Package org.forgerock.opendj.rest2ldap.authz

Class Authorization

  • public final class Authorization
extends Object
    Factory methods to create Filter performing authentication and authorizations.

    • Method Detail

      • newAuthorizationFilter

        public static org.forgerock.http.Filter newAuthorizationFilter​(Iterable<? extends ConditionalFilters.ConditionalFilter> filters)
        Creates a new Filter in charge of injecting an LdapClientContext. This Filter tries each of the provided filters until one can apply. If no filter can be applied, the last filter in the list will be applied allowing it to formulate a valid, implementation specific, error response.
        Parameters:
        filters - Iterable of authorization ConditionalFilters to try. If empty, the returned filter will always respond with 403 Forbidden.
        Returns:
        A new authorization Filter

      • newProxyAuthorizationFilter

        public static org.forgerock.http.Filter newProxyAuthorizationFilter​(LdapClient ldapClient)
        Creates a filter injecting an LdapClientContext given the information provided in the SecurityContext. The connection contained in the created LdapClientContext will add a ProxiedAuthV2RequestControl to each LDAP requests.
        Parameters:
        ldapClient - The ldap client used to create the connection which will be injected in the LdapClientContext
        Returns:
        A new filter.
        Throws:
        NullPointerException - if connectionFactory is null

      • newTokenIntrospectionAccessTokenResolver

        public static org.forgerock.http.oauth2.AccessTokenResolver newTokenIntrospectionAccessTokenResolver​(org.forgerock.http.Handler httpClient,
                                                                                                     URI introspectionEndPointURL)
        Creates a new RFC 7662 compliant AccessTokenResolver.

        Parameters:
        httpClient - Http client handler used to perform the request
        introspectionEndPointURL - Introspect endpoint URL to use to resolve the access token.
        Returns:
        A new AccessTokenResolver instance.
        See Also:
        RFC-7662

      • newCtsAccessTokenResolver

        public static org.forgerock.http.oauth2.AccessTokenResolver newCtsAccessTokenResolver​(LdapClient ldapClient,
                                                                                      String ctsBaseDNTemplate)
        Creates a new CTS access token resolver.
        Parameters:
        ldapClient - The LdapClient to use to perform search against the CTS.
        ctsBaseDNTemplate - The base DN template to use to resolve the access token DN.
        Returns:
        A new CTS access token resolver.

      • newFileAccessTokenResolver

        public static org.forgerock.http.oauth2.AccessTokenResolver newFileAccessTokenResolver​(Path tokenFolder)
        Creates a new file access token resolver which should only be used for test purpose.
        Parameters:
        tokenFolder - The folder where the access token to resolve must be stored.
        Returns:
        A new file access token resolver which should only be used for test purpose.

      • newOAuth2ResourceServerFilter

        public static org.forgerock.http.Filter newOAuth2ResourceServerFilter​(String realm,
                                                                      Set<String> scopes,
                                                                      org.forgerock.http.oauth2.AccessTokenResolver resolver,
                                                                      String authzIdTemplate)
        Creates a new OAuth2 authorization filter configured with provided parameters.
        Parameters:
        realm - The realm to displays in error responses.
        scopes - Scopes that an access token must have to be access a resource.
        resolver - The AccessTokenResolver to use to resolve an access token.
        authzIdTemplate - Authorization ID template.
        Returns:
        A new OAuth2 authorization filter configured with provided parameters.

      • newConditionalOAuth2ResourceServerFilter

        public static ConditionalFilters.ConditionalFilter newConditionalOAuth2ResourceServerFilter​(String realm,
                                                                                            Set<String> scopes,
                                                                                            org.forgerock.http.oauth2.AccessTokenResolver resolver,
                                                                                            String authzIdTemplate)
        Creates a new optional OAuth2 authorization filter configured with provided parameters.

        This filter will be used only if an OAuth2 Authorization header is present in the incoming request.

        Parameters:
        realm - The realm to displays in error responses.
        scopes - Scopes that an access token must have to be access a resource.
        resolver - The AccessTokenResolver to use to resolve an access token.
        authzIdTemplate - Authorization ID template.
        Returns:
        A new OAuth2 authorization filter configured with provided parameters.