Package org.forgerock.http.filter
Class Filters
java.lang.Object
org.forgerock.http.filter.Filters
Utility methods for creating common types of filters.
-
Method Summary
Modifier and TypeMethodDescriptionstatic Filter
Creates aFilter
which encapsulates the provided filters into a singleFilter
.static Filter
Creates aFilter
which encapsulates the provided filters into a singleFilter
.static Filter
conditionalFilter
(Filter delegate, BiPredicate<Context, Request> condition) Create a Filter decorator that only delegates to the decorated filter if the supplied predicate returns true.static BiPredicate<Context,
Request> matchRequestUriPath
(String regex) Returns aBiPredicate
which will only match requests whose URI path matches the provided regular expression.static BiPredicate<Context,
Request> matchRequestUriPath
(Pattern regex) Returns aBiPredicate
which will only match requests whose URI path matches the provided regular expression.static Filter
newAsyncSessionFilter
(AsyncSessionManager sessionManager) Creates a sessionFilter
that will use the providedAsyncSessionManager
to manage the users session.static Filter
newBearerTokenAuthFilter
(SecretReference<GenericSecret> tokenReference) Creates an authenticationFilter
that puts a Bearer Authorization header in the request.static Filter
newBearerTokenAuthFilterWithoutRetry
(SecretReference<GenericSecret> tokenReference) Creates an authenticationFilter
that puts a Bearer Authorization header in the request.static CsrfFilter.Builder
newCsrfFilter
(String cookieName) Creates a filter that protects against cross-site request forgery (CSRF) attacks when using cookies for authentication.static Filter
newDefaultCsrfFilter
(String cookieName) Creates a filter that protects against cross-site request forgery (CSRF) attacks when using cookies for authentication.static Filter
newHttpBasicAuthenticationFilter
(String username, SecretReference<GenericSecret> password) Deprecated, for removal: This API element is subject to removal in a future version.static Filter
newHttpBasicAuthenticationFilter
(String username, SecretReference<GenericSecret> password, Charset charset) Deprecated, for removal: This API element is subject to removal in a future version.static Filter
newHttpBasicAuthenticationFilter
(CredentialPair<GenericSecret> credentialPair) Creates an authenticationFilter
that puts a Basic Authorization header in the request.static Filter
newHttpBasicAuthenticationFilter
(CredentialPair<GenericSecret> credentialPair, Charset charset) Creates an authenticationFilter
that puts a Basic Authorization header in the request.static Filter
newOptionsFilter
(String... allowedMethods) Creates aFilter
which handles HTTP OPTIONS method requests.static Filter
newSessionFilter
(SessionManager sessionManager) Deprecated.static Filter
newUrlEncodedHttpBasicAuthFilter
(String username, SecretReference<GenericSecret> password) Deprecated, for removal: This API element is subject to removal in a future version.usenewUrlEncodedHttpBasicAuthFilter(CredentialPair)
insteadstatic Filter
newUrlEncodedHttpBasicAuthFilter
(CredentialPair<GenericSecret> credentialPair) Creates an authenticationFilter
that put a Basic Authorization header in the request.static Filter
-
Method Details
-
newOptionsFilter
Creates aFilter
which handles HTTP OPTIONS method requests.- Parameters:
allowedMethods
- The allowed HTTP methods of the endpoint.- Returns:
- A
Filter
.
-
newSessionFilter
Deprecated.Creates a sessionFilter
that will use the providedSessionManager
to manage the users session.- Parameters:
sessionManager
- TheSessionManager
.- Returns:
- A session
Filter
. - See Also:
-
newAsyncSessionFilter
Creates a sessionFilter
that will use the providedAsyncSessionManager
to manage the users session.- Parameters:
sessionManager
- TheAsyncSessionManager
.- Returns:
- A session
Filter
.
-
requestCopyFilter
Creates aFilter
which creates a defensive copy of theRequest
- on which the chain of execution will be based on. At the end of the chain of execution, the request copy will be closed.- Returns:
- A
RequestCopyFilter
.
-
conditionalFilter
Create a Filter decorator that only delegates to the decorated filter if the supplied predicate returns true.- Parameters:
delegate
- Filter to delegate tocondition
- predicate to evaluate- Returns:
- the decorated Filter
-
matchRequestUriPath
Returns aBiPredicate
which will only match requests whose URI path matches the provided regular expression.- Parameters:
regex
- the regular expression which must match a request's uri- Returns:
- the filter condition as a BiPredicate
- See Also:
-
matchRequestUriPath
Returns aBiPredicate
which will only match requests whose URI path matches the provided regular expression.- Parameters:
regex
- the regular expression which must match a request's uri- Returns:
- the filter condition as a BiPredicate
- See Also:
-
newHttpBasicAuthenticationFilter
@Deprecated(since="26.5.0", forRemoval=true) public static Filter newHttpBasicAuthenticationFilter(String username, SecretReference<GenericSecret> password) Deprecated, for removal: This API element is subject to removal in a future version.usenewHttpBasicAuthenticationFilter(CredentialPair)
insteadCreates an authenticationFilter
that puts a Basic Authorization header in the request. It encodes the credentials usingStandardCharsets.UTF_8
. -
newHttpBasicAuthenticationFilter
Creates an authenticationFilter
that puts a Basic Authorization header in the request. It encodes the credentials usingStandardCharsets.UTF_8
. -
newHttpBasicAuthenticationFilter
@Deprecated(since="26.5.0", forRemoval=true) public static Filter newHttpBasicAuthenticationFilter(String username, SecretReference<GenericSecret> password, Charset charset) Deprecated, for removal: This API element is subject to removal in a future version.Creates an authenticationFilter
that puts a Basic Authorization header in the request.- Parameters:
username
- the username to use for the credentials (must not benull
).password
- a reference to the password to use for the credentials (must not benull
).charset
- the charset to use for encoding credentials (must not benull
).- Returns:
- A basic auth
Filter
. - See Also:
-
newHttpBasicAuthenticationFilter
public static Filter newHttpBasicAuthenticationFilter(CredentialPair<GenericSecret> credentialPair, Charset charset) Creates an authenticationFilter
that puts a Basic Authorization header in the request. -
newUrlEncodedHttpBasicAuthFilter
@Deprecated(since="26.5.0", forRemoval=true) public static Filter newUrlEncodedHttpBasicAuthFilter(String username, SecretReference<GenericSecret> password) Deprecated, for removal: This API element is subject to removal in a future version.usenewUrlEncodedHttpBasicAuthFilter(CredentialPair)
insteadCreates an authenticationFilter
that put a Basic Authorization header in the request. The username and password are individually URL-encoded prior to being combined, as per OAuth 2 client secret authentication. -
newUrlEncodedHttpBasicAuthFilter
Creates an authenticationFilter
that put a Basic Authorization header in the request. The username and password are individually URL-encoded prior to being combined, as per OAuth 2 client secret authentication. -
newBearerTokenAuthFilter
Creates an authenticationFilter
that puts a Bearer Authorization header in the request. If an invalid_token error response is returned from the request, and the request is idempotent then a new bearer token will be requested from thetokenReference
and the request automatically retried.- Parameters:
tokenReference
- a reference to the bearer token (must not benull
).- Returns:
- A bearer auth
Filter
. - See Also:
-
newBearerTokenAuthFilterWithoutRetry
public static Filter newBearerTokenAuthFilterWithoutRetry(SecretReference<GenericSecret> tokenReference) Creates an authenticationFilter
that puts a Bearer Authorization header in the request. If an invalid_token error response is returned from the request then the failure response is returned immediately without retrying the request with a fresh token.- Parameters:
tokenReference
- a reference to the bearer token (must not benull
).- Returns:
- A bearer auth
Filter
. - See Also:
-
newCsrfFilter
Creates a filter that protects against cross-site request forgery (CSRF) attacks when using cookies for authentication. The filter requires that all requests using the cookie are accompanied by a custom header containing an anti-CSRF token. The anti-CSRF token is cryptographically bound to the cookie value.- Parameters:
cookieName
- the name of the cookie used for authentication.- Returns:
- a builder to configure the CSRF filter.
-
newDefaultCsrfFilter
Creates a filter that protects against cross-site request forgery (CSRF) attacks when using cookies for authentication. The filter requires that all requests using the cookie are accompanied by a custom header containing an anti-CSRF token. The anti-CSRF token is cryptographically bound to the cookie value. This method constructs the CSRF filter with a default header name of "X-CSRF-Token". The safe HTTP methods (GET, HEAD, OPTIONS) will be excluded from the filter returned by this method.- Parameters:
cookieName
- the name of the cookie used for authentication.- Returns:
- a CSRF filter with default configuration options.
-
chainOf
Creates aFilter
which encapsulates the provided filters into a singleFilter
.- Parameters:
filters
- The list of filters to be invoked, in order.- Returns:
- A
Filter
. - See Also:
-
chainOf
Creates aFilter
which encapsulates the provided filters into a singleFilter
.- Parameters:
filters
- The list of filters to be invoked, in order.- Returns:
- A
Filter
. - See Also:
-
newHttpBasicAuthenticationFilter(CredentialPair)
instead