Package com.sap.cloud.security.oauth2

Class OAuthAuthorization

java.lang.Object
com.sap.cloud.security.oauth2.OAuthAuthorization
public abstract class OAuthAuthorization extends Object
An abstract class used to access OAuthAuthorization implementation.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    ACCESS_FORBIDDEN
    Error code passed as a httpRequest parameter attribute with a name reason, in case of faild authorization.
    static final String
    INVALID_ACCESS_TOKEN
    Error code passed as a httpRequest parameter attribute with a name reason in case of failed authorization when the passed access token does not exist or when it has already expired.
    static final String
    MISSING_ACCESS_TOKEN
    Error code passed as a httpRequest parameter attribute with a name reason in case of failed authorization when the access token is not passed as an HTTP "Authorization" request header.

  • Constructor Summary

    Constructors
    Constructor
    Description
    OAuthAuthorization()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    static OAuthAuthorization
    getOAuthAuthorizationService()
    Returns OAuth Authorization object that is used to perform the protected resource access check by retrieving from the Authorization Server the scopes associated with the given Access Token.
    abstract boolean
    isAuthorized(HttpServletRequest httpRequest)
    This method is only for authentication purpose with the given Access Token.
    abstract boolean
    isAuthorized(HttpServletRequest httpRequest, String scope)
    Performs the protected resource access check by retrieving from the Authorization Server the scopes associated with the given Access Token, compares them with the passed scopes and checks the Token validity.
    abstract boolean
    isAuthorized(HttpServletRequest httpRequest, Set<String> scopes)
    Performs the protected resource access check by retrieving from the Authorization Server the scopes associated with the given Access Token, compares them with the passed scopes and checks the Token validity.
    abstract boolean
    isAuthorized(String scope)
    Performs the protected resource access check by retrieving the scopes from the currently logged in user and comparing them with the passed scope.
    abstract boolean
    isAuthorized(Set<String> scopes)
    Performs the protected resource access check by retrieving the scopes from the currently logged in user and comparing them with the passed scopes.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • ACCESS_FORBIDDEN

      public static final String ACCESS_FORBIDDEN
      Error code passed as a httpRequest parameter attribute with a name reason, in case of faild authorization.
      See Also:

    • MISSING_ACCESS_TOKEN

      public static final String MISSING_ACCESS_TOKEN
      Error code passed as a httpRequest parameter attribute with a name reason in case of failed authorization when the access token is not passed as an HTTP "Authorization" request header.
      See Also:

    • INVALID_ACCESS_TOKEN

      public static final String INVALID_ACCESS_TOKEN
      Error code passed as a httpRequest parameter attribute with a name reason in case of failed authorization when the passed access token does not exist or when it has already expired.
      See Also:

  • Constructor Details

    • OAuthAuthorization

      public OAuthAuthorization()

  • Method Details

    • getOAuthAuthorizationService

      public static OAuthAuthorization getOAuthAuthorizationService()
      Returns OAuth Authorization object that is used to perform the protected resource access check by retrieving from the Authorization Server the scopes associated with the given Access Token.
      Returns:
      Returns OAuthAuthorization object

    • isAuthorized

      public abstract boolean isAuthorized(HttpServletRequest httpRequest) throws OAuthSystemException
      This method is only for authentication purpose with the given Access Token. Use this method for accessing a public resource, accessible for any scope. Access token must be passed by using the HTTP "Authorization" request header field. The value of this header must be the token type and access token value. The currently supported token type is "bearer".

      For example the header could look like: 

       "Authorization: Bearer mF_9.B5f-4.1JqM"
      The given example is provided for illustration purposes only.

      Parameters:
      httpRequest -
      Returns:
      true - Resource access request is successful and the authentication with access token is successful. On success two attributes are passed in the request: "user_id" - Id of the user that performs the request and "client_id" - Id of the client for which the access token is issued.

      false - Resource access request fails. The passed token is not available or expired for the current client. In this case the error's reason can be retrieve from request's attributes with a name "reason".

      Throws:
      OAuthSystemException - In case of communication errors between the OAuth Resource Server and the Authorization Server.

    • isAuthorized

      public abstract boolean isAuthorized(HttpServletRequest httpRequest, String scope) throws OAuthSystemException
      Performs the protected resource access check by retrieving from the Authorization Server the scopes associated with the given Access Token, compares them with the passed scopes and checks the Token validity. Access token must be passed by using the HTTP "Authorization" request header field. The value of this header must be the token type and access token value. The currently supported token type is "bearer".

      For example the header could look like: 

       "Authorization: Bearer mF_9.B5f-4.1JqM"
      The given example is provided for illustration purposes only.

      Parameters:
      httpRequest -
      scope - - Scope for which the protected resource access is performed
      Returns:
      true - Resource access request is successful. This means that all scopes passed as an input parameter are access token scopes and the token has not expired.
      On success two attributes are passed in the request: "user_id" - Id of the user that performs the request and "client_id" - Id of the client for which the access token is issued.

      false - Resource access request fails. In this case the error's reason can be retrieve from request's attributes with a name "reason".

      Throws:
      OAuthSystemException - In case of communication errors between the OAuth Resource Server and the Authorization Server.

    • isAuthorized

      public abstract boolean isAuthorized(String scope) throws OAuthSystemException
      Performs the protected resource access check by retrieving the scopes from the currently logged in user and comparing them with the passed scope.
      Parameters:
      scope - - Scope for which the protected resource access is performed
      Returns:
      true - Resource access request is successful. This means that the scope passed as an input parameter was granted to the currently logged in user.

      false - Resource access request fails.

      Throws:
      OAuthSystemException - In case of communication errors between the OAuth Resource Server and the Authorization Server.

    • isAuthorized

      public abstract boolean isAuthorized(HttpServletRequest httpRequest, Set<String> scopes) throws OAuthSystemException
      Performs the protected resource access check by retrieving from the Authorization Server the scopes associated with the given Access Token, compares them with the passed scopes and checks the Token validity. Access token must be passed by using the HTTP "Authorization" request header field. The value of this header must be the token type and access token value. The currently supported token type is "bearer".

      For example the header could look like: 

       "Authorization: Bearer mF_9.B5f-4.1JqM"
      The given example is provided for illustration purposes only.

      Parameters:
      httpRequest -
      scopes - - Scopes for which the protected resource access is performed.
      Returns:
      true - Resource access request is successful. This means that all scopes passed as an input parameter are access token scopes and the token has not expired.
      On success two attributes are passed in the request: "user_id" - Id of the user that performs the request and "client_id" - Id of the client for which the access token is issued.

      false - Resource access request fails. In this case the error's reason can be retrieve from request's attributes with a name "reason".

      Throws:
      OAuthSystemException - In case of communication errors between the OAuth Resource Server and the Authorization Server.

    • isAuthorized

      public abstract boolean isAuthorized(Set<String> scopes) throws OAuthSystemException
      Performs the protected resource access check by retrieving the scopes from the currently logged in user and comparing them with the passed scopes.
      Parameters:
      scopes - - Scopes for which the protected resource access is performed.
      Returns:
      true - Resource access request is successful. This means that all scopes passed as an input parameter were granted to the currently logged in user.

      false - Resource access request fails.

      Throws:
      OAuthSystemException - In case of communication errors between the OAuth Resource Server and the Authorization Server.