Class OAuth2ResourceServerFilterHeaplet
- java.lang.Object
-
- org.forgerock.openig.heap.GenericHeaplet
-
- org.forgerock.openig.filter.oauth2.OAuth2ResourceServerFilterHeaplet
-
- All Implemented Interfaces:
Heaplet
public class OAuth2ResourceServerFilterHeaplet extends GenericHeaplet
Validates aRequest
that contains an OAuth 2.0 access token.This filter expects an OAuth 2.0 token to be available in the HTTP Authorization header:
It extracts the token and validates it against the specified access token resolver.Authorization: Bearer 1fc0e143-f248-4e50-9c13-1d710360cec9
{ "type": "OAuth2ResourceServerFilter", "config": { "scopes" : [ expression, ... ], [REQUIRED - the list of OAuth2 scopes.] "accessTokenResolver" : resolver, [REQUIRED] "requireHttps" : boolean, [OPTIONAL - control if this filter only accepts requests targeting the HTTPS scheme. By default, it is enabled (only URI starting with {@literal https://...} will be accepted, an Exception is thrown otherwise).] "realm" : string, [OPTIONAL - specifies the name of the realm used in the authentication challenges returned back to the client in case of errors. Defaults to 'OpenIG'.] "executor" : executor, [OPTIONAL - by default uses the 'ScheduledThreadPool' heap object.] "cache" : object, [OPTIONAL - cache configuration. Default is no caching.] "enabled" : boolean, [OPTIONAL - default to false. Enable for the caching of access tokens.] "defaultTimeout" : duration, [OPTIONAL - default to 1 minute. If no valid expiry value is provided by the access token, we'll cache it during that duration.] "maxTimeout" : duration, [OPTIONAL - if a value is provided by the access token but is greater that this value then we'll use that value. ("zero" and "unlimited" are not acceptable values).] "amService" : AmService [OPTIONAL - enables the additional features of the AM token notification service to keep the cache in a consistent state. Only makes sense when working with AM and using a token resolver endpoint that provides the necessary metadata required by the cache. "onNotificationDisconnection": enum [OPTIONAL - what to do if AM goes offline: NEVER_CLEAR, CLEAR_ON_DISCONNECT, CLEAR_ON_RECONNECT. Default is: CLEAR_ON_DISCONNECT.] } }
{ "name": "ProtectedResourceFilter", "type": "OAuth2ResourceServerFilter", "config": { "scopes": [ "email", "profile" ], "requireHttps": false, "realm": "Informative realm name", "accessTokenResolver" : "ForgeRock Authorisation Server" } }
-
-
Constructor Summary
Constructors Constructor Description OAuth2ResourceServerFilterHeaplet()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Object
create()
Called to request the heaplet create an object.-
Methods inherited from class org.forgerock.openig.heap.GenericHeaplet
create, destroy, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getSecretService, getType, meterRegistryHolder, start
-
-
-
-
Method Detail
-
create
public Object create() throws HeapException
Description copied from class:GenericHeaplet
Called to request the heaplet create an object. Called byHeaplet.create(Name, JsonValue, Heap)
after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by theGenericHeaplet.start()
method.- Specified by:
create
in classGenericHeaplet
- Returns:
- The created object.
- Throws:
HeapException
- if an exception occurred during creation of the heap object or any of its dependencies.
-
-