenticatingRealm

        afterCacheManagerSet, assertCredentialsMatch, clearCachedAuthenticationInfo, doClearCache, getAuthenticationCache, getAuthenticationCacheKey, getAuthenticationCacheKey, getAuthenticationCacheName, getAuthenticationInfo, getAuthenticationTokenClass, getCredentialsMatcher, init, isAuthenticationCachingEnabled, isAuthenticationCachingEnabled, onInit, setAuthenticationCache, setAuthenticationCacheName, setAuthenticationCachingEnabled, setAuthenticationTokenClass, setCredentialsMatcher, setName

      • Methods inherited from class org.apache.shiro.realm.CachingRealm

        clearCache, getAvailablePrincipal, getCacheManager, getName, isCachingEnabled, onLogout, setCacheManager, setCachingEnabled

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • OAuthRealm

        public OAuthRealm()

    • Method Detail

      • setAuthenticator

        public void setAuthenticator​(OAuthAuthenticatingFilter authenticator)
        we need to set the instance of filter class to determine in realm if that should support processing, incase we have many realms bound with multiple authenticators for given token
        Parameters:
        authenticator -

      • setTokenEndpoint

        public void setTokenEndpoint​(java.lang.String tokenEndpoint)
        sets the endpoint to /token API
        Parameters:
        tokenEndpoint -

      • getTokenEndpoint

        public java.lang.String getTokenEndpoint()

      • setApiEndpoint

        public void setApiEndpoint​(java.lang.String apiEndPoint)
        the API endpoint to obtain information about user basically providing JSON data containing getPrincipalPropertyName() to extract
        Parameters:
        apiEndPoint - The endpoint to get principal's JSON

      • getApiEndpoint

        public java.lang.String getApiEndpoint()

      • setClientSecret

        public void setClientSecret​(java.lang.String clientSecret)
        secret we need to obtain access token from /token endpoint, used in createAccessToken(OAuthToken)
        Parameters:
        clientSecret -

      • setPrincipalPropertyName

        public void setPrincipalPropertyName​(java.lang.String principalPropertyName)
        this is the property we extract from JSON response and use as a principal
        Parameters:
        principalPropertyName -

      • getPrincipalPropertyName

        public java.lang.String getPrincipalPropertyName()

      • supports

        public boolean supports​(org.apache.shiro.authc.AuthenticationToken token)
        accepts OAuthToken and only from given authenticator, if provided
        Specified by:
        supports in interface org.apache.shiro.realm.Realm
        Overrides:
        supports in class org.apache.shiro.realm.AuthenticatingRealm

      • doGetAuthenticationInfo

        protected org.apache.shiro.authc.AuthenticationInfo doGetAuthenticationInfo​(org.apache.shiro.authc.AuthenticationToken authToken)
        creates access token via createAccessToken(OAuthToken) and passes to getUserPrincipal(String) then constructs SimpleAuthenticationInfo with returned principal
        Specified by:
        doGetAuthenticationInfo in class org.apache.shiro.realm.AuthenticatingRealm

      • getUserPrincipal

        protected java.lang.Object getUserPrincipal​(java.lang.String accessToken)
                                     throws java.io.IOException
        implements getting user principal from resource server
        Parameters:
        accessToken - - which is already obtained from authority server and ready to be used as a bearer
        Returns:
        user principal, i.e. the email-address or other identifier
        Throws:
        java.io.IOException

      • createAccessToken

        protected java.lang.String createAccessToken​(OAuthToken oauthToken)
                                      throws java.io.IOException
        call against oauth2.0 "/token" endpoint to obtain an access token
        Parameters:
        oauthToken -
        Returns:
        The access token
        Throws:
        java.io.IOException

      • readJsonProperty

        protected com.google.gson.JsonElement readJsonProperty​(java.lang.String jsonString,
                                                       java.lang.String propertyName)
        helper to access plain property of a json string, i.e. readJsonProperty('{ foo:"bar" }', "foo").getAsString() returns "bar"
        Parameters:
        jsonString -
        propertyName -
        Returns:
        The property