Class Filters

java.lang.Object
org.forgerock.http.filter.Filters

public final class Filters extends Object
Utility methods for creating common types of filters.
  • Method Details

    • newOptionsFilter

      public static Filter newOptionsFilter(String... allowedMethods)
      Creates a Filter which handles HTTP OPTIONS method requests.
      Parameters:
      allowedMethods - The allowed HTTP methods of the endpoint.
      Returns:
      A Filter.
    • newSessionFilter

      @Deprecated public static Filter newSessionFilter(SessionManager sessionManager)
      Deprecated.
      Creates a session Filter that will use the provided SessionManager to manage the users session.
      Parameters:
      sessionManager - The SessionManager.
      Returns:
      A session Filter.
      See Also:
    • newAsyncSessionFilter

      public static Filter newAsyncSessionFilter(AsyncSessionManager sessionManager)
      Creates a session Filter that will use the provided AsyncSessionManager to manage the users session.
      Parameters:
      sessionManager - The AsyncSessionManager.
      Returns:
      A session Filter.
    • requestCopyFilter

      public static Filter requestCopyFilter()
      Creates a Filter which creates a defensive copy of the Request - on which the chain of execution will be based on. At the end of the chain of execution, the request copy will be closed.
      Returns:
      A RequestCopyFilter.
    • conditionalFilter

      public static Filter conditionalFilter(Filter delegate, BiPredicate<Context,Request> condition)
      Create a Filter decorator that only delegates to the decorated filter if the supplied predicate returns true.
      Parameters:
      delegate - Filter to delegate to
      condition - predicate to evaluate
      Returns:
      the decorated Filter
    • matchRequestUriPath

      public static BiPredicate<Context,Request> matchRequestUriPath(Pattern regex)
      Returns a BiPredicate which will only match requests whose URI path matches the provided regular expression.
      Parameters:
      regex - the regular expression which must match a request's uri
      Returns:
      the filter condition as a BiPredicate
      See Also:
    • matchRequestUriPath

      public static BiPredicate<Context,Request> matchRequestUriPath(String regex)
      Returns a BiPredicate which will only match requests whose URI path matches the provided regular expression.
      Parameters:
      regex - the regular expression which must match a request's uri
      Returns:
      the filter condition as a BiPredicate
      See Also:
    • newHttpBasicAuthenticationFilter

      @Deprecated(since="26.5.0", forRemoval=true) public static Filter newHttpBasicAuthenticationFilter(String username, SecretReference<GenericSecret> password)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Creates an authentication Filter that puts a Basic Authorization header in the request. It encodes the credentials using StandardCharsets.UTF_8.
      Parameters:
      username - the username to use for the credentials (must not be null).
      password - a reference to the password to use for the credentials (must not be null).
      Returns:
      A basic auth Filter.
      See Also:
    • newHttpBasicAuthenticationFilter

      public static Filter newHttpBasicAuthenticationFilter(CredentialPair<GenericSecret> credentialPair)
      Creates an authentication Filter that puts a Basic Authorization header in the request. It encodes the credentials using StandardCharsets.UTF_8.
      Parameters:
      credentialPair - the credentials (must not be null).
      Returns:
      A basic auth Filter.
      See Also:
    • newHttpBasicAuthenticationFilter

      @Deprecated(since="26.5.0", forRemoval=true) public static Filter newHttpBasicAuthenticationFilter(String username, SecretReference<GenericSecret> password, Charset charset)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Creates an authentication Filter that puts a Basic Authorization header in the request.
      Parameters:
      username - the username to use for the credentials (must not be null).
      password - a reference to the password to use for the credentials (must not be null).
      charset - the charset to use for encoding credentials (must not be null).
      Returns:
      A basic auth Filter.
      See Also:
    • newHttpBasicAuthenticationFilter

      public static Filter newHttpBasicAuthenticationFilter(CredentialPair<GenericSecret> credentialPair, Charset charset)
      Creates an authentication Filter that puts a Basic Authorization header in the request.
      Parameters:
      credentialPair - the credentials (must not be null).
      charset - the charset to use for encoding credentials (must not be null).
      Returns:
      A basic auth Filter.
      See Also:
    • newUrlEncodedHttpBasicAuthFilter

      @Deprecated(since="26.5.0", forRemoval=true) public static Filter newUrlEncodedHttpBasicAuthFilter(String username, SecretReference<GenericSecret> password)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Creates an authentication Filter that put a Basic Authorization header in the request. The username and password are individually URL-encoded prior to being combined, as per OAuth 2 client secret authentication.
      Parameters:
      username - the username to use for the credentials (must not be null).
      password - a reference to the password to use for the credentials (must not be null).
      Returns:
      A basic auth Filter.
      See Also:
    • newUrlEncodedHttpBasicAuthFilter

      public static Filter newUrlEncodedHttpBasicAuthFilter(CredentialPair<GenericSecret> credentialPair)
      Creates an authentication Filter that put a Basic Authorization header in the request. The username and password are individually URL-encoded prior to being combined, as per OAuth 2 client secret authentication.
      Parameters:
      credentialPair - credentials used in the authentication (must not be null).
      Returns:
      A basic auth Filter.
      See Also:
    • newBearerTokenAuthFilter

      public static Filter newBearerTokenAuthFilter(SecretReference<GenericSecret> tokenReference)
      Creates an authentication Filter that puts a Bearer Authorization header in the request. If an invalid_token error response is returned from the request, and the request is idempotent then a new bearer token will be requested from the tokenReference and the request automatically retried.
      Parameters:
      tokenReference - a reference to the bearer token (must not be null).
      Returns:
      A bearer auth Filter.
      See Also:
    • newBearerTokenAuthFilterWithoutRetry

      public static Filter newBearerTokenAuthFilterWithoutRetry(SecretReference<GenericSecret> tokenReference)
      Creates an authentication Filter that puts a Bearer Authorization header in the request. If an invalid_token error response is returned from the request then the failure response is returned immediately without retrying the request with a fresh token.
      Parameters:
      tokenReference - a reference to the bearer token (must not be null).
      Returns:
      A bearer auth Filter.
      See Also:
    • newCsrfFilter

      public static CsrfFilter.Builder newCsrfFilter(String cookieName)
      Creates a filter that protects against cross-site request forgery (CSRF) attacks when using cookies for authentication. The filter requires that all requests using the cookie are accompanied by a custom header containing an anti-CSRF token. The anti-CSRF token is cryptographically bound to the cookie value.
      Parameters:
      cookieName - the name of the cookie used for authentication.
      Returns:
      a builder to configure the CSRF filter.
    • newDefaultCsrfFilter

      public static Filter newDefaultCsrfFilter(String cookieName)
      Creates a filter that protects against cross-site request forgery (CSRF) attacks when using cookies for authentication. The filter requires that all requests using the cookie are accompanied by a custom header containing an anti-CSRF token. The anti-CSRF token is cryptographically bound to the cookie value. This method constructs the CSRF filter with a default header name of "X-CSRF-Token". The safe HTTP methods (GET, HEAD, OPTIONS) will be excluded from the filter returned by this method.
      Parameters:
      cookieName - the name of the cookie used for authentication.
      Returns:
      a CSRF filter with default configuration options.
    • chainOf

      public static Filter chainOf(Filter... filters)
      Creates a Filter which encapsulates the provided filters into a single Filter.
      Parameters:
      filters - The list of filters to be invoked, in order.
      Returns:
      A Filter.
      See Also:
    • chainOf

      public static Filter chainOf(List<Filter> filters)
      Creates a Filter which encapsulates the provided filters into a single Filter.
      Parameters:
      filters - The list of filters to be invoked, in order.
      Returns:
      A Filter.
      See Also: