java.lang.Object
org.apache.jena.fuseki.main.auth.AuthBearerFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
Process an "Authorization: Bearer" header.
This has two modes:
requireBearer=true
: Only accept requests with a bearer authorization header. If missing, respond with a 401 challenge asking for a bearer token.requireBearer=false
: Verify any bearer token but otherwise pass through the request as-is. This will pass through requests to an unsecured ("public") dataset but will cause a 403 on a secured dataset, not a 401 challenge.
Handling the bearer token is delegated to a handler function, passing the token as seen in the HTTP request. Normally, this will be base64 encoded. It is the responsibility of the handler function to decode the token.
This class has some extension points for customizing the handling of bearer authentication for
- getting the token from the HTTP request (e.g. from a different HTTP field)
- handling the challenge case (no authentication provided)
- handling the case of authentication provided, but it is not "bearer" and bearer is required
AuthBearerFilter
filters installed in a Fuseki server, with
different path specs.-
Nested Class Summary
-
Constructor Summary
ConstructorDescriptionAuthBearerFilter
(Function<String, String> verifiedUser) Create a servlet filter that verifies a JWT as bearer authentication.AuthBearerFilter
(Function<String, String> verifiedUser, AuthBearerFilter.BearerMode bearerMode) Create a servlet filter that verifies a JWT as bearer authentication. -
Method Summary
-
Constructor Details
-
AuthBearerFilter
Create a servlet filter that verifies a JWT as bearer authentication. Only requests with a verifiable bearer authorization header are accepted. If there is no "Authentication" header, or it does not specify "Bearer", respond with a 401 challenge asking for a bearer token (customisable behaviour viasendResponseNoAuthPresent(HttpServletResponse)
).This is equivalent to calling the 2-argument constructor with "
requireBearer=true
". -
AuthBearerFilter
public AuthBearerFilter(Function<String, String> verifiedUser, AuthBearerFilter.BearerMode bearerMode) Create a servlet filter that verifies a JWT as bearer authentication.- Parameters:
verifiedUser
- Function to take the encoded bearer token and return the user name of a verified user.bearerMode
- Whether bearer required or not. If set OPTIONAL, no auth, Basic and Digest requests will pass through. If set REQUIRED, Bearer must be present, and no auth causes a challenge.
-
-
Method Details
-
init
public void init(jakarta.servlet.FilterConfig filterConfig) throws jakarta.servlet.ServletException - Specified by:
init
in interfacejakarta.servlet.Filter
- Throws:
jakarta.servlet.ServletException
-
doFilter
public void doFilter(jakarta.servlet.ServletRequest servletRequest, jakarta.servlet.ServletResponse servletResponse, jakarta.servlet.FilterChain chain) throws IOException, jakarta.servlet.ServletException - Specified by:
doFilter
in interfacejakarta.servlet.Filter
- Throws:
IOException
jakarta.servlet.ServletException
-
destroy
public void destroy()- Specified by:
destroy
in interfacejakarta.servlet.Filter
-