Package org.forgerock.openig.tools

Class InvalidCallerTokenDetectionFilter

java.lang.Object

org.forgerock.openig.tools.InvalidCallerTokenDetectionFilter

All Implemented Interfaces:

Filter

public class InvalidCallerTokenDetectionFilter
extends Object
implements Filter

An InvalidCallerTokenDetectionFilter provides a mechanism that allows IG to detect an incorrect response and trigger a token refresh before making the request again with the updated token. This is a workaround to OPENAM-17888 (AM not returning the expected 401 Unauthorized when caller token is invalid)

The detector predicate is used to find if the content of a 200 OK response is typical of the result when the caller token is invalid.

Method Summary

Modifier and Type	Method	Description
Promise<Response,NeverThrowsException>	filter(Context context, Request request, Handler next)	Filters the request and/or response of an exchange.
static InvalidCallerTokenDetectionFilter	sessionInfoDetectionFilter(String headerName, AsyncRefreshableSupplier<SsoToken,AuthenticationException> tokenSupplier)	Returns a new detection filter suitable for use with getSessionInfo requests.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

filter

public Promise<Response,NeverThrowsException> filter(Context context,
 Request request,
 Handler next)

Description copied from interface: Filter

Filters the request and/or response of an exchange. To pass the request to the next filter or handler in the chain, the filter calls next.handle(context, request).

This method may elect not to pass the request to the next filter or handler, and instead handle the request itself. It can achieve this by merely avoiding a call to next.handle(context, request) and creating its own response object. The filter is also at liberty to replace a response with another of its own by intercepting the response returned by the next handler.

Specified by:

filter in interface Filter

Parameters:

context - The request context.

request - The request.

next - The next filter or handler in the chain to handle the request.

Returns:

A Promise representing the response to be returned to the client.

sessionInfoDetectionFilter

public static InvalidCallerTokenDetectionFilter sessionInfoDetectionFilter(String headerName,
 AsyncRefreshableSupplier<SsoToken,AuthenticationException> tokenSupplier)

Returns a new detection filter suitable for use with getSessionInfo requests.

Parameters:

headerName - The header to use when adding the SSO token of the caller

tokenSupplier - The caller SSO token supplier

Returns:

a new detection filter suitable for getSessionInfo type of actions.