Class AbstractAuthorizationCodeServlet (1.37.0)

public abstract class AbstractAuthorizationCodeServlet extends HttpServlet

Thread-safe OAuth 2.0 authorization code flow HTTP servlet using the jakarta namespace that manages and persists end-user credentials.

This is designed to simplify the flow in which an end-user authorizes your web application to access their protected data. Your application then has access to their data based on an access token and a refresh token to refresh that access token when it expires. Your main servlet class should extend AbstractAuthorizationCodeServlet and implement the abstract methods. To get the persisted credential associated with the current request, call #getCredential(). It is assumed that the end-user is authenticated by some external means by which a user ID is obtained. This user ID is used as the primary key for persisting the end-user credentials, and passed in via #getUserId(HttpServletRequest). The first time an end-user arrives at your servlet, they will be redirected in the browser to an authorization page. Next, they will be redirected back to your site at the redirect URI selected in #getRedirectUri(HttpServletRequest). The servlet to process that should extend AbstractAuthorizationCodeCallbackServlet, which should redirect back to this servlet on success.

Although this implementation is thread-safe, it can only process one request at a time. For a more performance-critical multi-threaded web application, instead use AuthorizationCodeFlow directly.

Sample usage:


 public class ServletSample extends AbstractAuthorizationCodeServlet {

 @Override
 protected void doGet(HttpServletRequest request, HttpServletResponse response)
 throws IOException {
 // do stuff
 }

 @Override
 protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException {
 GenericUrl url = new GenericUrl(req.getRequestURL().toString());
 url.setRawPath("/oauth2callback");
 return url.build();
 }

 @Override
 protected AuthorizationCodeFlow initializeFlow() throws IOException {
 return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),
 new NetHttpTransport(),
 new GsonFactory(),
 new GenericUrl("https://server.example.com/token"),
 new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"),
 "s6BhdRkqt3",
 "https://server.example.com/authorize").setCredentialStore(
 new JdoCredentialStore(JDOHelper.getPersistenceManagerFactory("transactions-optional")))
 .build();
 }

 @Override
 protected String getUserId(HttpServletRequest req) throws ServletException, IOException {
 // return user ID
 }
 }
 

Inheritance

java.lang.Object > jakarta.servlet.GenericServlet > jakarta.servlet.http.HttpServlet > AbstractAuthorizationCodeServlet

Constructors

AbstractAuthorizationCodeServlet()

public AbstractAuthorizationCodeServlet()

Methods

getCredential()

protected final Credential getCredential()

Return the persisted credential associated with the current request or null for none.

Returns
Type Description
Credential

getRedirectUri(HttpServletRequest req)

protected abstract String getRedirectUri(HttpServletRequest req)

Returns the redirect URI for the given HTTP servlet request.

Parameter
Name Description
req jakarta.servlet.http.HttpServletRequest
Returns
Type Description
String
Exceptions
Type Description
jakarta.servlet.ServletException
IOException

getUserId(HttpServletRequest req)

protected abstract String getUserId(HttpServletRequest req)

Returns the user ID for the given HTTP servlet request. This identifies your application's user and is used to fetch persisted credentials for that user. Most commonly, this will be a user id stored in the session or even the session id itself.

Parameter
Name Description
req jakarta.servlet.http.HttpServletRequest
Returns
Type Description
String
Exceptions
Type Description
jakarta.servlet.ServletException
IOException

initializeFlow()

protected abstract AuthorizationCodeFlow initializeFlow()

Loads the authorization code flow to be used across all HTTP servlet requests (only called during the first HTTP servlet request).

Returns
Type Description
AuthorizationCodeFlow
Exceptions
Type Description
jakarta.servlet.ServletException
IOException

onAuthorization(HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeRequestUrl authorizationUrl)

protected void onAuthorization(HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeRequestUrl authorizationUrl)

Handles user authorization by redirecting to the OAuth 2.0 authorization server.

Default implementation is to call resp.sendRedirect(authorizationUrl.build()). Subclasses may override to provide optional parameters such as the recommended state parameter. Sample implementation:

@Override protected void onAuthorization(HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeRequestUrl authorizationUrl) throws ServletException, IOException { authorizationUrl.setState("xyz"); super.onAuthorization(req, resp, authorizationUrl); }

Parameters
Name Description
req jakarta.servlet.http.HttpServletRequest

HTTP servlet request

resp jakarta.servlet.http.HttpServletResponse
authorizationUrl AuthorizationCodeRequestUrl

authorization code request URL

Exceptions
Type Description
jakarta.servlet.ServletException

servlet exception

IOException

servlet exception

service(HttpServletRequest req, HttpServletResponse resp)

protected void service(HttpServletRequest req, HttpServletResponse resp)
Parameters
Name Description
req jakarta.servlet.http.HttpServletRequest
resp jakarta.servlet.http.HttpServletResponse
Overrides
jakarta.servlet.http.HttpServlet.service(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse)
Exceptions
Type Description
IOException
jakarta.servlet.ServletException