RulesAwareRequestAuthorizationFilter (ASAP - Parent POM 2.14.5 API)

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- com.atlassian.asap.core.server.filter.AbstractRequestAuthorizationFilter
- - com.atlassian.asap.core.server.filter.RulesAwareRequestAuthorizationFilter

All Implemented Interfaces:

javax.servlet.Filter

Direct Known Subclasses:

IssuerAndSubjectAwareRequestAuthorizationFilter
```
public class RulesAwareRequestAuthorizationFilter
extends AbstractRequestAuthorizationFilter
```
This class accepts a list of issuers and the authentication rules associated with each one.
Any issuer that is not in the list will be rejected.
For example, we might have some requirement that the issuer Mallory should only be able to use the subject "Mallory", whereas the issuer Alice might be able to use the subject "Alice" or "Bob". We might write something like this:
```
      rules = ImmutableMap.of(
          "Mallory", jwt -> "Mallory".equals(jwt.getClaims().getSubject().orElse("Mallory")),
          "Alice", jwt -> ImmutableSet.of("Alice", "Bob").contains(jwt.getClaims().getSubject().orElse("Alice"))
      );
 
```
This would prevent Mallory from using Alice or Bob as the subject when we don't expect them to. (This particular example is actually covered better by the IssuerAndSubjectAwareRequestAuthorizationFilter, which extends this class.)

Constructor Summary

Constructors
Constructor and Description

RulesAwareRequestAuthorizationFilter(Map<String,Predicate<Jwt>> issuersAndChecks)

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected boolean`	`isAuthorized(javax.servlet.http.HttpServletRequest request, Jwt jwt)` Decides if the token is authorized for the request.

Methods inherited from class com.atlassian.asap.core.server.filter.AbstractRequestAuthorizationFilter
destroy, doFilter, init, onAuthorizationFailure, onAuthorizationSuccess, onTokenNotFound

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - RulesAwareRequestAuthorizationFilter
```
public RulesAwareRequestAuthorizationFilter(Map<String,Predicate<Jwt>> issuersAndChecks)
```
- Method Detail
  - isAuthorized
```
protected boolean isAuthorized(javax.servlet.http.HttpServletRequest request,
                               Jwt jwt)
```
    Description copied from class: AbstractRequestAuthorizationFilter
    
    Decides if the token is authorized for the request.
    
    Specified by:
    
    isAuthorized in class AbstractRequestAuthorizationFilter
    
    Parameters:
    
    request - HTTP request received
    
    jwt - Authentic and valid JWT token extracted from the request
    
    Returns:
    
    true if the token is authorized for the request

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

Copyright © 2017 Atlassian. All rights reserved.