com.atlassian.asap.core.server.jersey (ASAP

Interface Summary
Interface	Description
FailureHandler	An extension point for customizing how the authentication and authorization failures are returned to the client.
JerseyRequestAuthorizer	Authorization strategy for Jersey requests.

Class Summary
Class	Description
AsapValidator	Validates a valid `Jwt` token against a whitelist of acceptable subjects and/or issuers.
AsapValidator.AsapAnnotationWhitelistProviderWithConfigSupport
AsapValidator.AsapWhitelistProvider
AsapValidator.EnvironmentVariablesWhitelistProvider	Provides the whitelist from environment variables.
AsapValidator.Whitelist	Provides whitelisted values.
AuthenticationRequestFilter	AuthenticationRequestFilter is a `ContainerRequestFilter` that authenticates resources with the ASAP protocol if opted-into by using the `Asap` annotation on either a resource package, class, or method.
AuthorizationRequestFilter	AuthorizationRequestFilter is a `ContainerRequestFilter` that validates an authenticated jwt token.
EmptyBodyFailureHandler	Handles authentication and authorization failures by sending back empty-bodied responses with the correct codes.
JerseyRequestAuthorizerFactory	Factory for `JerseyRequestAuthorizer`.
JwtAuthProvider
JwtInjectable
JwtParamBinder	JwtParamBinder can be registered with Jersey to provide a JwtParam to Jwt token binding on resource methods.
WhitelistJerseyRequestAuthorizer	Decides if a request is authorized based on whitelists for the issuer and effective subject.

Annotation Types Summary
Annotation Type	Description
Asap	Asap is an annotation that will allow Jersey resource packages, classes, or methods to opt into ASAP authorization.
JwtAuth
JwtParam	The JwtParam annotation is used to inject the authentic `Jwt` token into the current resource handler method.

Package com.atlassian.asap.core.server.jersey Description

Jersey 2 adapter for ASAP

This adapter works a bit differently than other adapters by requiring the Asap annotation to be placed on a resource package, class, or method level to trigger the ASAP authentication and authorization. The JwtParam annotation is then used for optional Jwt parameter injection.

Installation

To install the authentication and authorization filters, you need to add a few singletons to your Jersey configuration:

  jerseyConfig.register(AuthenticationRequestFilter.newInstance(AUDIENCE, PUBLIC_KEY_URL));
  jerseyConfig.register(AuthorizationRequestFilter.newInstance());
  jerseyConfig.register(new JwtParamBinder());

These filters will create, validate, and authorize the jwt token for the request, while the JwtParamBinder will handle injection for the JwtParam annotation. Technically, the JwtParamBinder instance is optional.

Usage

To add ASAP authenticate and authorization to your resource, just add the Asap annotation to your resource package, class, or method. This is an example of adding it on a class level:

  @Asap(authorizedSubjects = "mysubject")
  public class MyResource {
      void viewFoo() {}
  }

Environment variable configuration

To configure the subject and issuer whitelists via environment variables instead of hard-coding the values into annotations, you can instead create the AuthorizationRequestFilter instance like so:

     new AuthorizationRequestFilter(new EmptyBodyFailureHandler(), AsapValidator.newEnvironmentVariablesValidator());

The default environment variables are found on AsapValidator.EnvironmentVariablesWhitelistProvider.