Authentication using OAuth, integrated with Google App Engine and Jersey 1.x servlet container.
Includes token verifiers for Google Sign In and Facebook Login, but you can specify your own implementation.
Extensible as much as possible, so you can swap any class with your own implementation.
-
Add project dependency.
- Maven:
<dependency> <groupId>me.lazerka.gae-jersey-oauth2</groupId> <artifactId>gae-jersey-oauth2</artifactId> <version>2.3</version> </dependency>
- Gradle:
compile 'me.lazerka.gae-jersey-oauth2:gae-jersey-oauth2:2.3' -
Install Guice module:
install(new OauthModule());
See available OauthModule constructors.
-
Add Jersey parameter:
parameters.put(ResourceConfig.PROPERTY_RESOURCE_FILTER_FACTORIES, AuthFilterFactory.class.getName())
Annotate your resources with one of standard javax.annotation.security.* annotations:
@RolesAllowed(Role.USER)@RolesAllowed(Role.ADMIN)@RolesAllowed(Role.OPTIONAL)@PermitAll@DenyAll
To get current user credentials:
import me.lazerka.gae.jersey.oauth2.UserPrincipal;
import javax.annotation.Nullable;
import javax.ws.rs.core.SecurityContext;
public class UserService {
@Inject
SecurityContext securityContext;
@Nullable
public UserPrincipal getCurrentUserPrincipal() {
return (UserPrincipal) securityContext.getUserPrincipal();
}
}Resources annotated with @PermitAll do not even check authentication,
so resources annotated with it will not get any SecurityContext even if user is
authenticated. See Role.OPTIONAL.
You can swap pretty much anything with your own implementation:
OauthModuleis optional, feel free to use your own.AuthFilterFactorycan be customized by providing your own implementation to Jersey parameters.AuthFiltercan be customized by binding your own implementation in Guice module:bind(AuthFilter.class).to(MyAuthFilter.class);.- You can add other providers by adding your own
TokenVerifiers using Guice Multibindings (see exampleOauthModule).