com.authlete.jaxrs.BaseAuthorizationEndpoint Maven / Gradle / Ivy
Show all versions of authlete-java-jaxrs Show documentation
/*
* Copyright (C) 2016-2025 Authlete, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package com.authlete.jaxrs;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import com.authlete.common.api.AuthleteApi;
import com.authlete.common.api.Options;
import com.authlete.jaxrs.spi.AuthorizationRequestHandlerSpi;
/**
* A base class for authorization endpoints.
*
* @since 1.2
*
* @see RFC 6749, 3.1. Authorization Endpoint
*
* @see OpenID Connect Core 1.0, 3.1.2. Authorization Endpoint (Authorization Code Flow)
*
* @see OpenID Connect Core 1.0, 3.2.2. Authorization Endpoint (Implicit Flow)
*
* @see OpenID Connect Core 1.0, 3.3.2. Authorization Endpoint (Hybrid Flow)
*
* @author Takahiko Kawasaki
*/
public class BaseAuthorizationEndpoint extends BaseEndpoint
{
/**
* Handle an authorization request. This method is an alias of
* {@link #handle(AuthleteApi, AuthorizationRequestHandlerSpi, MultivaluedMap,
* Options, Options, Options) handle}{@code (api, spi, parameters, null, null, null)}.
*
* @param api
* An implementation of {@link AuthleteApi}.
*
* @param spi
* An implementation of {@link AuthorizationRequestHandlerSpi}.
*
* @param parameters
* The request parameters of the authorization request.
*
* @return
* A response that should be returned to the client application.
*/
public Response handle(
AuthleteApi api, AuthorizationRequestHandlerSpi spi,
MultivaluedMap parameters)
{
return handle(api, spi, parameters, null, null, null);
}
/**
* Handle an authorization request.
*
*
* This method internally creates a {@link AuthorizationRequestHandler} instance and
* calls its {@link AuthorizationRequestHandler#handle(MultivaluedMap, Options,
* Options, Options) handle()} method. Then, this method uses the value returned
* from the {@code handle()} method as a response from this method.
*
*
*
* When {@code AuthorizationRequestHandler.handle()} method raises a {@link
* WebApplicationException}, this method calls {@link #onError(WebApplicationException) onError()}
* method with the exception. The default implementation of {@code onError()}
* does nothing. You can override the method as necessary. After calling {@code
* onError()} method, this method calls {@code getResponse()} method of the
* exception and uses the returned value as a response from this method.
*
*
* @param api
* An implementation of {@link AuthleteApi}.
*
* @param spi
* An implementation of {@link AuthorizationRequestHandlerSpi}.
*
* @param parameters
* The request parameters of the authorization request.
*
* @param authzOptions
* The request options for the {@code /api/auth/authorization} API.
*
* @param authzIssueOptions
* The request options for the {@code /api/auth/authorization/issue} API.
*
* @param authzFailOptions
* The request options for the {@code /api/auth/authorization/fail} API.
*
* @return
* A response that should be returned to the client application.
*
* @since 2.82
*/
public Response handle(
AuthleteApi api, AuthorizationRequestHandlerSpi spi,
MultivaluedMap parameters, Options authzOptions,
Options authzIssueOptions, Options authzFailOptions)
{
try
{
// Create a handler.
AuthorizationRequestHandler handler = new AuthorizationRequestHandler(api, spi);
// Delegate the task to the handler.
return handler.handle(parameters, authzOptions, authzIssueOptions, authzFailOptions);
}
catch (WebApplicationException e)
{
// An error occurred in the handler.
onError(e);
// Convert the error to a Response.
return e.getResponse();
}
}
}