PowerAuthAuthenticationProviderBase (powerauth-restful-security-base 0.23.1 API)

java.lang.Object
- io.getlime.security.powerauth.rest.api.base.provider.PowerAuthAuthenticationProviderBase

```
public abstract class PowerAuthAuthenticationProviderBase
extends Object
```
Abstract class for PowerAuth authentication provider.

Author:

Petr Dvorak, petr@wultra.com

Constructor Summary

Constructors
Constructor and Description

PowerAuthAuthenticationProviderBase()

Constructors
Constructor and Description
`PowerAuthAuthenticationProviderBase()`

Method Summary

All Methods Instance Methods Abstract Methods Concrete Methods
Modifier and Type	Method and Description
`byte[]`	`extractRequestBodyBytes(javax.servlet.http.HttpServletRequest servletRequest)` Extract request body bytes from HTTP servlet request.
`PowerAuthApiAuthentication`	`validateRequestSignature(javax.servlet.http.HttpServletRequest servletRequest, String requestUriIdentifier, String httpAuthorizationHeader)` The same as {`validateRequestSignature(HttpServletRequest, String, String, List, Integer)` but uses default accepted signature type (2FA or 3FA) and does not specify forced signature version.
`PowerAuthApiAuthentication`	`validateRequestSignature(javax.servlet.http.HttpServletRequest servletRequest, String requestUriIdentifier, String httpAuthorizationHeader, List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes)` Validate a request signature, make sure only supported signature types are used, do not use forced signature version during upgrade.
`PowerAuthApiAuthentication`	`validateRequestSignature(javax.servlet.http.HttpServletRequest servletRequest, String requestUriIdentifier, String httpAuthorizationHeader, List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes, Integer forcedSignatureVersion)` Validate a request signature, make sure only supported signature types are used and allow specification of forced signature version.
`PowerAuthApiAuthentication`	`validateRequestSignature(String httpMethod, byte[] httpBody, String requestUriIdentifier, String httpAuthorizationHeader)` The same as {`validateRequestSignature(String, byte[], String, String, List, Integer)` but uses default accepted signature type (2FA or 3FA) and does not specify forced signature version.
`abstract PowerAuthApiAuthentication`	`validateRequestSignature(String httpMethod, byte[] httpBody, String requestUriIdentifier, String httpAuthorizationHeader, List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes, Integer forcedSignatureVersion)` Validate the signature from the PowerAuth HTTP header against the provided HTTP method, request body and URI identifier.
`PowerAuthApiAuthentication`	`validateToken(String tokenHeader)` Validate the token digest from PowerAuth authentication header.
`abstract PowerAuthApiAuthentication`	`validateToken(String httpAuthorizationHeader, List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes)` Validate the token digest from PowerAuth authentication header.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- PowerAuthAuthenticationProviderBase
```
public PowerAuthAuthenticationProviderBase()
```

Method Detail

validateRequestSignature

public abstract PowerAuthApiAuthentication validateRequestSignature(String httpMethod,
                                                                    byte[] httpBody,
                                                                    String requestUriIdentifier,
                                                                    String httpAuthorizationHeader,
                                                                    List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes,
                                                                    @Nullable
                                                                    Integer forcedSignatureVersion)
                                                             throws PowerAuthAuthenticationException

Validate the signature from the PowerAuth HTTP header against the provided HTTP method, request body and URI identifier. Make sure to accept only allowed signatures.

Parameters:: httpMethod - HTTP method (GET, POST, ...); httpBody - Body of the HTTP request.; requestUriIdentifier - Request URI identifier.; httpAuthorizationHeader - PowerAuth HTTP authorization header.; allowedSignatureTypes - Allowed types of the signature.; forcedSignatureVersion - Forced signature version during upgrade.
Returns:: Instance of a PowerAuthApiAuthentication on successful authorization.
Throws:: PowerAuthAuthenticationException - In case authorization fails, exception is raised.

validateToken

public abstract PowerAuthApiAuthentication validateToken(String httpAuthorizationHeader,
                                                         List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes)
                                                  throws PowerAuthAuthenticationException

Validate the token digest from PowerAuth authentication header.

Parameters:: httpAuthorizationHeader - HTTP header with token digest.; allowedSignatureTypes - Allowed types of the signature.
Returns:: Instance of a PowerAuthApiAuthentication on successful authorization.
Throws:: PowerAuthAuthenticationException - In case authorization fails, exception is raised.

validateRequestSignature

public PowerAuthApiAuthentication validateRequestSignature(String httpMethod,
                                                           byte[] httpBody,
                                                           String requestUriIdentifier,
                                                           String httpAuthorizationHeader)
                                                    throws PowerAuthAuthenticationException

The same as {validateRequestSignature(String, byte[], String, String, List, Integer) but uses default accepted signature type (2FA or 3FA) and does not specify forced signature version.

Parameters:: httpMethod - HTTP method (GET, POST, ...); httpBody - Request body; requestUriIdentifier - Request URI identifier.; httpAuthorizationHeader - PowerAuth HTTP authorization header.
Returns:: Instance of a PowerAuthApiAuthentication on successful authorization.
Throws:: PowerAuthAuthenticationException - In case authorization fails, exception is raised.

validateRequestSignature

public PowerAuthApiAuthentication validateRequestSignature(javax.servlet.http.HttpServletRequest servletRequest,
                                                           String requestUriIdentifier,
                                                           String httpAuthorizationHeader,
                                                           List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes)
                                                    throws PowerAuthAuthenticationException

Validate a request signature, make sure only supported signature types are used, do not use forced signature version during upgrade.

Parameters:: servletRequest - HTTPServletRequest with signed data.; requestUriIdentifier - Request URI identifier.; httpAuthorizationHeader - PowerAuth HTTP authorization header.; allowedSignatureTypes - Allowed types of signatures.
Returns:: Instance of a PowerAuthApiAuthentication on successful authorization.
Throws:: PowerAuthAuthenticationException - In case authorization fails, exception is raised.

validateRequestSignature

public PowerAuthApiAuthentication validateRequestSignature(javax.servlet.http.HttpServletRequest servletRequest,
                                                           String requestUriIdentifier,
                                                           String httpAuthorizationHeader,
                                                           List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes,
                                                           @Nullable
                                                           Integer forcedSignatureVersion)
                                                    throws PowerAuthAuthenticationException

Validate a request signature, make sure only supported signature types are used and allow specification of forced signature version.

Parameters:: servletRequest - HTTPServletRequest with signed data.; requestUriIdentifier - Request URI identifier.; httpAuthorizationHeader - PowerAuth HTTP authorization header.; allowedSignatureTypes - Allowed types of signatures.; forcedSignatureVersion - Forced signature version during upgrade.
Returns:: Instance of a PowerAuthApiAuthentication on successful authorization.
Throws:: PowerAuthAuthenticationException - In case authorization fails, exception is raised.

validateRequestSignature
```
public PowerAuthApiAuthentication validateRequestSignature(javax.servlet.http.HttpServletRequest servletRequest,
                                                           String requestUriIdentifier,
                                                           String httpAuthorizationHeader)
                                                    throws PowerAuthAuthenticationException
```
The same as {validateRequestSignature(HttpServletRequest, String, String, List, Integer) but uses default accepted signature type (2FA or 3FA) and does not specify forced signature version.

Parameters:

servletRequest - HTTPServletRequest with signed data.

requestUriIdentifier - Request URI identifier.

httpAuthorizationHeader - PowerAuth HTTP authorization header.

Returns:

Instance of a PowerAuthApiAuthentication on successful authorization.

Throws:

PowerAuthAuthenticationException - In case authorization fails, exception is raised.

validateToken
```
public PowerAuthApiAuthentication validateToken(String tokenHeader)
                                         throws PowerAuthAuthenticationException
```
Validate the token digest from PowerAuth authentication header.

Parameters:

tokenHeader - HTTP header with token digest.

Returns:

Instance of a PowerAuthApiAuthentication on successful authorization.

Throws:

PowerAuthAuthenticationException - In case authorization fails, exception is raised.

extractRequestBodyBytes
```
public byte[] extractRequestBodyBytes(javax.servlet.http.HttpServletRequest servletRequest)
                               throws PowerAuthAuthenticationException
```
Extract request body bytes from HTTP servlet request. In case the data was transparently decrypted, use the decrypted request data.

Parameters:

servletRequest - HTTP servlet request.

Returns:

Request body bytes.

Throws:

PowerAuthAuthenticationException - In case request body is invalid.

Class PowerAuthAuthenticationProviderBase

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

PowerAuthAuthenticationProviderBase

Method Detail

validateRequestSignature

validateToken

validateRequestSignature

validateRequestSignature

validateRequestSignature

validateRequestSignature

validateToken

extractRequestBodyBytes