public abstract class AbstractAuthorizationCodeServlet
extends javax.servlet.http.HttpServlet
This is designed to simplify the flow in which an end-user authorizes your web application to
access their protected data. Your application then has access to their data based on an access
token and a refresh token to refresh that access token when it expires. Your main servlet class
should extend AbstractAuthorizationCodeServlet
and implement the abstract methods. To get
the persisted credential associated with the current request, call getCredential()
. It
is assumed that the end-user is authenticated by some external means by which a user ID is
obtained. This user ID is used as the primary key for persisting the end-user credentials, and
passed in via getUserId(HttpServletRequest)
. The first time an end-user arrives at your
servlet, they will be redirected in the browser to an authorization page. Next, they will be
redirected back to your site at the redirect URI selected in
getRedirectUri(HttpServletRequest)
. The servlet to process that should extend
AbstractAuthorizationCodeCallbackServlet
, which should redirect back to this servlet on
success.
Although this implementation is thread-safe, it can only process one request at a time. For a
more performance-critical multi-threaded web application, instead use
AuthorizationCodeFlow
directly.
Sample usage:
public class ServletSample extends AbstractAuthorizationCodeServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { // do stuff } @Override protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException { GenericUrl url = new GenericUrl(req.getRequestURL().toString()); url.setRawPath("/oauth2callback"); return url.build(); } @Override protected AuthorizationCodeFlow initializeFlow() throws IOException { return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(), new NetHttpTransport(), new JacksonFactory(), new GenericUrl("https://server.example.com/token"), new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"), "s6BhdRkqt3", "https://server.example.com/authorize").setCredentialStore( new JdoCredentialStore(JDOHelper.getPersistenceManagerFactory("transactions-optional"))) .build(); } @Override protected String getUserId(HttpServletRequest req) throws ServletException, IOException { // return user ID } }
Constructor and Description |
---|
AbstractAuthorizationCodeServlet() |
Modifier and Type | Method and Description |
---|---|
protected Credential |
getCredential()
Return the persisted credential associated with the current request or
null for none. |
protected abstract String |
getRedirectUri(javax.servlet.http.HttpServletRequest req)
Returns the redirect URI for the given HTTP servlet request.
|
protected abstract String |
getUserId(javax.servlet.http.HttpServletRequest req)
Returns the user ID for the given HTTP servlet request.
|
protected abstract AuthorizationCodeFlow |
initializeFlow()
Loads the authorization code flow to be used across all HTTP servlet requests (only called
during the first HTTP servlet request).
|
protected void |
onAuthorization(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp,
AuthorizationCodeRequestUrl authorizationUrl)
Handles user authorization by redirecting to the OAuth 2.0 authorization server.
|
protected void |
service(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp) |
doDelete, doGet, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service
protected void service(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp) throws IOException, javax.servlet.ServletException
service
in class javax.servlet.http.HttpServlet
IOException
javax.servlet.ServletException
protected abstract AuthorizationCodeFlow initializeFlow() throws javax.servlet.ServletException, IOException
javax.servlet.ServletException
IOException
protected abstract String getRedirectUri(javax.servlet.http.HttpServletRequest req) throws javax.servlet.ServletException, IOException
javax.servlet.ServletException
IOException
protected abstract String getUserId(javax.servlet.http.HttpServletRequest req) throws javax.servlet.ServletException, IOException
javax.servlet.ServletException
IOException
protected final Credential getCredential()
null
for none.protected void onAuthorization(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, AuthorizationCodeRequestUrl authorizationUrl) throws javax.servlet.ServletException, IOException
Default implementation is to call resp.sendRedirect(authorizationUrl.build())
.
Subclasses may override to provide optional parameters such as the recommended state parameter.
Sample implementation:
@Override protected void onAuthorization(HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeRequestUrl authorizationUrl) throws ServletException, IOException { authorizationUrl.setState("xyz"); super.onAuthorization(req, resp, authorizationUrl); }
authorizationUrl
- authorization code request URLreq
- HTTP servlet requestjavax.servlet.ServletException
- servlet exceptionIOException
Copyright © 2011–2019 Google. All rights reserved.