Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.sap.cloud.security.oauth2
Class OAuthAuthorization

java.lang.Object
  extended by com.sap.cloud.security.oauth2.OAuthAuthorization

public abstract class OAuthAuthorization
extends Object

An abstract class used to access OAuthAuthorization implementation.

Field Summary
static String ACCESS_FORBIDDEN
          Error code passed as a httpRequest parameter attribute with a name reason, in case of faild authorization.
static String INVALID_ACCESS_TOKEN
          Error code passed as a httpRequest parameter attribute with a name reason in case of failed authorization when the passed access token does not exist or when it has already expired.
static String MISSING_ACCESS_TOKEN
          Error code passed as a httpRequest parameter attribute with a name reason in case of failed authorization when the access token is not passed as an HTTP "Authorization" request header.
 
Constructor Summary
OAuthAuthorization()
           
 
Method Summary
static OAuthAuthorization getOAuthAuthorizationService()
          Returns OAuth Authorization object that is used to perform the protected resource access check by retrieving from the Authorization Server the scopes associated with the given Access Token.
abstract  boolean isAuthorized(HttpServletRequest httpRequest)
          This method is only for authentication purpose with the given Access Token.
abstract  boolean isAuthorized(HttpServletRequest httpRequest, Set<String> scopes)
          Performs the protected resource access check by retrieving from the Authorization Server the scopes associated with the given Access Token, compares them with the passed scopes and checks the Token validity.
abstract  boolean isAuthorized(HttpServletRequest httpRequest, String scope)
          Performs the protected resource access check by retrieving from the Authorization Server the scopes associated with the given Access Token, compares them with the passed scopes and checks the Token validity.
abstract  boolean isAuthorized(Set<String> scopes)
          Performs the protected resource access check by retrieving the scopes from the currently logged in user and comparing them with the passed scopes.
abstract  boolean isAuthorized(String scope)
          Performs the protected resource access check by retrieving the scopes from the currently logged in user and comparing them with the passed scope.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ACCESS_FORBIDDEN

public static final String ACCESS_FORBIDDEN
Error code passed as a httpRequest parameter attribute with a name reason, in case of faild authorization.

See Also:
Constant Field Values

MISSING_ACCESS_TOKEN

public static final String MISSING_ACCESS_TOKEN
Error code passed as a httpRequest parameter attribute with a name reason in case of failed authorization when the access token is not passed as an HTTP "Authorization" request header.

See Also:
Constant Field Values

INVALID_ACCESS_TOKEN

public static final String INVALID_ACCESS_TOKEN
Error code passed as a httpRequest parameter attribute with a name reason in case of failed authorization when the passed access token does not exist or when it has already expired.

See Also:
Constant Field Values
Constructor Detail

OAuthAuthorization

public OAuthAuthorization()
Method Detail

getOAuthAuthorizationService

public static OAuthAuthorization getOAuthAuthorizationService()
Returns OAuth Authorization object that is used to perform the protected resource access check by retrieving from the Authorization Server the scopes associated with the given Access Token.

Returns:
Returns OAuthAuthorization object

isAuthorized

public abstract boolean isAuthorized(HttpServletRequest httpRequest)
                              throws OAuthSystemException
This method is only for authentication purpose with the given Access Token. Use this method for accessing a public resource, accessible for any scope. Access token must be passed by using the HTTP "Authorization" request header field. The value of this header must be the token type and access token value. The currently supported token type is "bearer".

For example the header could look like: 

 "Authorization: Bearer mF_9.B5f-4.1JqM"
The given example is provided for illustration purposes only.

Parameters:
httpRequest -
Returns:
true - Resource access request is successful and the authentication with access token is successful. On success two attributes are passed in the request: "user_id" - Id of the user that performs the request and "client_id" - Id of the client for which the access token is issued.

false - Resource access request fails. The passed token is not available or expired for the current client. In this case the error's reason can be retrieve from request's attributes with a name "reason".

Throws:
OAuthSystemException - In case of communication errors between the OAuth Resource Server and the Authorization Server.

isAuthorized

public abstract boolean isAuthorized(HttpServletRequest httpRequest,
                                     String scope)
                              throws OAuthSystemException
Performs the protected resource access check by retrieving from the Authorization Server the scopes associated with the given Access Token, compares them with the passed scopes and checks the Token validity. Access token must be passed by using the HTTP "Authorization" request header field. The value of this header must be the token type and access token value. The currently supported token type is "bearer".

For example the header could look like: 

 "Authorization: Bearer mF_9.B5f-4.1JqM"
The given example is provided for illustration purposes only.

Parameters:
httpRequest -
scope - - Scope for which the protected resource access is performed
Returns:
true - Resource access request is successful. This means that all scopes passed as an input parameter are access token scopes and the token has not expired.
On success two attributes are passed in the request: "user_id" - Id of the user that performs the request and "client_id" - Id of the client for which the access token is issued.

false - Resource access request fails. In this case the error's reason can be retrieve from request's attributes with a name "reason".

Throws:
OAuthSystemException - In case of communication errors between the OAuth Resource Server and the Authorization Server.

isAuthorized

public abstract boolean isAuthorized(String scope)
                              throws OAuthSystemException
Performs the protected resource access check by retrieving the scopes from the currently logged in user and comparing them with the passed scope.

Parameters:
scope - - Scope for which the protected resource access is performed
Returns:
true - Resource access request is successful. This means that the scope passed as an input parameter was granted to the currently logged in user.

false - Resource access request fails.

Throws:
OAuthSystemException - In case of communication errors between the OAuth Resource Server and the Authorization Server.

isAuthorized

public abstract boolean isAuthorized(HttpServletRequest httpRequest,
                                     Set<String> scopes)
                              throws OAuthSystemException
Performs the protected resource access check by retrieving from the Authorization Server the scopes associated with the given Access Token, compares them with the passed scopes and checks the Token validity. Access token must be passed by using the HTTP "Authorization" request header field. The value of this header must be the token type and access token value. The currently supported token type is "bearer".

For example the header could look like: 

 "Authorization: Bearer mF_9.B5f-4.1JqM"
The given example is provided for illustration purposes only.

Parameters:
httpRequest -
scopes - - Scopes for which the protected resource access is performed.
Returns:
true - Resource access request is successful. This means that all scopes passed as an input parameter are access token scopes and the token has not expired.
On success two attributes are passed in the request: "user_id" - Id of the user that performs the request and "client_id" - Id of the client for which the access token is issued.

false - Resource access request fails. In this case the error's reason can be retrieve from request's attributes with a name "reason".

Throws:
OAuthSystemException - In case of communication errors between the OAuth Resource Server and the Authorization Server.

isAuthorized

public abstract boolean isAuthorized(Set<String> scopes)
                              throws OAuthSystemException
Performs the protected resource access check by retrieving the scopes from the currently logged in user and comparing them with the passed scopes.

Parameters:
scopes - - Scopes for which the protected resource access is performed.
Returns:
true - Resource access request is successful. This means that all scopes passed as an input parameter were granted to the currently logged in user.

false - Resource access request fails.

Throws:
OAuthSystemException - In case of communication errors between the OAuth Resource Server and the Authorization Server.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2015 SAP. All Rights Reserved.