com.google.api.client.extensions.servlet.auth.oauth2

Class AbstractAuthorizationCodeCallbackServlet

java.lang.Object

javax.servlet.GenericServlet

javax.servlet.http.HttpServlet

com.google.api.client.extensions.servlet.auth.oauth2.AbstractAuthorizationCodeCallbackServlet

All Implemented Interfaces:

Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

Direct Known Subclasses:

AbstractAppEngineAuthorizationCodeCallbackServlet

public abstract class AbstractAuthorizationCodeCallbackServlet
extends javax.servlet.http.HttpServlet

Thread-safe OAuth 2.0 authorization code callback servlet to process the authorization code or error response from authorization page redirect.

This is designed to simplify the flow in which an end-user authorizes your web application to access their protected data. The main servlet class extends AbstractAuthorizationCodeServlet which if the end-user credentials are not found, will redirect the end-user to an authorization page. If the end-user grants authorization, they will be redirected to this servlet that extends AbstractAuthorizationCodeCallbackServlet and the onSuccess(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.google.api.client.auth.oauth2.Credential) will be called. Similarly, if the end-user grants authorization, they will be redirected to this servlet and onError(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.google.api.client.auth.oauth2.AuthorizationCodeResponseUrl) will be called.

Sample usage:

 public class ServletCallbackSample extends AbstractAuthorizationCodeCallbackServlet {

 @Override
 protected void onSuccess(HttpServletRequest req, HttpServletResponse resp, Credential credential)
 throws ServletException, IOException {
 resp.sendRedirect("/");
 }

 @Override
 protected void onError(
 HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse)
 throws ServletException, IOException {
 // handle error
 }

 @Override
 protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException {
 GenericUrl url = new GenericUrl(req.getRequestURL().toString());
 url.setRawPath("/oauth2callback");
 return url.build();
 }

 @Override
 protected AuthorizationCodeFlow initializeFlow() throws IOException {
 return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),
 new NetHttpTransport(),
 new GsonFactory(),
 new GenericUrl("https://server.example.com/token"),
 new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"),
 "s6BhdRkqt3",
 "https://server.example.com/authorize").setCredentialStore(
 new JdoCredentialStore(JDOHelper.getPersistenceManagerFactory("transactions-optional")))
 .build();
 }

 @Override
 protected String getUserId(HttpServletRequest req) throws ServletException, IOException {
 // return user ID
 }
 }
 

Since:

1.7

Author:

Yaniv Inbar

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
AbstractAuthorizationCodeCallbackServlet()

Method Summary

Modifier and Type	Method and Description
protected void	doGet(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
protected abstract String	getRedirectUri(javax.servlet.http.HttpServletRequest req) Returns the redirect URI for the given HTTP servlet request.
protected abstract String	getUserId(javax.servlet.http.HttpServletRequest req) Returns the user ID for the given HTTP servlet request.
protected abstract AuthorizationCodeFlow	initializeFlow() Loads the authorization code flow to be used across all HTTP servlet requests (only called during the first HTTP servlet request with an authorization code).
protected void	onError(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse) Handles an error to the authorization, such as when an end user denies authorization.
protected void	onSuccess(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, Credential credential) Handles a successfully granted authorization.

Methods inherited from class javax.servlet.http.HttpServlet

doDelete, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service, service

Methods inherited from class javax.servlet.GenericServlet

destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, init, log, log

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbstractAuthorizationCodeCallbackServlet

public AbstractAuthorizationCodeCallbackServlet()

Method Detail

doGet

protected final void doGet(javax.servlet.http.HttpServletRequest req,
                           javax.servlet.http.HttpServletResponse resp)
                    throws javax.servlet.ServletException,
                           IOException

Overrides:

doGet in class javax.servlet.http.HttpServlet

Throws:

javax.servlet.ServletException

IOException

initializeFlow

protected abstract AuthorizationCodeFlow initializeFlow()
                                                 throws javax.servlet.ServletException,
                                                        IOException

Loads the authorization code flow to be used across all HTTP servlet requests (only called during the first HTTP servlet request with an authorization code).

Throws:

javax.servlet.ServletException

IOException

getRedirectUri

protected abstract String getRedirectUri(javax.servlet.http.HttpServletRequest req)
                                  throws javax.servlet.ServletException,
                                         IOException

Returns the redirect URI for the given HTTP servlet request.

Throws:

javax.servlet.ServletException

IOException

getUserId

protected abstract String getUserId(javax.servlet.http.HttpServletRequest req)
                             throws javax.servlet.ServletException,
                                    IOException

Returns the user ID for the given HTTP servlet request. This identifies your application's user and is used to assign and persist credentials to that user. Most commonly, this will be a user id stored in the session or even the session id itself.

Throws:

javax.servlet.ServletException

IOException

onSuccess

protected void onSuccess(javax.servlet.http.HttpServletRequest req,
                         javax.servlet.http.HttpServletResponse resp,
                         Credential credential)
                  throws javax.servlet.ServletException,
                         IOException

Handles a successfully granted authorization.

Default implementation is to do nothing, but subclasses should override and implement. Sample implementation:

 resp.sendRedirect("/granted");
 

Parameters:

req - HTTP servlet request

resp - HTTP servlet response

credential - credential

Throws:

javax.servlet.ServletException - HTTP servlet exception

IOException - some I/O exception

onError

protected void onError(javax.servlet.http.HttpServletRequest req,
                       javax.servlet.http.HttpServletResponse resp,
                       AuthorizationCodeResponseUrl errorResponse)
                throws javax.servlet.ServletException,
                       IOException

Handles an error to the authorization, such as when an end user denies authorization.

Default implementation is to do nothing, but subclasses should override and implement. Sample implementation:

 resp.sendRedirect("/denied");
 

Parameters:

req - HTTP servlet request

resp - HTTP servlet response

errorResponse - error response (AuthorizationCodeResponseUrl.getError() is not null)

Throws:

javax.servlet.ServletException - HTTP servlet exception

IOException - some I/O exception