public abstract class AbstractAuthorizationCodeCallbackServlet
extends javax.servlet.http.HttpServlet
This is designed to simplify the flow in which an end-user authorizes your web application to
access their protected data. The main servlet class extends AbstractAuthorizationCodeServlet
which if the end-user credentials are not found, will redirect
the end-user to an authorization page. If the end-user grants authorization, they will be
redirected to this servlet that extends AbstractAuthorizationCodeCallbackServlet
and the
onSuccess(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.google.api.client.auth.oauth2.Credential)
will be called. Similarly, if the end-user grants authorization, they will be
redirected to this servlet and onError(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.google.api.client.auth.oauth2.AuthorizationCodeResponseUrl)
will be called.
Sample usage:
public class ServletCallbackSample extends AbstractAuthorizationCodeCallbackServlet { @Override protected void onSuccess(HttpServletRequest req, HttpServletResponse resp, Credential credential) throws ServletException, IOException { resp.sendRedirect("/"); } @Override protected void onError( HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse) throws ServletException, IOException { // handle error } @Override protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException { GenericUrl url = new GenericUrl(req.getRequestURL().toString()); url.setRawPath("/oauth2callback"); return url.build(); } @Override protected AuthorizationCodeFlow initializeFlow() throws IOException { return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(), new NetHttpTransport(), new GsonFactory(), new GenericUrl("https://server.example.com/token"), new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"), "s6BhdRkqt3", "https://server.example.com/authorize").setCredentialStore( new JdoCredentialStore(JDOHelper.getPersistenceManagerFactory("transactions-optional"))) .build(); } @Override protected String getUserId(HttpServletRequest req) throws ServletException, IOException { // return user ID } }
Constructor and Description |
---|
AbstractAuthorizationCodeCallbackServlet() |
Modifier and Type | Method and Description |
---|---|
protected void |
doGet(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp) |
protected abstract String |
getRedirectUri(javax.servlet.http.HttpServletRequest req)
Returns the redirect URI for the given HTTP servlet request.
|
protected abstract String |
getUserId(javax.servlet.http.HttpServletRequest req)
Returns the user ID for the given HTTP servlet request.
|
protected abstract AuthorizationCodeFlow |
initializeFlow()
Loads the authorization code flow to be used across all HTTP servlet requests (only called
during the first HTTP servlet request with an authorization code).
|
protected void |
onError(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp,
AuthorizationCodeResponseUrl errorResponse)
Handles an error to the authorization, such as when an end user denies authorization.
|
protected void |
onSuccess(javax.servlet.http.HttpServletRequest req,
javax.servlet.http.HttpServletResponse resp,
Credential credential)
Handles a successfully granted authorization.
|
doDelete, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service, service
public AbstractAuthorizationCodeCallbackServlet()
protected final void doGet(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp) throws javax.servlet.ServletException, IOException
doGet
in class javax.servlet.http.HttpServlet
javax.servlet.ServletException
IOException
protected abstract AuthorizationCodeFlow initializeFlow() throws javax.servlet.ServletException, IOException
javax.servlet.ServletException
IOException
protected abstract String getRedirectUri(javax.servlet.http.HttpServletRequest req) throws javax.servlet.ServletException, IOException
javax.servlet.ServletException
IOException
protected abstract String getUserId(javax.servlet.http.HttpServletRequest req) throws javax.servlet.ServletException, IOException
javax.servlet.ServletException
IOException
protected void onSuccess(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, Credential credential) throws javax.servlet.ServletException, IOException
Default implementation is to do nothing, but subclasses should override and implement. Sample implementation:
resp.sendRedirect("/granted");
req
- HTTP servlet requestresp
- HTTP servlet responsecredential
- credentialjavax.servlet.ServletException
- HTTP servlet exceptionIOException
- some I/O exceptionprotected void onError(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse) throws javax.servlet.ServletException, IOException
Default implementation is to do nothing, but subclasses should override and implement. Sample implementation:
resp.sendRedirect("/denied");
req
- HTTP servlet requestresp
- HTTP servlet responseerrorResponse
- error response (AuthorizationCodeResponseUrl.getError()
is not
null
)javax.servlet.ServletException
- HTTP servlet exceptionIOException
- some I/O exceptionCopyright © 2011–2021 Google. All rights reserved.