Owner Service Provider Interface The owner service provider interface is used by the OAuth server to authenticate the resource owner during the authorization code flow, and to obtain attributes of the resource owner. In addition to authenticate the owner, the owner service provider interfaces are responsible for redirecting the client applications to login and access grant page. Owner Service Provider Interface (SPI) Flow The following figure illustrates the flow for owner service provider interface. Figure 29 Owner SPI Flow Owner Service Provider Interface (SPI) Java API The following is the Java API of the owner service provider interface: /** * OwnerAdapter is the interface use by OpenID Provider to authenticate * the resource owner. * <p/> * A OwnerAdapter may be implemented using LDAP, database, 3rd party * ISP, or a combination of those. * */ public interface OwnerAdapter { /** * This method is called when the instance of the adapter is first loaded. * The properties is a map of properties from SecurityRuntime.cfg. * The adapter may initialize itself using these properties. * * @param properties a map of properties from SecurityRuntime.cfg. */ public void init(Map<String, String> properties); /** * Authenticate the owner with the specify username and password. * * @param username username to authenticate. * @param password password to authenticate. * @return a OwnerResult that has the result of the authentication. * @see OwnerResult which will has the owner profile or error from the authentication. */ public OwnerResult authenticateOwner(String username, String password); /** * Process login redirects owner to a login page for resource owner to login. * The login page could be a form with j_username and j_password which will be posted to * the resumeUrl. When resumeUrl received the post request, it will * authenticate the j_username and j_password with #authenticateOwner. * If authenticateOwner failed, processLogin is called again. * * @param request servlet request of the incoming request * @param response servlet response of the incoming request * @param resumeUrl the url to return to after login is done. * * @throws ServletException * @throws IOException an exception if failed to redirect. */ public void processLogin(HttpServletRequest request, HttpServletResponse response, String message, String resumeUrl) throws ServletException, IOException; /** * Process grant access redirects owner to a grant access for resource owner to * grant access to the client based on the scopes. * * The login page could be a form with j_username and j_password which will be posted to * the resumeUrl. When resumeUrl received the post request, it will * authenticate the j_username and j_password with #authenticateOwner. * If authenticateOwner failed, processLogin is called again. * * @param request servlet request of the incoming request * @param response servlet response of the incoming request * @param client the client to grant access to. * @param scopes an array of discription of scopes that the client wish to access * @param resumeUrl the url to return to after login is done. * * @throws ServletException * @throws IOException an exception if failed to redirect. */ public void processGrantAccess(HttpServletRequest request, HttpServletResponse response, String client, String[] scopes, String resumeUrl) throws ServletException, IOException; }
