Class AbstractAuthorizationCodeCallbackServlet
- All Implemented Interfaces:
Serializable
,javax.servlet.Servlet
,javax.servlet.ServletConfig
This is designed to simplify the flow in which an end-user authorizes your web application to
access their protected data. The main servlet class extends
AbstractAuthorizationCodeServlet
which if the end-user credentials are not found, will
redirect the end-user to an authorization page. If the end-user grants authorization, they will
be redirected to this servlet that extends AbstractAuthorizationCodeCallbackServlet
and
the onSuccess(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.google.api.client.auth.oauth2.Credential)
will be called. Similarly, if the end-user grants authorization, they will
be redirected to this servlet and onError(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.google.api.client.auth.oauth2.AuthorizationCodeResponseUrl)
will be called.
Sample usage:
public class ServletCallbackSample extends AbstractAuthorizationCodeCallbackServlet { @Override protected void onSuccess(HttpServletRequest req, HttpServletResponse resp, Credential credential) throws ServletException, IOException { resp.sendRedirect("/"); } @Override protected void onError( HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse) throws ServletException, IOException { // handle error } @Override protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException { GenericUrl url = new GenericUrl(req.getRequestURL().toString()); url.setRawPath("/oauth2callback"); return url.build(); } @Override protected AuthorizationCodeFlow initializeFlow() throws IOException { return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(), new NetHttpTransport(), new JacksonFactory(), new GenericUrl("https://server.example.com/token"), new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"), "s6BhdRkqt3", "https://server.example.com/authorize").setCredentialStore( new JdoCredentialStore(JDOHelper.getPersistenceManagerFactory("transactions-optional"))) .build(); } @Override protected String getUserId(HttpServletRequest req) throws ServletException, IOException { // return user ID } }
- Since:
- 1.7
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate AuthorizationCodeFlow
Authorization code flow to be used across all HTTP servlet requests ornull
before initialized ininitializeFlow()
.private final Lock
Lock on the flow.private static final long
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected final void
doGet
(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp) protected abstract String
getRedirectUri
(javax.servlet.http.HttpServletRequest req) Returns the redirect URI for the given HTTP servlet request.protected abstract String
getUserId
(javax.servlet.http.HttpServletRequest req) Returns the user ID for the given HTTP servlet request.protected abstract AuthorizationCodeFlow
Loads the authorization code flow to be used across all HTTP servlet requests (only called during the first HTTP servlet request with an authorization code).protected void
onError
(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse) Handles an error to the authorization, such as when an end user denies authorization.protected void
onSuccess
(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, Credential credential) Handles a successfully granted authorization.Methods inherited from class javax.servlet.http.HttpServlet
doDelete, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service, service
Methods inherited from class javax.servlet.GenericServlet
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, init, log, log
-
Field Details
-
serialVersionUID
private static final long serialVersionUID- See Also:
-
lock
Lock on the flow. -
flow
Authorization code flow to be used across all HTTP servlet requests ornull
before initialized ininitializeFlow()
.
-
-
Constructor Details
-
AbstractAuthorizationCodeCallbackServlet
public AbstractAuthorizationCodeCallbackServlet()
-
-
Method Details
-
doGet
protected final void doGet(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp) throws javax.servlet.ServletException, IOException - Overrides:
doGet
in classjavax.servlet.http.HttpServlet
- Throws:
javax.servlet.ServletException
IOException
-
initializeFlow
protected abstract AuthorizationCodeFlow initializeFlow() throws javax.servlet.ServletException, IOExceptionLoads the authorization code flow to be used across all HTTP servlet requests (only called during the first HTTP servlet request with an authorization code).- Throws:
javax.servlet.ServletException
IOException
-
getRedirectUri
protected abstract String getRedirectUri(javax.servlet.http.HttpServletRequest req) throws javax.servlet.ServletException, IOException Returns the redirect URI for the given HTTP servlet request.- Throws:
javax.servlet.ServletException
IOException
-
getUserId
protected abstract String getUserId(javax.servlet.http.HttpServletRequest req) throws javax.servlet.ServletException, IOException Returns the user ID for the given HTTP servlet request.- Throws:
javax.servlet.ServletException
IOException
-
onSuccess
protected void onSuccess(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, Credential credential) throws javax.servlet.ServletException, IOException Handles a successfully granted authorization.Default implementation is to do nothing, but subclasses should override and implement. Sample implementation:
resp.sendRedirect("/granted");
- Parameters:
req
- HTTP servlet requestresp
- HTTP servlet responsecredential
- credential- Throws:
javax.servlet.ServletException
- HTTP servlet exceptionIOException
- some I/O exception
-
onError
protected void onError(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse) throws javax.servlet.ServletException, IOException Handles an error to the authorization, such as when an end user denies authorization.Default implementation is to do nothing, but subclasses should override and implement. Sample implementation:
resp.sendRedirect("/denied");
- Parameters:
req
- HTTP servlet requestresp
- HTTP servlet responseerrorResponse
- error response (AuthorizationCodeResponseUrl.getError()
is notnull
)- Throws:
javax.servlet.ServletException
- HTTP servlet exceptionIOException
- some I/O exception
-