Package org.gcube.common.keycloak

Class DefaultKeycloakClient

    • Constructor Detail

      • DefaultKeycloakClient

        public DefaultKeycloakClient()

    • Method Detail

      • setCustomBaseURL

        public void setCustomBaseURL​(String customBaseURL)

      • getCustomBaseURL

        public String getCustomBaseURL()

      • getRealmBaseURL

        public URL getRealmBaseURL​(String context)
                    throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Returns the Keycloak base URL for the given context and the default realm (d4science)
        Specified by:
        getRealmBaseURL in interface KeycloakClient
        Parameters:
        context - the context where the endpoint is needed (e.g. /gcube for DEV)
        Returns:
        the Keycloak token endpoint URL
        Throws:
        KeycloakClientException - if something goes wrong discovering the endpoint URL

      • getRealmBaseURL

        public URL getRealmBaseURL​(String context,
                           String realm)
                    throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Returns the Keycloak base URL for the given context and in the given realm.
        Specified by:
        getRealmBaseURL in interface KeycloakClient
        Parameters:
        context - the context where the endpoint is needed (e.g. /gcube for DEV)
        realm - the realm to use to construct the base URL
        Returns:
        the Keycloak token endpoint URL
        Throws:
        KeycloakClientException - if something goes wrong discovering the endpoint URL

      • queryOIDCToken

        public TokenResponse queryOIDCToken​(URL tokenURL,
                                    String clientId,
                                    String clientSecret,
                                    Map<String,​String> extraHeaders)
                             throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token from the Keycloak server, by using provided clientId and client secret. Optionally extra HTTP headers can be provided to be used in the call.
        Specified by:
        queryOIDCToken in interface KeycloakClient
        Parameters:
        tokenURL - the token endpoint URL of the Keycloak server
        clientId - the client id
        clientSecret - the client secret
        extraHeaders - extra HTTP headers to add to the request
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryOIDCToken

        public TokenResponse queryOIDCToken​(String context,
                                    String authorization)
                             throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token from the Keycloak server, by using provided authorization.
        Specified by:
        queryOIDCToken in interface KeycloakClient
        Parameters:
        context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
        authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryOIDCToken

        public TokenResponse queryOIDCToken​(String context,
                                    String authorization,
                                    Map<String,​String> extraHeaders)
                             throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token from the Keycloak server, by using provided authorization. Optionally extra HTTP headers can be provided to be used in the call.
        Specified by:
        queryOIDCToken in interface KeycloakClient
        Parameters:
        context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
        authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
        extraHeaders - extra HTTP headers to add to the request
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryOIDCToken

        public TokenResponse queryOIDCToken​(URL tokenURL,
                                    String authorization,
                                    Map<String,​String> extraHeaders)
                             throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token from the Keycloak server, by using provided authorization. Optionally extra HTTP headers can be provided to be used in the call.
        Specified by:
        queryOIDCToken in interface KeycloakClient
        authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
        extraHeaders - extra HTTP headers to add to the request
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryOIDCTokenOfUser

        public TokenResponse queryOIDCTokenOfUser​(String context,
                                          String clientId,
                                          String clientSecret,
                                          String username,
                                          String password)
                                   throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.
        Specified by:
        queryOIDCTokenOfUser in interface KeycloakClient
        Parameters:
        context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
        clientId - the client id
        clientSecret - the client secret
        username - the user's username
        password - the user's password
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryOIDCTokenOfUser

        public TokenResponse queryOIDCTokenOfUser​(String context,
                                          String clientId,
                                          String clientSecret,
                                          String username,
                                          String password,
                                          Map<String,​String> extraHeaders)
                                   throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password. Optionally extra HTTP headers can be provided to be used in the call.
        Specified by:
        queryOIDCTokenOfUser in interface KeycloakClient
        Parameters:
        context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
        clientId - the client id
        clientSecret - the client secret
        username - the user's username
        password - the user's password
        extraHeaders - extra HTTP headers to add to the request
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryOIDCTokenWithContext

        public TokenResponse queryOIDCTokenWithContext​(String context,
                                               String clientId,
                                               String clientSecret,
                                               String audience)
                                        throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token from the context's Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one. The implementation uses the custom X-D4Science-Context HTTP header that the proper mapper on Keycloak uses to reduce the audience
        Specified by:
        queryOIDCTokenWithContext in interface KeycloakClient
        Parameters:
        context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
        clientId - the client id
        clientSecret - the client secret
        audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryOIDCTokenWithContext

        public TokenResponse queryOIDCTokenWithContext​(String context,
                                               String authorization,
                                               String audience)
                                        throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.
        Specified by:
        queryOIDCTokenWithContext in interface KeycloakClient
        Parameters:
        context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
        authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
        audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryOIDCTokenWithContext

        public TokenResponse queryOIDCTokenWithContext​(URL tokenURL,
                                               String clientId,
                                               String clientSecret,
                                               String audience)
                                        throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token from the Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one. The implementation uses the custom X-D4Science-Context HTTP header that the proper mapper on Keycloak uses to reduce the audience
        Specified by:
        queryOIDCTokenWithContext in interface KeycloakClient
        Parameters:
        tokenURL - the token endpoint URL of the Keycloak server
        clientId - the client id
        clientSecret - the client secret
        audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryOIDCTokenWithContext

        public TokenResponse queryOIDCTokenWithContext​(String context,
                                               String clientId,
                                               String clientSecret,
                                               String audience,
                                               Map<String,​String> extraHeaders)
                                        throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token from the context's Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one. Optionally extra HTTP headers can be provided to be used in the call. The implementation uses the custom X-D4Science-Context HTTP header that the proper mapper on Keycloak uses to reduce the audience
        Specified by:
        queryOIDCTokenWithContext in interface KeycloakClient
        Parameters:
        context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
        clientId - the client id
        clientSecret - the client secret
        audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
        extraHeaders - extra HTTP headers to add to the request
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryOIDCTokenWithContext

        public TokenResponse queryOIDCTokenWithContext​(URL tokenURL,
                                               String clientId,
                                               String clientSecret,
                                               String audience,
                                               Map<String,​String> extraHeaders)
                                        throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token from the Keycloak server, by using provided clientId and client secret, reducing the audience to the requested one. Optionally extra HTTP headers can be provided to be used in the call. The implementation uses the custom X-D4Science-Context HTTP header that the proper mapper on Keycloak uses to reduce the audience
        Specified by:
        queryOIDCTokenWithContext in interface KeycloakClient
        Parameters:
        tokenURL - the token endpoint URL of the Keycloak server
        clientId - the client id
        clientSecret - the client secret
        audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
        extraHeaders - extra HTTP headers to add to the request
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryOIDCTokenWithContext

        public TokenResponse queryOIDCTokenWithContext​(String context,
                                               String authorization,
                                               String audience,
                                               Map<String,​String> extraHeaders)
                                        throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one. Optionally extra HTTP headers can be provided to be used in the call.
        Specified by:
        queryOIDCTokenWithContext in interface KeycloakClient
        Parameters:
        context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
        authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
        audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
        extraHeaders - extra HTTP headers to add to the request
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryOIDCTokenWithContext

        public TokenResponse queryOIDCTokenWithContext​(URL tokenURL,
                                               String authorization,
                                               String audience)
                                        throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.
        Specified by:
        queryOIDCTokenWithContext in interface KeycloakClient
        authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
        audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • constructBasicAuthenticationHeader

        protected static String constructBasicAuthenticationHeader​(String clientId,
                                                           String clientSecret)

      • queryOIDCTokenOfUserWithContext

        public TokenResponse queryOIDCTokenOfUserWithContext​(String context,
                                                     String clientId,
                                                     String clientSecret,
                                                     String username,
                                                     String password,
                                                     String audience)
                                              throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token for a specific user from the Keycloak server, by using provided clientId and client secret and user's username and password, reducing the audience to the requested one. The implementation uses the custom X-D4Science-Context HTTP header that the proper mapper on Keycloak uses to reduce the audience
        Specified by:
        queryOIDCTokenOfUserWithContext in interface KeycloakClient
        clientId - the client id
        clientSecret - the client secret
        username - the user's username
        password - the user's password
        audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryOIDCTokenOfUserWithContext

        public TokenResponse queryOIDCTokenOfUserWithContext​(String context,
                                                     String clientId,
                                                     String clientSecret,
                                                     String username,
                                                     String password,
                                                     String audience,
                                                     Map<String,​String> extraHeaders)
                                              throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token for a specific user from the Keycloak server, by using provided clientId and client secret and user's username and password, reducing the audience to the requested one. Optionally extra HTTP headers can be provided to be used in the call. The implementation uses the custom X-D4Science-Context HTTP header that the proper mapper on Keycloak uses to reduce the audience
        Specified by:
        queryOIDCTokenOfUserWithContext in interface KeycloakClient
        clientId - the client id
        clientSecret - the client secret
        username - the user's username
        password - the user's password
        audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
        extraHeaders - extra HTTP headers to add to the request
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryOIDCTokenOfUserWithContext

        public TokenResponse queryOIDCTokenOfUserWithContext​(String context,
                                                     String authorization,
                                                     String username,
                                                     String password,
                                                     String audience)
                                              throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.
        Specified by:
        queryOIDCTokenOfUserWithContext in interface KeycloakClient
        Parameters:
        context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
        authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
        username - the user's username
        password - the user's password
        audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryOIDCTokenOfUserWithContext

        public TokenResponse queryOIDCTokenOfUserWithContext​(String context,
                                                     String authorization,
                                                     String username,
                                                     String password,
                                                     String audience,
                                                     Map<String,​String> extraHeaders)
                                              throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password. Optionally extra HTTP headers can be provided to be used in the call.
        Specified by:
        queryOIDCTokenOfUserWithContext in interface KeycloakClient
        Parameters:
        context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
        authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
        username - the user's username
        password - the user's password
        audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
        extraHeaders - extra HTTP headers to add to the request
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryOIDCTokenOfUserWithContext

        public TokenResponse queryOIDCTokenOfUserWithContext​(URL tokenURL,
                                                     String clientId,
                                                     String clientSecret,
                                                     String username,
                                                     String password,
                                                     String audience)
                                              throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password, reducing the audience to the requested one. The implementation uses the custom X-D4Science-Context HTTP header that the proper mapper on Keycloak uses to reduce the audience
        Specified by:
        queryOIDCTokenOfUserWithContext in interface KeycloakClient
        Parameters:
        tokenURL - the token endpoint URL of the Keycloak server
        clientId - the client id
        clientSecret - the client secret
        username - the user's username
        password - the user's password
        audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryOIDCTokenOfUserWithContext

        public TokenResponse queryOIDCTokenOfUserWithContext​(URL tokenURL,
                                                     String clientId,
                                                     String clientSecret,
                                                     String username,
                                                     String password,
                                                     String audience,
                                                     Map<String,​String> extraHeaders)
                                              throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password, , reducing the audience to the requested one. Optionally extra HTTP headers can be provided to be used in the call.
        Specified by:
        queryOIDCTokenOfUserWithContext in interface KeycloakClient
        Parameters:
        tokenURL - the token endpoint URL of the Keycloak server
        clientId - the client id
        clientSecret - the client secret
        username - the user's username
        password - the user's password
        audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
        extraHeaders - extra HTTP headers to add to the request
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryOIDCTokenOfUserWithContext

        public TokenResponse queryOIDCTokenOfUserWithContext​(URL tokenURL,
                                                     String authorization,
                                                     String username,
                                                     String password,
                                                     String audience)
                                              throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.
        Specified by:
        queryOIDCTokenOfUserWithContext in interface KeycloakClient
        authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
        username - the user's username
        password - the user's password
        audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryOIDCTokenOfUserWithContext

        public TokenResponse queryOIDCTokenOfUserWithContext​(URL tokenURL,
                                                     String authorization,
                                                     String username,
                                                     String password,
                                                     String audience,
                                                     Map<String,​String> extraHeaders)
                                              throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password. Optionally extra HTTP headers can be provided to be used in the call.
        Specified by:
        queryOIDCTokenOfUserWithContext in interface KeycloakClient
        authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
        username - the user's username
        password - the user's password
        audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
        extraHeaders - extra HTTP headers to add to the request
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryOIDCTokenWithContext

        public TokenResponse queryOIDCTokenWithContext​(URL tokenURL,
                                               String authorization,
                                               String audience,
                                               Map<String,​String> extraHeaders)
                                        throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one. Optionally extra HTTP headers can be provided to be used in the call.
        Specified by:
        queryOIDCTokenWithContext in interface KeycloakClient
        authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
        audience - an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
        extraHeaders - extra HTTP headers to add to the request
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryUMAToken

        public TokenResponse queryUMAToken​(String context,
                                   TokenResponse oidcTokenResponse,
                                   String audience,
                                   List<String> permissions)
                            throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an UMA token from the Keycloak server, by using access-token provided by the TokenResponse object for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
        Specified by:
        queryUMAToken in interface KeycloakClient
        Parameters:
        context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
        audience - the audience (context) where to request the issuing of the ticket
        permissions - a list of permissions, can be null
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • constructBeareAuthenticationHeader

        protected static String constructBeareAuthenticationHeader​(TokenResponse oidcTokenResponse)

      • queryUMAToken

        public TokenResponse queryUMAToken​(String context,
                                   String clientId,
                                   String clientSecret,
                                   String audience,
                                   List<String> permissions)
                            throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
        Specified by:
        queryUMAToken in interface KeycloakClient
        Parameters:
        context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
        clientId - the client id
        clientSecret - the client secret
        audience - the audience (context) where to request the issuing of the ticket
        permissions - a list of permissions, can be null
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryUMAToken

        public TokenResponse queryUMAToken​(URL tokenURL,
                                   String clientId,
                                   String clientSecret,
                                   String audience,
                                   List<String> permissions)
                            throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an UMA token from the Keycloak server, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
        Specified by:
        queryUMAToken in interface KeycloakClient
        Parameters:
        tokenURL - the token endpoint URL of the Keycloak server
        clientId - the client id
        clientSecret - the client secret
        audience - the audience (context) where to request the issuing of the ticket
        permissions - a list of permissions, can be null
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryUMAToken

        public TokenResponse queryUMAToken​(String context,
                                   String authorization,
                                   String audience,
                                   List<String> permissions)
                            throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
        Specified by:
        queryUMAToken in interface KeycloakClient
        Parameters:
        context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
        authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
        audience - the audience (context) where to request the issuing of the ticket (URLEncoded)
        permissions - a list of permissions, can be null
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • queryUMAToken

        public TokenResponse queryUMAToken​(URL tokenURL,
                                   String authorization,
                                   String audience,
                                   List<String> permissions)
                            throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
        Specified by:
        queryUMAToken in interface KeycloakClient
        authorization - the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
        audience - the audience (context) where to request the issuing of the ticket (URLEncoded)
        permissions - a list of permissions, can be null
        Returns:
        the issued token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the query

      • refreshToken

        public TokenResponse refreshToken​(String context,
                                  TokenResponse tokenResponse)
                           throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object. Client id will be read from "issued for" access token's claim and client secret will be not sent.
        NOTE: For public clients types only.
        Specified by:
        refreshToken in interface KeycloakClient
        Parameters:
        context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
        tokenResponse - the previously issued token as TokenResponse object
        Returns:
        the refreshed token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the refresh query

      • refreshToken

        public TokenResponse refreshToken​(URL tokenURL,
                                  TokenResponse tokenResponse)
                           throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object. Client id will be read from "issued for" access token's claim and client secret will be not sent.
        NOTE: For public clients types only.
        Specified by:
        refreshToken in interface KeycloakClient
        tokenResponse - the previously issued token as TokenResponse object
        Returns:
        the refreshed token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the refresh query

      • refreshToken

        public TokenResponse refreshToken​(String context,
                                  String clientId,
                                  String clientSecret,
                                  TokenResponse tokenResponse)
                           throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object and the provided client id and secret.
        Specified by:
        refreshToken in interface KeycloakClient
        Parameters:
        context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
        clientId - the requestor client id, may be null and in this case will be take from the access token "issued for" claim
        clientSecret - the requestor client secret, may be null for non-confidential clients
        tokenResponse - the previously issued token as TokenResponse object
        Returns:
        the refreshed token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the refresh query

      • refreshToken

        public TokenResponse refreshToken​(URL tokenURL,
                                  String clientId,
                                  String clientSecret,
                                  TokenResponse tokenResponse)
                           throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the token response object and the provided client id and secret.
        Specified by:
        refreshToken in interface KeycloakClient
        clientId - the requestor client id, may be null and in this case will be take from the access token "issued for" claim
        clientSecret - the requestor client secret, may be null for non-confidential clients
        tokenResponse - the previously issued token as TokenResponse object
        Returns:
        the refreshed token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the refresh query

      • refreshToken

        public TokenResponse refreshToken​(String context,
                                  String clientId,
                                  String clientSecret,
                                  String refreshTokenJWTString)
                           throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Refreshes a previously issued token from the Keycloak server by using the client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.
        Specified by:
        refreshToken in interface KeycloakClient
        Parameters:
        context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
        clientId - the requestor client id
        clientSecret - the requestor client secret, may be null for non-confidential clients
        refreshTokenJWTString - the previously issued refresh token JWT string
        Returns:
        the refreshed token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the refresh query

      • refreshToken

        public TokenResponse refreshToken​(URL tokenURL,
                                  String clientId,
                                  String clientSecret,
                                  String refreshTokenJWTString)
                           throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Refreshes a previously issued token from the Keycloak server by using the client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.
        Specified by:
        refreshToken in interface KeycloakClient
        clientId - the requestor client id
        clientSecret - the requestor client secret, may be null for non-confidential clients
        refreshTokenJWTString - the previously issued refresh token JWT string
        Returns:
        the refreshed token as TokenResponse object
        Throws:
        KeycloakClientException - if something goes wrong performing the refresh query

      • introspectAccessToken

        public TokenIntrospectionResponse introspectAccessToken​(String context,
                                                        String clientId,
                                                        String clientSecret,
                                                        String accessTokenJWTString)
                                                 throws KeycloakClientException
        Queries from the OIDC server an exchanged token by using provided access token, for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
        Specified by:
        introspectAccessToken in interface KeycloakClient
        Parameters:
        tokenUrl - the token endpoint URL of the OIDC server
        authorization - the auth token (the access token URLEncoded by the "Bearer " string)
        audience - the audience (context) where to request the issuing of the ticket (URLEncoded)
        permissions - a list of permissions, can be null
        Returns:
        the issued token
        Throws:
        OpenIdConnectRESTHelperException - if an error occurs (also an unauthorized call), inspect the exception for details
        KeycloakClientException - if something goes wrong performing the verification

      • isAccessTokenVerified

        public boolean isAccessTokenVerified​(String context,
                                     String clientId,
                                     String clientSecret,
                                     String accessTokenJWTString)
                              throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Verifies an access token against the Keycloak server.
        Specified by:
        isAccessTokenVerified in interface KeycloakClient
        Parameters:
        context - the context where the Keycloak's is needed (e.g. /gcube for DEV)
        clientId - the requestor client id
        clientSecret - the requestor client secret
        accessTokenJWTString - the access token to verify
        Returns:
        true if the token is active, false otherwise
        Throws:
        KeycloakClientException - if something goes wrong performing the verification

      • isAccessTokenVerified

        public boolean isAccessTokenVerified​(URL introspectionURL,
                                     String clientId,
                                     String clientSecret,
                                     String accessTokenJWTString)
                              throws KeycloakClientException
        Description copied from interface: KeycloakClient
        Verifies an access token against the Keycloak server.
        Specified by:
        isAccessTokenVerified in interface KeycloakClient
        Parameters:
        introspectionURL - the introspection endpoint URL of the Keycloak server
        clientId - the requestor client id
        clientSecret - the requestor client secret
        accessTokenJWTString - the access token to verify
        Returns:
        true if the token is active, false otherwise
        Throws:
        KeycloakClientException - if something goes wrong performing the verification

      • safeSetAsExternalCallForOldAPI

        protected void safeSetAsExternalCallForOldAPI​(org.gcube.common.gxrest.request.GXHTTPStringRequest request)