org.springframework.security.oauth.consumer.filter
Class OAuthConsumerProcessingFilter

java.lang.Object
  org.springframework.security.oauth.consumer.filter.OAuthConsumerProcessingFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware

public class OAuthConsumerProcessingFilter
extends Object
implements javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware

OAuth consumer processing filter. This filter should be applied to requests for OAuth protected resources (see OAuth Core 1.0).

When servicing a request that requires protected resources, this filter sets a request attribute (default "OAUTH_ACCESS_TOKENS") that contains the list of OAuthConsumerTokens.

Author:

Ryan Heaton, Andrew McCall

Field Summary

protected org.springframework.context.support.MessageSourceAccessor

messages

Constructor Summary

OAuthConsumerProcessingFilter()

Method Summary

void	afterPropertiesSet()
void	destroy()
void	doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain chain)
protected Set<String>	getAccessTokenDependencies(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) Loads the access token dependencies for the given request.
org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource	getObjectDefinitionSource() The filter invocation definition source.
ProtectedResourceDetailsService	getProtectedResourceDetailsService() The protected resource details service.
void	init(javax.servlet.FilterConfig ignored)
boolean	isRequireAuthenticated() Whether to require the current authentication to be authenticated.
void	setMessageSource(org.springframework.context.MessageSource messageSource) Set the message source.
void	setObjectDefinitionSource(org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource objectDefinitionSource) The filter invocation definition source.
void	setProtectedResourceDetailsService(ProtectedResourceDetailsService protectedResourceDetailsService) The protected resource details service.
void	setRequireAuthenticated(boolean requireAuthenticated) Whether to require the current authentication to be authenticated.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

messages

protected org.springframework.context.support.MessageSourceAccessor messages

Constructor Detail

OAuthConsumerProcessingFilter

public OAuthConsumerProcessingFilter()

Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Throws:

Exception

init

public void init(javax.servlet.FilterConfig ignored)
          throws javax.servlet.ServletException

Specified by:

init in interface javax.servlet.Filter

Throws:

javax.servlet.ServletException

destroy

public void destroy()

Specified by:

destroy in interface javax.servlet.Filter

doFilter

public void doFilter(javax.servlet.ServletRequest servletRequest,
                     javax.servlet.ServletResponse servletResponse,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

Specified by:

doFilter in interface javax.servlet.Filter

Throws:

IOException

javax.servlet.ServletException

getAccessTokenDependencies

protected Set<String> getAccessTokenDependencies(javax.servlet.http.HttpServletRequest request,
                                                 javax.servlet.http.HttpServletResponse response,
                                                 javax.servlet.FilterChain filterChain)

Loads the access token dependencies for the given request. This will be a set of resource ids for which an OAuth access token is required.

Parameters:

request - The request.

response - The response

filterChain - The filter chain

Returns:

The access token dependencies (could be empty).

getProtectedResourceDetailsService

public ProtectedResourceDetailsService getProtectedResourceDetailsService()

The protected resource details service.

Returns:

The protected resource details service.

setProtectedResourceDetailsService

@Autowired
public void setProtectedResourceDetailsService(ProtectedResourceDetailsService protectedResourceDetailsService)

The protected resource details service.

Parameters:

protectedResourceDetailsService - The protected resource details service.

getObjectDefinitionSource

public org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource getObjectDefinitionSource()

The filter invocation definition source.

Returns:

The filter invocation definition source.

setObjectDefinitionSource

public void setObjectDefinitionSource(org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource objectDefinitionSource)

The filter invocation definition source.

Parameters:

objectDefinitionSource - The filter invocation definition source.

setMessageSource

public void setMessageSource(org.springframework.context.MessageSource messageSource)

Set the message source.

Specified by:

setMessageSource in interface org.springframework.context.MessageSourceAware

Parameters:

messageSource - The message source.

isRequireAuthenticated

public boolean isRequireAuthenticated()

Whether to require the current authentication to be authenticated.

Returns:

Whether to require the current authentication to be authenticated.

setRequireAuthenticated

public void setRequireAuthenticated(boolean requireAuthenticated)

Whether to require the current authentication to be authenticated.

Parameters:

requireAuthenticated - Whether to require the current authentication to be authenticated.