public final class SampleAuthorizationResource extends Object
Sample code to validate an access token and retrieve scopes. Use AuthorizationResourceHelper.isValid(bearerToken) to validate an access token Use AuthorizationResourceHelper.getAuthorizationData(bearerToken) to validate the token and get scopes associated with it. import java.util.List; import javax.ws.rs.HeaderParam; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Response; import org.apache.http.HttpStatus; import com.avaya.collaboration.authorization.AuthorizationHelperException; import com.avaya.collaboration.authorization.resource.AuthorizationData; import com.avaya.collaboration.authorization.resource.AuthorizationResourceHelper; import com.avaya.collaboration.authorization.resource.AuthorizationScope; public class SampleAuthorizationResource { // Takes the Authorization header value coming in from a client. An example header would look like this: Authorization Bearer // sfss9tsg89.dfggjegnk.567d456356jb // // The string after "Bearer" would be the token sent by the client. The method below passes this token to AuthorizationResourceHelper to // validate it. This could be followed by the application logic to serve the request. // // @param bearerToken // The token received from the client. // @return Response public final Response getResource1(@HeaderParam("Authorization") String authzToken) { String bearerToken = authzToken.substring("Bearer".length()).trim(); try { if (AuthorizationResourceHelper.isValid(bearerToken)) { // API Logic to respond if the token is valid. } else { return Response.status(HttpStatus.SC_OK).entity("Bearer token doesn't have enough privileges.").build(); } } catch (AuthorizationHelperException e) { return Response.status(HttpStatus.SC_INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); } return null; } // Takes the Authorization header's value and the requested resource coming in from a client. The method below passes the token to // AuthorizationResourceHelper to retrieve AuthorizationData associated with the token. With this information, the method can determine // whether to allow the request to proceed. Here, it checks if the client is authorized to access "mail" feature with value "read". If // such permission is allowed in the Listretrieved from AuthorizationData, the method allows the logic to proceed // and serve the client. // // Example client request: // // GET /services/SampleAuthorizationResource/LatestMail?mailBoxId=20001 // // Authorization: Bearer j456k46k546.4b646k45j65.5hj4b654b6456 // // @param bearerToken // The token received from the client. // @param mailBoxId // MailBoxId of the user // @return Response public final Response getLatestMail(@HeaderParam("Authorization") String authzToken, @QueryParam("mailBoxId") String mailBoxId) { String bearerToken = authzToken.substring("Bearer".length()).trim(); try { AuthorizationData response = AuthorizationResourceHelper.getAuthorizationData(bearerToken); List clientScopes = response.getClientScopeList(); for (AuthorizationScope aScope : clientScopes) { if (aScope.getFeatureName().equals("mail") && aScope.getFeatureValues().contains("read")) { // Logic to retrieve latest mail from mail server } } return Response.status(HttpStatus.SC_UNAUTHORIZED).entity("Access token doesn't have enough privileges.").build(); } catch (AuthorizationHelperException e) { return Response.status(HttpStatus.SC_INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); } }
Copyright © 2016 Avaya. All Rights Reserved.