IssuerAndSubjectAwareRequestAuthorizationFilter (ASAP - Parent POM 2.14.5 API)

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- com.atlassian.asap.core.server.filter.AbstractRequestAuthorizationFilter
- - com.atlassian.asap.core.server.filter.RulesAwareRequestAuthorizationFilter
  - - com.atlassian.asap.core.server.filter.IssuerAndSubjectAwareRequestAuthorizationFilter

All Implemented Interfaces:

javax.servlet.Filter
```
public class IssuerAndSubjectAwareRequestAuthorizationFilter
extends RulesAwareRequestAuthorizationFilter
```
This filter takes a map of issuers and predicates that define which issuers should be allowed to make ASAP requests and what the subjects for those issuers should look like.
If a request does not specify the subject, the subject is assumed to be the issuer.
A concrete use case for this would be if you have a service that is only allowed to specify certain users as the subject. For example, if "impersonation-service" is allowed to use any @atlassian.com users as the subject, you could define a set of rules like this:
```
      ImmutableMap.of("impersonation-service", Pattern.compile(".*@atlassian\\.com").asPredicate())
 
```

Constructor Summary

Constructors
Constructor and Description

IssuerAndSubjectAwareRequestAuthorizationFilter(Map<String,Predicate<String>> issuersAndSubjectChecks)

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`static IssuerAndSubjectAwareRequestAuthorizationFilter`	`issuers(Set<String> issuers)` A helper constructor to construct a filter from a list of issuers.

Methods inherited from class com.atlassian.asap.core.server.filter.RulesAwareRequestAuthorizationFilter
isAuthorized

Methods inherited from class com.atlassian.asap.core.server.filter.AbstractRequestAuthorizationFilter
destroy, doFilter, init, onAuthorizationFailure, onAuthorizationSuccess, onTokenNotFound

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - IssuerAndSubjectAwareRequestAuthorizationFilter
```
public IssuerAndSubjectAwareRequestAuthorizationFilter(Map<String,Predicate<String>> issuersAndSubjectChecks)
```
- Method Detail
  - issuers
```
public static IssuerAndSubjectAwareRequestAuthorizationFilter issuers(Set<String> issuers)
```
    A helper constructor to construct a filter from a list of issuers.
    Issuers cannot impersonate anybody. The issuer must be the same as the subject. (The subject may be blank, in which case we treat the issuer as the subject).
    
    Parameters:
    
    issuers - A list of issuers to whitelist
    
    Returns:
    
    A filter that only accepts self-signed JWTs from the listed issuers

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

Copyright © 2017 Atlassian. All rights reserved.