Package org.forgerock.http.filter

Class Filters

  • public final class Filters
extends Object
    Utility methods for creating common types of filters.

    • Method Detail

      • newOptionsFilter

        public static Filter newOptionsFilter​(String... allowedMethods)
        Creates a Filter which handles HTTP OPTIONS method requests.
        Parameters:
        allowedMethods - The allowed HTTP methods of the endpoint.
        Returns:
        A Filter.

      • newAsyncSessionFilter

        public static Filter newAsyncSessionFilter​(AsyncSessionManager sessionManager)
        Creates a session Filter that will use the provided AsyncSessionManager to manage the users session.
        Parameters:
        sessionManager - The AsyncSessionManager.
        Returns:
        A session Filter.

      • requestCopyFilter

        public static Filter requestCopyFilter()
        Creates a Filter which creates a defensive copy of the Request - on which the chain of execution will be based on. At the end of the chain of execution, the request copy will be closed.
        Returns:
        A RequestCopyFilter.

      • conditionalFilter

        public static Filter conditionalFilter​(Filter delegate,
                                       BiPredicate<Context,​Request> condition)
        Create a Filter decorator that only delegates to the decorated filter if the supplied predicate returns true.
        Parameters:
        delegate - Filter to delegate to
        condition - predicate to evaluate
        Returns:
        the decorated Filter

      • newHttpBasicAuthenticationFilter

        public static Filter newHttpBasicAuthenticationFilter​(String username,
                                                      SecretReference<GenericSecret> password)
        Creates an authentication Filter that put a Basic Authorization header in the request. It encodes the credentials using StandardCharsets.UTF_8.
        Parameters:
        username - the username to use for the credentials (must not be null).
        password - a reference to the password to use for the credentials (must not be null).
        Returns:
        A basic auth Filter.
        See Also:
        RFC-2617, RFC-7617

      • newHttpBasicAuthenticationFilter

        public static Filter newHttpBasicAuthenticationFilter​(String username,
                                                      SecretReference<GenericSecret> password,
                                                      Charset charset)
        Creates an authentication Filter that put a Basic Authorization header in the request.
        Parameters:
        username - the username to use for the credentials (must not be null).
        password - a reference to the password to use for the credentials (must not be null).
        charset - the charset to use for encoding credentials (must not be null).
        Returns:
        A basic auth Filter.
        See Also:
        RFC-2617, RFC-7617

      • newUrlEncodedHttpBasicAuthFilter

        public static Filter newUrlEncodedHttpBasicAuthFilter​(String username,
                                                      SecretReference<GenericSecret> password)
        Creates an authentication Filter that put a Basic Authorization header in the request. The username and password are individually URL-encoded prior to being combined, as per OAuth 2 client secret authentication.
        Parameters:
        username - the username to use for the credentials (must not be null).
        password - a reference to the password to use for the credentials (must not be null).
        Returns:
        A basic auth Filter.
        See Also:
        RFC-2617, RFC-7617

      • newBearerTokenAuthFilter

        public static Filter newBearerTokenAuthFilter​(SecretReference<GenericSecret> tokenReference)
        Creates an authentication Filter that puts a Bearer Authorization header in the request. If an invalid_token error response is returned from the request, and the request is idempotent then a new bearer token will be requested from the tokenReference and the request automatically retried.
        Parameters:
        tokenReference - a reference to the bearer token (must not be null).
        Returns:
        A bearer auth Filter.
        See Also:
        RFC-6750

      • newBearerTokenAuthFilterWithoutRetry

        public static Filter newBearerTokenAuthFilterWithoutRetry​(SecretReference<GenericSecret> tokenReference)
        Creates an authentication Filter that puts a Bearer Authorization header in the request. If an invalid_token error response is returned from the request then the failure response is returned immediately without retrying the request with a fresh token.
        Parameters:
        tokenReference - a reference to the bearer token (must not be null).
        Returns:
        A bearer auth Filter.
        See Also:
        RFC-6750

      • newCsrfFilter

        public static CsrfFilter.Builder newCsrfFilter​(String cookieName)
        Creates a filter that protects against cross-site request forgery (CSRF) attacks when using cookies for authentication. The filter requires that all requests using the cookie are accompanied by a custom header containing an anti-CSRF token. The anti-CSRF token is cryptographically bound to the cookie value.
        Parameters:
        cookieName - the name of the cookie used for authentication.
        Returns:
        a builder to configure the CSRF filter.

      • newDefaultCsrfFilter

        public static Filter newDefaultCsrfFilter​(String cookieName)
        Creates a filter that protects against cross-site request forgery (CSRF) attacks when using cookies for authentication. The filter requires that all requests using the cookie are accompanied by a custom header containing an anti-CSRF token. The anti-CSRF token is cryptographically bound to the cookie value. This method constructs the CSRF filter with a default header name of "X-CSRF-Token". The safe HTTP methods (GET, HEAD, OPTIONS) will be excluded from the filter returned by this method.
        Parameters:
        cookieName - the name of the cookie used for authentication.
        Returns:
        a CSRF filter with default configuration options.

      • chainOf

        public static Filter chainOf​(Filter... filters)
        Creates a Filter which encapsulates the provided filters into a single Filter.
        Parameters:
        filters - The list of filters to be invoked, in order.
        Returns:
        A Filter.
        See Also:
        chainOf(List)

      • chainOf

        public static Filter chainOf​(List<Filter> filters)
        Creates a Filter which encapsulates the provided filters into a single Filter.
        Parameters:
        filters - The list of filters to be invoked, in order.
        Returns:
        A Filter.
        See Also:
        chainOf(Filter...)