io.getlime.security.powerauth.rest.api.base.provider

Class PowerAuthAuthenticationProviderBase

java.lang.Object

io.getlime.security.powerauth.rest.api.base.provider.PowerAuthAuthenticationProviderBase

public abstract class PowerAuthAuthenticationProviderBase
extends Object

Abstract class for PowerAuth 2.0 authentication provider.

Author:

Petr Dvorak, petr@lime-company.eu

Constructor Summary

Constructors

Constructor and Description
PowerAuthAuthenticationProviderBase()

Method Summary

Modifier and Type	Method and Description
PowerAuthApiAuthentication	validateRequestSignature(javax.servlet.http.HttpServletRequest servletRequest, String requestUriIdentifier, String httpAuthorizationHeader) The same as {validateRequestSignature(HttpServletRequest, String, String, List) but uses default accepted signature type (2FA or 3FA).
PowerAuthApiAuthentication	validateRequestSignature(javax.servlet.http.HttpServletRequest servletRequest, String requestUriIdentifier, String httpAuthorizationHeader, List<PowerAuthSignatureTypes> allowedSignatureTypes) Validate a request signature, make sure only supported signature types are used.
PowerAuthApiAuthentication	validateRequestSignature(String httpMethod, byte[] httpBody, String requestUriIdentifier, String httpAuthorizationHeader) The same as {validateRequestSignature(String, byte[], String, String, List) but uses default accepted signature type (2FA or 3FA).
abstract PowerAuthApiAuthentication	validateRequestSignature(String httpMethod, byte[] httpBody, String requestUriIdentifier, String httpAuthorizationHeader, List<PowerAuthSignatureTypes> allowedSignatureTypes) Validate the signature from the PowerAuth 2.0 HTTP header against the provided HTTP method, request body and URI identifier.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PowerAuthAuthenticationProviderBase

public PowerAuthAuthenticationProviderBase()

Method Detail

validateRequestSignature

public abstract PowerAuthApiAuthentication validateRequestSignature(String httpMethod,
                                                                    byte[] httpBody,
                                                                    String requestUriIdentifier,
                                                                    String httpAuthorizationHeader,
                                                                    List<PowerAuthSignatureTypes> allowedSignatureTypes)
                                                             throws PowerAuthAuthenticationException

Validate the signature from the PowerAuth 2.0 HTTP header against the provided HTTP method, request body and URI identifier. Make sure to accept only allowed signatures.

Parameters:

httpMethod - HTTP method (GET, POST, ...)

httpBody - Body of the HTTP request.

requestUriIdentifier - Request URI identifier.

httpAuthorizationHeader - PowerAuth 2.0 HTTP authorization header.

allowedSignatureTypes - Allowed types of the signature.

Returns:

Instance of a PowerAuthApiAuthentication on successful authorization.

Throws:

PowerAuthAuthenticationException - In case authorization fails, exception is raised.

validateRequestSignature

public PowerAuthApiAuthentication validateRequestSignature(String httpMethod,
                                                           byte[] httpBody,
                                                           String requestUriIdentifier,
                                                           String httpAuthorizationHeader)
                                                    throws PowerAuthAuthenticationException

The same as {validateRequestSignature(String, byte[], String, String, List) but uses default accepted signature type (2FA or 3FA).

Parameters:

httpMethod - HTTP method (GET, POST, ...)

httpBody - Request body

requestUriIdentifier - Request URI identifier.

httpAuthorizationHeader - PowerAuth 2.0 HTTP authorization header.

Returns:

Instance of a PowerAuthApiAuthentication on successful authorization.

Throws:

PowerAuthAuthenticationException - In case authorization fails, exception is raised.

validateRequestSignature

public PowerAuthApiAuthentication validateRequestSignature(javax.servlet.http.HttpServletRequest servletRequest,
                                                           String requestUriIdentifier,
                                                           String httpAuthorizationHeader,
                                                           List<PowerAuthSignatureTypes> allowedSignatureTypes)
                                                    throws PowerAuthAuthenticationException

Validate a request signature, make sure only supported signature types are used.

Parameters:

servletRequest - HTTPServletRequest with signed data.

requestUriIdentifier - Request URI identifier.

httpAuthorizationHeader - PowerAuth 2.0 HTTP authorization header.

allowedSignatureTypes - Allowed types of signatures.

Returns:

Instance of a PowerAuthApiAuthentication on successful authorization.

Throws:

PowerAuthAuthenticationException - In case authorization fails, exception is raised.

validateRequestSignature

public PowerAuthApiAuthentication validateRequestSignature(javax.servlet.http.HttpServletRequest servletRequest,
                                                           String requestUriIdentifier,
                                                           String httpAuthorizationHeader)
                                                    throws PowerAuthAuthenticationException

The same as {validateRequestSignature(HttpServletRequest, String, String, List) but uses default accepted signature type (2FA or 3FA).

Parameters:

servletRequest - HTTPServletRequest with signed data.

requestUriIdentifier - Request URI identifier.

httpAuthorizationHeader - PowerAuth 2.0 HTTP authorization header.

Returns:

Instance of a PowerAuthApiAuthentication on successful authorization.

Throws:

PowerAuthAuthenticationException - In case authorization fails, exception is raised.