Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.google.api.client.extensions.servlet.auth.oauth2
Class AbstractAuthorizationCodeCallbackServlet

java.lang.Object
  extended by javax.servlet.GenericServlet
      extended by javax.servlet.http.HttpServlet
          extended by com.google.api.client.extensions.servlet.auth.oauth2.AbstractAuthorizationCodeCallbackServlet
All Implemented Interfaces:
Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig
public abstract class AbstractAuthorizationCodeCallbackServlet
extends javax.servlet.http.HttpServlet

Thread-safe OAuth 2.0 authorization code callback servlet to process the authorization code or error response from authorization page redirect.

This is designed to simplify the flow in which an end-user authorizes your web application to access their protected data. The main servlet class extends AbstractAuthorizationCodeServlet which if the end-user credentials are not found, will redirect the end-user to an authorization page. If the end-user grants authorization, they will be redirected to this servlet that extends AbstractAuthorizationCodeCallbackServlet and the onSuccess(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.google.api.client.auth.oauth2.Credential) will be called. Similarly, if the end-user grants authorization, they will be redirected to this servlet and onError(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.google.api.client.auth.oauth2.AuthorizationCodeResponseUrl) will be called.

Sample usage: 

public class ServletCallbackSample extends AbstractAuthorizationCodeCallbackServlet {

  @Override
  protected void onSuccess(HttpServletRequest req, HttpServletResponse resp, Credential credential)
      throws ServletException, IOException {
    resp.sendRedirect("/");
  }

  @Override
  protected void onError(
      HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse)
      throws ServletException, IOException {
    // handle error
  }

  @Override
  protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException {
    GenericUrl url = new GenericUrl(req.getRequestURL().toString());
    url.setRawPath("/oauth2callback");
    return url.build();
  }

  @Override
  protected AuthorizationCodeFlow initializeFlow() throws IOException {
    return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),
        new NetHttpTransport(),
        new JacksonFactory(),
        new GenericUrl("https://server.example.com/token"),
        new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"),
        "s6BhdRkqt3",
        "https://server.example.com/authorize").setCredentialStore(
        new JdoCredentialStore(JDOHelper.getPersistenceManagerFactory("transactions-optional")))
        .build();
  }

  @Override
  protected String getUserId(HttpServletRequest req) throws ServletException, IOException {
    // return user ID
  }
}

Since:
1.7
Author:
Yaniv Inbar
See Also:
Serialized Form

Constructor Summary
AbstractAuthorizationCodeCallbackServlet()
           
 
Method Summary
protected  void doGet(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
           
protected abstract  String getRedirectUri(javax.servlet.http.HttpServletRequest req)
          Returns the redirect URI for the given HTTP servlet request.
protected abstract  String getUserId(javax.servlet.http.HttpServletRequest req)
          Returns the user ID for the given HTTP servlet request.
protected abstract  AuthorizationCodeFlow initializeFlow()
          Loads the authorization code flow to be used across all HTTP servlet requests (only called during the first HTTP servlet request with an authorization code).
protected  void onError(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse)
          Handles an error to the authorization, such as when an end user denies authorization.
protected  void onSuccess(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, Credential credential)
          Handles a successfully granted authorization.
 
Methods inherited from class javax.servlet.http.HttpServlet
doDelete, doHead, doOptions, doPost, doPut, doTrace, getLastModified, service, service
 
Methods inherited from class javax.servlet.GenericServlet
destroy, getInitParameter, getInitParameterNames, getServletConfig, getServletContext, getServletInfo, getServletName, init, init, log, log
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AbstractAuthorizationCodeCallbackServlet

public AbstractAuthorizationCodeCallbackServlet()
Method Detail

doGet

protected final void doGet(javax.servlet.http.HttpServletRequest req,
                           javax.servlet.http.HttpServletResponse resp)
                    throws javax.servlet.ServletException,
                           IOException
Overrides:
doGet in class javax.servlet.http.HttpServlet
Throws:
javax.servlet.ServletException
IOException

initializeFlow

protected abstract AuthorizationCodeFlow initializeFlow()
                                                 throws javax.servlet.ServletException,
                                                        IOException
Loads the authorization code flow to be used across all HTTP servlet requests (only called during the first HTTP servlet request with an authorization code).

Throws:
javax.servlet.ServletException
IOException

getRedirectUri

protected abstract String getRedirectUri(javax.servlet.http.HttpServletRequest req)
                                  throws javax.servlet.ServletException,
                                         IOException
Returns the redirect URI for the given HTTP servlet request.

Throws:
javax.servlet.ServletException
IOException

getUserId

protected abstract String getUserId(javax.servlet.http.HttpServletRequest req)
                             throws javax.servlet.ServletException,
                                    IOException
Returns the user ID for the given HTTP servlet request.

Throws:
javax.servlet.ServletException
IOException

onSuccess

protected void onSuccess(javax.servlet.http.HttpServletRequest req,
                         javax.servlet.http.HttpServletResponse resp,
                         Credential credential)
                  throws javax.servlet.ServletException,
                         IOException
Handles a successfully granted authorization.

Default implementation is to do nothing, but subclasses should override and implement. Sample implementation: 

      resp.sendRedirect("/granted");

Parameters:
req - HTTP servlet request
resp - HTTP servlet response
credential - credential
Throws:
javax.servlet.ServletException - HTTP servlet exception
IOException - some I/O exception

onError

protected void onError(javax.servlet.http.HttpServletRequest req,
                       javax.servlet.http.HttpServletResponse resp,
                       AuthorizationCodeResponseUrl errorResponse)
                throws javax.servlet.ServletException,
                       IOException
Handles an error to the authorization, such as when an end user denies authorization.

Default implementation is to do nothing, but subclasses should override and implement. Sample implementation: 

      resp.sendRedirect("/denied");

Parameters:
req - HTTP servlet request
resp - HTTP servlet response
errorResponse - error response (AuthorizationCodeResponseUrl.getError() is not null)
Throws:
javax.servlet.ServletException - HTTP servlet exception
IOException - some I/O exception
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2011-2012 Google. All Rights Reserved.