Class AbstractAuthorizationCodeCallbackServlet (1.32.1)

public abstract class AbstractAuthorizationCodeCallbackServlet extends HttpServlet

Thread-safe OAuth 2.0 authorization code callback servlet to process the authorization code or error response from authorization page redirect.

This is designed to simplify the flow in which an end-user authorizes your web application to access their protected data. The main servlet class extends AbstractAuthorizationCodeServlet which if the end-user credentials are not found, will redirect the end-user to an authorization page. If the end-user grants authorization, they will be redirected to this servlet that extends AbstractAuthorizationCodeCallbackServlet and the #onSuccess will be called. Similarly, if the end-user grants authorization, they will be redirected to this servlet and #onError will be called.

Sample usage:

public class ServletCallbackSample extends AbstractAuthorizationCodeCallbackServlet {

@Override protected void onSuccess(HttpServletRequest req, HttpServletResponse resp, Credential credential) throws ServletException, IOException { resp.sendRedirect("/"); }

@Override protected void onError( HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse) throws ServletException, IOException { // handle error }

@Override protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException { GenericUrl url = new GenericUrl(req.getRequestURL().toString()); url.setRawPath("/oauth2callback"); return url.build(); }

@Override protected AuthorizationCodeFlow initializeFlow() throws IOException { return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(), new NetHttpTransport(), new GsonFactory(), new GenericUrl("https://server.example.com/token"), new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"), "s6BhdRkqt3", "https://server.example.com/authorize").setCredentialStore( new JdoCredentialStore(JDOHelper.getPersistenceManagerFactory("transactions-optional"))) .build(); }

@Override protected String getUserId(HttpServletRequest req) throws ServletException, IOException { // return user ID } }

Inheritance

java.lang.Object > javax.servlet.GenericServlet > HttpServlet > AbstractAuthorizationCodeCallbackServlet

Constructors

AbstractAuthorizationCodeCallbackServlet()

public AbstractAuthorizationCodeCallbackServlet()

Methods

doGet(HttpServletRequest req, HttpServletResponse resp)

protected final void doGet(HttpServletRequest req, HttpServletResponse resp)
Parameters
NameDescription
reqHttpServletRequest
respHttpServletResponse
Overrides Exceptions
TypeDescription
ServletException
IOException

getRedirectUri(HttpServletRequest req)

protected abstract String getRedirectUri(HttpServletRequest req)

Returns the redirect URI for the given HTTP servlet request.

Parameter
NameDescription
reqHttpServletRequest
Returns
TypeDescription
String
Exceptions
TypeDescription
ServletException
IOException

getUserId(HttpServletRequest req)

protected abstract String getUserId(HttpServletRequest req)

Returns the user ID for the given HTTP servlet request. This identifies your application's user and is used to assign and persist credentials to that user. Most commonly, this will be a user id stored in the session or even the session id itself.

Parameter
NameDescription
reqHttpServletRequest
Returns
TypeDescription
String
Exceptions
TypeDescription
ServletException
IOException

initializeFlow()

protected abstract AuthorizationCodeFlow initializeFlow()

Loads the authorization code flow to be used across all HTTP servlet requests (only called during the first HTTP servlet request with an authorization code).

Returns
TypeDescription
AuthorizationCodeFlow
Exceptions
TypeDescription
ServletException
IOException

onError(HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse)

protected void onError(HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse)

Handles an error to the authorization, such as when an end user denies authorization.

Default implementation is to do nothing, but subclasses should override and implement. Sample implementation:

resp.sendRedirect("/denied");

Parameters
NameDescription
reqHttpServletRequest

HTTP servlet request

respHttpServletResponse

HTTP servlet response

errorResponseAuthorizationCodeResponseUrl

error response (AuthorizationCodeResponseUrl#getError() is not null)

Exceptions
TypeDescription
ServletException

HTTP servlet exception

IOException

HTTP servlet exception

onSuccess(HttpServletRequest req, HttpServletResponse resp, Credential credential)

protected void onSuccess(HttpServletRequest req, HttpServletResponse resp, Credential credential)

Handles a successfully granted authorization.

Default implementation is to do nothing, but subclasses should override and implement. Sample implementation:

resp.sendRedirect("/granted");

Parameters
NameDescription
reqHttpServletRequest

HTTP servlet request

respHttpServletResponse

HTTP servlet response

credentialCredential

credential

Exceptions
TypeDescription
ServletException

HTTP servlet exception

IOException

HTTP servlet exception