Module org.apache.jena.fuseki.main

Package org.apache.jena.fuseki.main.auth

Class AuthBearerFilter

java.lang.Object

org.apache.jena.fuseki.main.auth.AuthBearerFilter

All Implemented Interfaces:

jakarta.servlet.Filter

public class AuthBearerFilter
extends Object
implements jakarta.servlet.Filter

Process an "Authorization: Bearer" header.

This has two modes:

• requireBearer=true : Only accept requests with a bearer authorization header. If missing, respond with a 401 challenge asking for a bearer token.
• requireBearer=false : Verify any bearer token but otherwise pass through the request as-is. This will pass through requests to an unsecured ("public") dataset but will cause a 403 on a secured dataset, not a 401 challenge.

Handling the bearer token is delegated to a handler function, passing the token as seen in the HTTP request. Normally, this will be base64 encoded. It is the responsibility of the handler function to decode the token.

This class has some extension points for customizing the handling of bearer authentication for

• getting the token from the HTTP request (e.g. from a different HTTP field)
• handling the challenge case (no authentication provided)
• handling the case of authentication provided, but it is not "bearer" and bearer is required

A more flexible approach for mixing authentication methods is to setup Fuseki with multiple AuthBearerFilter filters installed in a Fuseki server, with different path specs.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static enum	AuthBearerFilter.BearerMode

Constructor Summary

Constructors

Constructor	Description
AuthBearerFilter(Function<String,String> verifiedUser)	Create a servlet filter that verifies a JWT as bearer authentication.
AuthBearerFilter(Function<String,String> verifiedUser, AuthBearerFilter.BearerMode bearerMode)	Create a servlet filter that verifies a JWT as bearer authentication.

Method Summary

Modifier and Type	Method	Description
void	destroy()
void	doFilter(jakarta.servlet.ServletRequest servletRequest, jakarta.servlet.ServletResponse servletResponse, jakarta.servlet.FilterChain chain)
void	init(jakarta.servlet.FilterConfig filterConfig)

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AuthBearerFilter

public AuthBearerFilter(Function<String,String> verifiedUser)

Create a servlet filter that verifies a JWT as bearer authentication. Only requests with a verifiable bearer authorization header are accepted. If there is no "Authentication" header, or it does not specify "Bearer", respond with a 401 challenge asking for a bearer token (customisable behaviour via sendResponseNoAuthPresent(HttpServletResponse)).

This is equivalent to calling the 2-argument constructor with "requireBearer=true".

AuthBearerFilter

public AuthBearerFilter(Function<String,String> verifiedUser,
 AuthBearerFilter.BearerMode bearerMode)

Create a servlet filter that verifies a JWT as bearer authentication.

Parameters:

verifiedUser - Function to take the encoded bearer token and return the user name of a verified user.

bearerMode - Whether bearer required or not. If set OPTIONAL, no auth, Basic and Digest requests will pass through. If set REQUIRED, Bearer must be present, and no auth causes a challenge.

Method Details

init

public void init(jakarta.servlet.FilterConfig filterConfig)
          throws jakarta.servlet.ServletException

Specified by:

init in interface jakarta.servlet.Filter

Throws:

jakarta.servlet.ServletException

doFilter

public void doFilter(jakarta.servlet.ServletRequest servletRequest,
 jakarta.servlet.ServletResponse servletResponse,
 jakarta.servlet.FilterChain chain)
              throws IOException,
jakarta.servlet.ServletException

Specified by:

doFilter in interface jakarta.servlet.Filter

Throws:

IOException

jakarta.servlet.ServletException

destroy

public void destroy()

Specified by:

destroy in interface jakarta.servlet.Filter