Class AbstractAuthorizationCodeCallbackServlet

  • All Implemented Interfaces:
    java.io.Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig

    public abstract class AbstractAuthorizationCodeCallbackServlet
    extends javax.servlet.http.HttpServlet
    Thread-safe OAuth 2.0 authorization code callback servlet to process the authorization code or error response from authorization page redirect.

    This is designed to simplify the flow in which an end-user authorizes your web application to access their protected data. The main servlet class extends AbstractAuthorizationCodeServlet which if the end-user credentials are not found, will redirect the end-user to an authorization page. If the end-user grants authorization, they will be redirected to this servlet that extends AbstractAuthorizationCodeCallbackServlet and the onSuccess(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.google.api.client.auth.oauth2.Credential) will be called. Similarly, if the end-user grants authorization, they will be redirected to this servlet and onError(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.google.api.client.auth.oauth2.AuthorizationCodeResponseUrl) will be called.

    Sample usage:

    public class ServletCallbackSample extends AbstractAuthorizationCodeCallbackServlet {
    
      @Override
      protected void onSuccess(HttpServletRequest req, HttpServletResponse resp, Credential credential)
          throws ServletException, IOException {
        resp.sendRedirect("/");
      }
    
      @Override
      protected void onError(
          HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse)
          throws ServletException, IOException {
        // handle error
      }
    
      @Override
      protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException {
        GenericUrl url = new GenericUrl(req.getRequestURL().toString());
        url.setRawPath("/oauth2callback");
        return url.build();
      }
    
      @Override
      protected AuthorizationCodeFlow initializeFlow() throws IOException {
        return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),
            new NetHttpTransport(),
            new JacksonFactory(),
            new GenericUrl("https://server.example.com/token"),
            new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"),
            "s6BhdRkqt3",
            "https://server.example.com/authorize").setCredentialStore(
            new JdoCredentialStore(JDOHelper.getPersistenceManagerFactory("transactions-optional")))
            .build();
      }
    
      @Override
      protected String getUserId(HttpServletRequest req) throws ServletException, IOException {
        // return user ID
      }
    }
     
    Since:
    1.7
    See Also:
    Serialized Form
    • Field Summary

      Fields 
      Modifier and Type Field Description
      private AuthorizationCodeFlow flow
      Authorization code flow to be used across all HTTP servlet requests or null before initialized in initializeFlow().
      private java.util.concurrent.locks.Lock lock
      Lock on the flow.
      private static long serialVersionUID  
    • Method Summary

      All Methods Instance Methods Abstract Methods Concrete Methods 
      Modifier and Type Method Description
      protected void doGet​(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)  
      protected abstract java.lang.String getRedirectUri​(javax.servlet.http.HttpServletRequest req)
      Returns the redirect URI for the given HTTP servlet request.
      protected abstract java.lang.String getUserId​(javax.servlet.http.HttpServletRequest req)
      Returns the user ID for the given HTTP servlet request.
      protected abstract AuthorizationCodeFlow initializeFlow()
      Loads the authorization code flow to be used across all HTTP servlet requests (only called during the first HTTP servlet request with an authorization code).
      protected void onError​(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse)
      Handles an error to the authorization, such as when an end user denies authorization.
      protected void onSuccess​(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, Credential credential)
      Handles a successfully granted authorization.
      • Methods inherited from class javax.servlet.http.HttpServlet

        doDelete, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service, service
      • Methods inherited from class javax.servlet.GenericServlet

        destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, init, log, log
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • lock

        private final java.util.concurrent.locks.Lock lock
        Lock on the flow.
    • Constructor Detail

      • AbstractAuthorizationCodeCallbackServlet

        public AbstractAuthorizationCodeCallbackServlet()
    • Method Detail

      • doGet

        protected final void doGet​(javax.servlet.http.HttpServletRequest req,
                                   javax.servlet.http.HttpServletResponse resp)
                            throws javax.servlet.ServletException,
                                   java.io.IOException
        Overrides:
        doGet in class javax.servlet.http.HttpServlet
        Throws:
        javax.servlet.ServletException
        java.io.IOException
      • initializeFlow

        protected abstract AuthorizationCodeFlow initializeFlow()
                                                         throws javax.servlet.ServletException,
                                                                java.io.IOException
        Loads the authorization code flow to be used across all HTTP servlet requests (only called during the first HTTP servlet request with an authorization code).
        Throws:
        javax.servlet.ServletException
        java.io.IOException
      • getRedirectUri

        protected abstract java.lang.String getRedirectUri​(javax.servlet.http.HttpServletRequest req)
                                                    throws javax.servlet.ServletException,
                                                           java.io.IOException
        Returns the redirect URI for the given HTTP servlet request.
        Throws:
        javax.servlet.ServletException
        java.io.IOException
      • getUserId

        protected abstract java.lang.String getUserId​(javax.servlet.http.HttpServletRequest req)
                                               throws javax.servlet.ServletException,
                                                      java.io.IOException
        Returns the user ID for the given HTTP servlet request.
        Throws:
        javax.servlet.ServletException
        java.io.IOException
      • onSuccess

        protected void onSuccess​(javax.servlet.http.HttpServletRequest req,
                                 javax.servlet.http.HttpServletResponse resp,
                                 Credential credential)
                          throws javax.servlet.ServletException,
                                 java.io.IOException
        Handles a successfully granted authorization.

        Default implementation is to do nothing, but subclasses should override and implement. Sample implementation:

              resp.sendRedirect("/granted");
         
        Parameters:
        req - HTTP servlet request
        resp - HTTP servlet response
        credential - credential
        Throws:
        javax.servlet.ServletException - HTTP servlet exception
        java.io.IOException - some I/O exception
      • onError

        protected void onError​(javax.servlet.http.HttpServletRequest req,
                               javax.servlet.http.HttpServletResponse resp,
                               AuthorizationCodeResponseUrl errorResponse)
                        throws javax.servlet.ServletException,
                               java.io.IOException
        Handles an error to the authorization, such as when an end user denies authorization.

        Default implementation is to do nothing, but subclasses should override and implement. Sample implementation:

              resp.sendRedirect("/denied");
         
        Parameters:
        req - HTTP servlet request
        resp - HTTP servlet response
        errorResponse - error response (AuthorizationCodeResponseUrl.getError() is not null)
        Throws:
        javax.servlet.ServletException - HTTP servlet exception
        java.io.IOException - some I/O exception