Package org.atmosphere.interceptor

Class AuthInterceptor

java.lang.Object

org.atmosphere.cpr.AtmosphereInterceptorAdapter

org.atmosphere.interceptor.AuthInterceptor

All Implemented Interfaces:

AtmosphereInterceptor, AtmosphereConfigAware, InvokationOrder

public class AuthInterceptor
extends AtmosphereInterceptorAdapter

Authentication interceptor that validates tokens on every inbound request. Supports all Atmosphere transports (WebSocket, SSE, long-polling, streaming).

Tokens are extracted from:

• The X-Atmosphere-Auth HTTP header (long-polling, streaming)
• The query parameter (configurable, defaults to X-Atmosphere-Auth) — all transports, especially WebSocket and SSE where custom headers are not supported

On token expiration, if a TokenRefresher is configured, the interceptor attempts a server-side refresh and sends the new token to the client via the X-Atmosphere-Auth-Refresh response header.

Programmatic usage

 framework.interceptor(new AuthInterceptor(token -> {
     var claims = jwt.verify(token);
     return new TokenValidator.Valid(claims.getSubject(), claims);
 }));
 

Configuration (init-params)

• org.atmosphere.auth.tokenValidator — FQCN of a TokenValidator
• org.atmosphere.auth.tokenRefresher — FQCN of a TokenRefresher (optional)
• org.atmosphere.auth.queryParam — query param name (default: X-Atmosphere-Auth)
• org.atmosphere.auth.disconnectOnFailure — disconnect on auth failure (default: true)

Since:

4.0

Nested Class Summary

Nested classes/interfaces inherited from interface org.atmosphere.interceptor.InvokationOrder

InvokationOrder.PRIORITY

Field Summary

Fields inherited from interface org.atmosphere.interceptor.InvokationOrder

AFTER_DEFAULT, BEFORE_DEFAULT, FIRST_BEFORE_DEFAULT

Constructor Summary

Constructors

Constructor	Description
AuthInterceptor()	Create an AuthInterceptor configured via init-params.
AuthInterceptor(TokenValidator validator)	Create an AuthInterceptor with a programmatic validator.
AuthInterceptor(TokenValidator validator, TokenRefresher refresher)	Create an AuthInterceptor with a programmatic validator and refresher.

Method Summary

Modifier and Type	Method	Description
int	authenticatedCount()
void	configure(AtmosphereConfig config)	Configure an AtmosphereFramework object.
void	destroy()	Clean the AtmosphereInterceptor when removed or when the Atmosphere is undeployed.
Action	inspect(AtmosphereResource r)	Invoked before an AtmosphereResource gets dispatched to AtmosphereHandler.
void	postInspect(AtmosphereResource r)	Invoked after an AtmosphereResource gets dispatched to AtmosphereHandler.
InvokationOrder.PRIORITY	priority()	Return the priority an AtmosphereInterceptor must be executed.
String	toString()
long	totalRefreshed()
long	totalRejected()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Details

AuthInterceptor

public AuthInterceptor(TokenValidator validator)

Create an AuthInterceptor with a programmatic validator.

Parameters:

validator - the token validator

AuthInterceptor

public AuthInterceptor(TokenValidator validator,
 TokenRefresher refresher)

Create an AuthInterceptor with a programmatic validator and refresher.

Parameters:

validator - the token validator

refresher - the token refresher (may be null)

AuthInterceptor

public AuthInterceptor()

Create an AuthInterceptor configured via init-params. The TokenValidator will be loaded from the org.atmosphere.auth.tokenValidator init-param.

Method Details

configure

public void configure(AtmosphereConfig config)

Description copied from interface: AtmosphereConfigAware

Configure an AtmosphereFramework object.

Specified by:

configure in interface AtmosphereConfigAware

Overrides:

configure in class AtmosphereInterceptorAdapter

Parameters:

config - AtmosphereConfig

inspect

public Action inspect(AtmosphereResource r)

Description copied from interface: AtmosphereInterceptor

Invoked before an AtmosphereResource gets dispatched to AtmosphereHandler.

Specified by:

inspect in interface AtmosphereInterceptor

Overrides:

inspect in class AtmosphereInterceptorAdapter

Parameters:

r - a AtmosphereResource

Returns:

Action.CONTINUE or Action.SUSPEND to dispatch the AtmosphereResource to other AtmosphereInterceptor or AtmosphereHandler. Return Action.TYPE.CANCELLED to stop the processing.

postInspect

public void postInspect(AtmosphereResource r)

Description copied from interface: AtmosphereInterceptor

Invoked after an AtmosphereResource gets dispatched to AtmosphereHandler.

Specified by:

postInspect in interface AtmosphereInterceptor

Overrides:

postInspect in class AtmosphereInterceptorAdapter

Parameters:

r - a AtmosphereResource

destroy

public void destroy()

Description copied from interface: AtmosphereInterceptor

Clean the AtmosphereInterceptor when removed or when the Atmosphere is undeployed.

Specified by:

destroy in interface AtmosphereInterceptor

Overrides:

destroy in class AtmosphereInterceptorAdapter

priority

public InvokationOrder.PRIORITY priority()

Description copied from interface: InvokationOrder

Return the priority an AtmosphereInterceptor must be executed.

Specified by:

priority in interface InvokationOrder

Overrides:

priority in class AtmosphereInterceptorAdapter

Returns:

PRIORITY

totalRejected

public long totalRejected()

Returns:

total requests rejected due to authentication failure

totalRefreshed

public long totalRefreshed()

Returns:

total tokens successfully refreshed

authenticatedCount

public int authenticatedCount()

Returns:

number of currently authenticated resources

toString

public String toString()

Overrides:

toString in class AtmosphereInterceptorAdapter