org.gcube.common.iam

Class AbstractIAMResponse

java.lang.Object

org.gcube.common.iam.AbstractIAMResponse

All Implemented Interfaces:

IAMResponse

Direct Known Subclasses:

D4ScienceIAMClientAuthn, D4ScienceIAMClientAuthz

public class AbstractIAMResponse
extends Object
implements IAMResponse

Abstract base class for D4Science IAM responses that implements common functionality for handling authentication and authorization responses. @author Mauro Mugnaini (Nubisware S.r.l.)

Constructor Summary

Constructors

Constructor and Description
AbstractIAMResponse(D4ScienceIAMClient iamClient, org.gcube.common.keycloak.model.TokenResponse tokenResponse) Creates a new AbstractIAMResponse with the specified IAM client and token response.

Method Summary

Modifier and Type	Method and Description
boolean	canBeRefreshed() Check if the current response can be refreshed
org.gcube.common.keycloak.model.AccessToken	getAccessToken() Returns the access token in the response.
String	getAccessTokenString() Returns the access token in the response as string.
String	getContactOrganization() Returns the client's contact organization from the token
String	getContactPerson() Returns the client's contact person from the token
Set<String>	getContextRoles() Returns the resource roles for the resource specified in the token context
Set<String>	getGlobalRoles() Returns the realm roles in the token
D4ScienceIAMClient	getIamClient() Returns the IAM client instance.
String	getName() Returns the client's name from the token
String	getRefreshTokenString() Returns the refresh token as a string.
Set<String>	getResourceRoles(String resource) Returns the resource roles for the resource specified in the resource parameter
Set<String>	getRoles() Returns all the roles, realm and from all the resources in the token in the same set
protected org.gcube.common.keycloak.model.TokenResponse	getTokenResponse() Returns the token response.
boolean	isAccessTokenValid() Quick way to check if the access token is valid by checking the digital signature and the token expiration
boolean	isAccessTokenValid(boolean checkExpiration) Quick way to check if the access token is valid by checking the digital signature and the token expiration if the checkExpiration parameter is true
boolean	isExpired() Check if the current response is expired
boolean	isRefreshTokenValid() Quick way to check if the refresh token present in the current response and it is valid by checking the digital signature and the token expiration
boolean	isRefreshTokenValid(boolean checkExpiration) Quick way to check if the refresh token present in the current response and it is valid by checking the digital signature and the token expiration if the checkExpiration parameter is true
void	refresh() Refreshes the current response, new data can be obtained again with accessors.
void	refresh(String clientId, String clientSecret) Refreshes the token using the specified client credentials.
void	setIamClient(D4ScienceIAMClient iamClient) Sets the IAM client instance.
void	setTokenResponse(org.gcube.common.keycloak.model.TokenResponse tokenResponse) Sets the token response.
void	verifyAccessToken() Verifies the access token integrity and validity; token digital signature and expiration are reported via specific exceptions.
void	verifyRefreshToken() Verifies the refresh token integrity and validity; token digital signature and expiration are reported via specific exceptions.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbstractIAMResponse

public AbstractIAMResponse(D4ScienceIAMClient iamClient,
                           org.gcube.common.keycloak.model.TokenResponse tokenResponse)

Creates a new AbstractIAMResponse with the specified IAM client and token response.

Parameters:

iamClient - the D4Science IAM client instance

tokenResponse - the token response from the authentication/authorization process

Method Detail

setIamClient

public void setIamClient(D4ScienceIAMClient iamClient)

Sets the IAM client instance.

Parameters:

iamClient - the D4Science IAM client to set

getIamClient

public D4ScienceIAMClient getIamClient()

Returns the IAM client instance.

Returns:

the D4Science IAM client

setTokenResponse

public void setTokenResponse(org.gcube.common.keycloak.model.TokenResponse tokenResponse)

Sets the token response.

Parameters:

tokenResponse - the token response to set

getTokenResponse

protected org.gcube.common.keycloak.model.TokenResponse getTokenResponse()

Returns the token response.

Returns:

the token response

getAccessToken

public org.gcube.common.keycloak.model.AccessToken getAccessToken()
                                                           throws D4ScienceIAMClientException

Description copied from interface: IAMResponse

Returns the access token in the response.

Specified by:

getAccessToken in interface IAMResponse

Returns:

The access token

Throws:

D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

getAccessTokenString

public String getAccessTokenString()

Description copied from interface: IAMResponse

Returns the access token in the response as string.

Specified by:

getAccessTokenString in interface IAMResponse

Returns:

The access token as string

isExpired

public boolean isExpired()
                  throws D4ScienceIAMClientException

Description copied from interface: IAMResponse

Check if the current response is expired

Specified by:

isExpired in interface IAMResponse

Returns:

true if the response is expired, false otherwise

Throws:

D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

getRefreshTokenString

public String getRefreshTokenString()

Returns the refresh token as a string.

Returns:

the refresh token string

canBeRefreshed

public boolean canBeRefreshed()
                       throws D4ScienceIAMClientException

Description copied from interface: IAMResponse

Check if the current response can be refreshed

Specified by:

canBeRefreshed in interface IAMResponse

Returns:

true if the response can be refreshed, false otherwise

Throws:

D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

refresh

public void refresh()
             throws D4ScienceIAMClientException

Description copied from interface: IAMResponse

Refreshes the current response, new data can be obtained again with accessors.

Specified by:

refresh in interface IAMResponse

Throws:

D4ScienceIAMClientException - if something goes wrong during the token refresh

refresh

public void refresh(String clientId,
                    String clientSecret)
             throws D4ScienceIAMClientException

Refreshes the token using the specified client credentials.

Parameters:

clientId - the client ID

clientSecret - the client secret

Throws:

D4ScienceIAMClientException - if an error occurs during token refresh

getGlobalRoles

public Set<String> getGlobalRoles()
                           throws D4ScienceIAMClientException

Description copied from interface: IAMResponse

Returns the realm roles in the token

Specified by:

getGlobalRoles in interface IAMResponse

Returns:

the realm roles

Throws:

D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

getRoles

public Set<String> getRoles()
                     throws D4ScienceIAMClientException

Description copied from interface: IAMResponse

Returns all the roles, realm and from all the resources in the token in the same set

Specified by:

getRoles in interface IAMResponse

Returns:

the union of all the roles in the token

Throws:

D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

getResourceRoles

public Set<String> getResourceRoles(String resource)
                             throws D4ScienceIAMClientException

Description copied from interface: IAMResponse

Returns the resource roles for the resource specified in the resource parameter

Specified by:

getResourceRoles in interface IAMResponse

Parameters:

resource - the resource of which obtain the roles

Returns:

the roles for the resource

Throws:

D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

getContextRoles

public Set<String> getContextRoles()
                            throws D4ScienceIAMClientException

Description copied from interface: IAMResponse

Returns the resource roles for the resource specified in the token context

Specified by:

getContextRoles in interface IAMResponse

Returns:

the token context's roles

Throws:

D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

getName

public String getName()
               throws D4ScienceIAMClientException

Description copied from interface: IAMResponse

Returns the client's name from the token

Specified by:

getName in interface IAMResponse

Returns:

the name string

Throws:

D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

getContactPerson

public String getContactPerson()
                        throws D4ScienceIAMClientException

Description copied from interface: IAMResponse

Returns the client's contact person from the token

Specified by:

getContactPerson in interface IAMResponse

Returns:

the contact person string

Throws:

D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

getContactOrganization

public String getContactOrganization()
                              throws D4ScienceIAMClientException

Description copied from interface: IAMResponse

Returns the client's contact organization from the token

Specified by:

getContactOrganization in interface IAMResponse

Returns:

the contact organization string

Throws:

D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

isAccessTokenValid

public boolean isAccessTokenValid()
                           throws D4ScienceIAMClientException

Description copied from interface: IAMResponse

Quick way to check if the access token is valid by checking the digital signature and the token expiration

Specified by:

isAccessTokenValid in interface IAMResponse

Returns:

true if the access token is valid, false otherwise

Throws:

D4ScienceIAMClientException - if something goes wrong during the token validity checks

isAccessTokenValid

public boolean isAccessTokenValid(boolean checkExpiration)
                           throws D4ScienceIAMClientException

Description copied from interface: IAMResponse

Quick way to check if the access token is valid by checking the digital signature and the token expiration if the checkExpiration parameter is true

Specified by:

isAccessTokenValid in interface IAMResponse

Parameters:

checkExpiration - checks also if the token is expired

Returns:

true if the access token is valid, false otherwise

Throws:

D4ScienceIAMClientException - if something goes wrong during the token validity checks

verifyAccessToken

public void verifyAccessToken()
                       throws org.gcube.io.jsonwebtoken.security.SignatureException,
                              org.gcube.io.jsonwebtoken.ExpiredJwtException,
                              D4ScienceIAMClientException

Description copied from interface: IAMResponse

Verifies the access token integrity and validity; token digital signature and expiration are reported via specific exceptions.

Specified by:

verifyAccessToken in interface IAMResponse

Throws:

org.gcube.io.jsonwebtoken.security.SignatureException - if the token has been tampered and/or signature is invalid

org.gcube.io.jsonwebtoken.ExpiredJwtException - if the token validity is expired

D4ScienceIAMClientException - if something else goes wrong during the token verification

isRefreshTokenValid

public boolean isRefreshTokenValid()
                            throws D4ScienceIAMClientException

Description copied from interface: IAMResponse

Quick way to check if the refresh token present in the current response and it is valid by checking the digital signature and the token expiration

Specified by:

isRefreshTokenValid in interface IAMResponse

Returns:

true if the refresh token is valid, false otherwise

Throws:

D4ScienceIAMClientException - if something goes wrong during the token validity checks

isRefreshTokenValid

public boolean isRefreshTokenValid(boolean checkExpiration)
                            throws D4ScienceIAMClientException

Description copied from interface: IAMResponse

Quick way to check if the refresh token present in the current response and it is valid by checking the digital signature and the token expiration if the checkExpiration parameter is true

Specified by:

isRefreshTokenValid in interface IAMResponse

Parameters:

checkExpiration - checks also if the token is expired

Returns:

true if the refresh token is valid, false otherwise

Throws:

D4ScienceIAMClientException - if something goes wrong during the token validity checks

verifyRefreshToken

public void verifyRefreshToken()
                        throws org.gcube.io.jsonwebtoken.security.SignatureException,
                               org.gcube.io.jsonwebtoken.ExpiredJwtException,
                               D4ScienceIAMClientException

Description copied from interface: IAMResponse

Verifies the refresh token integrity and validity; token digital signature and expiration are reported via specific exceptions.

Specified by:

verifyRefreshToken in interface IAMResponse

Throws:

org.gcube.io.jsonwebtoken.security.SignatureException - if the token has been tampered and/or signature is invalid

org.gcube.io.jsonwebtoken.ExpiredJwtException - if the token validity is expired

D4ScienceIAMClientException - if something else goes wrong during the token verification