Package org.gcube.common.iam

Interface IAMResponse

All Known Implementing Classes:
AbstractIAMResponse, D4ScienceIAMClientAuthn, D4ScienceIAMClientAuthn4Client, D4ScienceIAMClientAuthn4User, D4ScienceIAMClientAuthz, OIDCBearerAuth
public interface IAMResponse
Interface for D4Science IAM response handling. Provides methods to access tokens, custom claims, and authentication information.
Author:
Mauro Mugnaini (Nubisware S.r.l.)

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    canBeRefreshed()
    Check if the current response can be refreshed
    org.gcube.common.keycloak.model.AccessToken
    getAccessToken()
    Returns the access token in the response.
    String
    getAccessTokenString()
    Returns the access token in the response as string.
    String
    getContactOrganization()
    Returns the client's contact organization from the token
    String
    getContactPerson()
    Returns the client's contact person from the token
    Set<String>
    getContextRoles()
    Returns the resource roles for the resource specified in the token context
    Set<String>
    getGlobalRoles()
    Returns the realm roles in the token
    String
    getName()
    Returns the client's name from the token
    Set<String>
    getResourceRoles(String resource)
    Returns the resource roles for the resource specified in the resource parameter
    Set<String>
    getRoles()
    Returns all the roles, realm and from all the resources in the token in the same set
    boolean
    isAccessTokenValid()
    Quick way to check if the access token is valid by checking the digital signature and the token expiration
    boolean
    isAccessTokenValid(boolean checkExpiration)
    Quick way to check if the access token is valid by checking the digital signature and the token expiration if the checkExpiration parameter is true
    boolean
    isExpired()
    Check if the current response is expired
    boolean
    isRefreshTokenValid()
    Quick way to check if the refresh token present in the current response and it is valid by checking the digital signature and the token expiration
    boolean
    isRefreshTokenValid(boolean checkExpiration)
    Quick way to check if the refresh token present in the current response and it is valid by checking the digital signature and the token expiration if the checkExpiration parameter is true
    void
    refresh()
    Refreshes the current response, new data can be obtained again with accessors.
    void
    verifyAccessToken()
    Verifies the access token integrity and validity; token digital signature and expiration are reported via specific exceptions.
    void
    verifyRefreshToken()
    Verifies the refresh token integrity and validity; token digital signature and expiration are reported via specific exceptions.

  • Method Details

    • getAccessToken

      org.gcube.common.keycloak.model.AccessToken getAccessToken() throws D4ScienceIAMClientException
      Returns the access token in the response.
      Returns:
      The access token
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

    • getAccessTokenString

      String getAccessTokenString()
      Returns the access token in the response as string.
      Returns:
      The access token as string

    • isExpired

      boolean isExpired() throws D4ScienceIAMClientException
      Check if the current response is expired
      Returns:
      true if the response is expired, false otherwise
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

    • canBeRefreshed

      boolean canBeRefreshed() throws D4ScienceIAMClientException
      Check if the current response can be refreshed
      Returns:
      true if the response can be refreshed, false otherwise
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

    • refresh

      void refresh() throws D4ScienceIAMClientException
      Refreshes the current response, new data can be obtained again with accessors.
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token refresh

    • getContextRoles

      Set<String> getContextRoles() throws D4ScienceIAMClientException
      Returns the resource roles for the resource specified in the token context
      Returns:
      the token context's roles
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

    • getResourceRoles

      Set<String> getResourceRoles(String resource) throws D4ScienceIAMClientException
      Returns the resource roles for the resource specified in the resource parameter
      Parameters:
      resource - the resource of which obtain the roles
      Returns:
      the roles for the resource
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

    • getRoles

      Set<String> getRoles() throws D4ScienceIAMClientException
      Returns all the roles, realm and from all the resources in the token in the same set
      Returns:
      the union of all the roles in the token
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

    • getGlobalRoles

      Set<String> getGlobalRoles() throws D4ScienceIAMClientException
      Returns the realm roles in the token
      Returns:
      the realm roles
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

    • getContactOrganization

      String getContactOrganization() throws D4ScienceIAMClientException
      Returns the client's contact organization from the token
      Returns:
      the contact organization string
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

    • getContactPerson

      String getContactPerson() throws D4ScienceIAMClientException
      Returns the client's contact person from the token
      Returns:
      the contact person string
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

    • getName

      String getName() throws D4ScienceIAMClientException
      Returns the client's name from the token
      Returns:
      the name string
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

    • isAccessTokenValid

      boolean isAccessTokenValid() throws D4ScienceIAMClientException
      Quick way to check if the access token is valid by checking the digital signature and the token expiration
      Returns:
      true if the access token is valid, false otherwise
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token validity checks

    • isAccessTokenValid

      boolean isAccessTokenValid(boolean checkExpiration) throws D4ScienceIAMClientException
      Quick way to check if the access token is valid by checking the digital signature and the token expiration if the checkExpiration parameter is true
      Parameters:
      checkExpiration - checks also if the token is expired
      Returns:
      true if the access token is valid, false otherwise
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token validity checks

    • verifyAccessToken

      void verifyAccessToken() throws org.gcube.io.jsonwebtoken.security.SignatureException, org.gcube.io.jsonwebtoken.ExpiredJwtException, D4ScienceIAMClientException
      Verifies the access token integrity and validity; token digital signature and expiration are reported via specific exceptions.
      Throws:
      org.gcube.io.jsonwebtoken.security.SignatureException - if the token has been tampered and/or signature is invalid
      org.gcube.io.jsonwebtoken.ExpiredJwtException - if the token validity is expired
      D4ScienceIAMClientException - if something else goes wrong during the token verification

    • isRefreshTokenValid

      boolean isRefreshTokenValid() throws D4ScienceIAMClientException
      Quick way to check if the refresh token present in the current response and it is valid by checking the digital signature and the token expiration
      Returns:
      true if the refresh token is valid, false otherwise
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token validity checks

    • isRefreshTokenValid

      boolean isRefreshTokenValid(boolean checkExpiration) throws D4ScienceIAMClientException
      Quick way to check if the refresh token present in the current response and it is valid by checking the digital signature and the token expiration if the checkExpiration parameter is true
      Parameters:
      checkExpiration - checks also if the token is expired
      Returns:
      true if the refresh token is valid, false otherwise
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token validity checks

    • verifyRefreshToken

      void verifyRefreshToken() throws org.gcube.io.jsonwebtoken.security.SignatureException, org.gcube.io.jsonwebtoken.ExpiredJwtException, D4ScienceIAMClientException
      Verifies the refresh token integrity and validity; token digital signature and expiration are reported via specific exceptions.
      Throws:
      org.gcube.io.jsonwebtoken.security.SignatureException - if the token has been tampered and/or signature is invalid
      org.gcube.io.jsonwebtoken.ExpiredJwtException - if the token validity is expired
      D4ScienceIAMClientException - if something else goes wrong during the token verification