Authenticates an HTTP request submitted to your application's API, returning a result that reflects the
successfully authenticated
com.stormpath.sdk.account.Account that made the request and the
ApiKey used to authenticate
the request. Throws a
com.stormpath.sdk.resource.ResourceException if the request cannot be authenticated.
This method will automatically authenticate both HTTP Basic and OAuth 2 requests. However, if you
require more specific or customized OAuth request processing, use the
com.stormpath.sdk.oauth.OAuthApiRequestAuthenticator#authenticate(com.stormpath.sdk.http.HttpRequest) method instead. That method allows you to customize how an OAuth request
is processed. For example, you will likely want to call
com.stormpath.sdk.oauth.OAuthApiRequestAuthenticator#authenticate(com.stormpath.sdk.http.HttpRequest) for requests
directed to your application's specific OAuth 2 token and authorization urls (often referenced as
/oauth2/token and
/oauth2/authorize in OAuth 2 documentation).
Example
If your application does not run in a Servlet environment - for example, maybe you use a custom HTTP
framework, or Netty, or Play!, you can use the
com.stormpath.sdk.http.HttpRequestBuilderto represent your framework-specific HTTP request object into a format the Stormpath SDK understands. For
example:
//assume a request to, say, https://api.mycompany.com/foo:
public void onApiRequest(MyFrameworkHttpRequest request) {
Application application = client.getResource(myApplicationRestUrl, Application.class);
// Convert the framework-specific HTTP Request into a format the Stormpath SDK understands:
com.stormpath.sdk.http.HttpRequest request =
com.stormpath.sdk.http.HttpRequests.method(frameworkSpecificRequest.getMethod())
.headers(frameworkSpecificRequest.getHeaders())
.queryParameters(frameworkSpecificRequest.getQueryParameters())
.build();
ApiAuthenticationResult result = Applications.apiRequestAuthenticator(application).authenticate(request);
Account account = result.getAccount();
// Check to see that account is allowed to make this request or not before processing
// the request. For example, by checking the account's
com.stormpath.sdk.account.Account#getGroups() or any of your own
// application-specific permissions that might exist in the group's or account's
com.stormpath.sdk.account.Account#getCustomData().
assertAuthorized(account); //implement the 'assertAuthorized' method yourself.
//process request here
}