Package org.gcube.common.iam

Class AbstractIAMResponse

java.lang.Object
org.gcube.common.iam.AbstractIAMResponse
All Implemented Interfaces:
IAMResponse
Direct Known Subclasses:
D4ScienceIAMClientAuthn, D4ScienceIAMClientAuthz, OIDCBearerAuth
public class AbstractIAMResponse extends Object implements IAMResponse
Abstract base class for D4Science IAM responses that implements common functionality for handling authentication and authorization responses.
Author:
Mauro Mugnaini (Nubisware S.r.l.)

  • Constructor Summary

    Constructors
    Constructor
    Description
    AbstractIAMResponse(D4ScienceIAMClient iamClient, org.gcube.common.keycloak.model.TokenResponse tokenResponse)
    Creates a new AbstractIAMResponse with the specified IAM client and token response.

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    canBeRefreshed()
    Check if the current response can be refreshed
    org.gcube.common.keycloak.model.AccessToken
    getAccessToken()
    Returns the access token in the response.
    String
    getAccessTokenString()
    Returns the access token in the response as string.
    String
    getContactOrganization()
    Returns the client's contact organization from the token
    String
    getContactPerson()
    Returns the client's contact person from the token
    Set<String>
    getContextRoles()
    Returns the resource roles for the resource specified in the token context
    Set<String>
    getGlobalRoles()
    Returns the realm roles in the token
    D4ScienceIAMClient
    getIamClient()
    Returns the IAM client instance.
    String
    getName()
    Returns the client's name from the token
    String
    getRefreshTokenString()
    Returns the refresh token as a string.
    Set<String>
    getResourceRoles(String resource)
    Returns the resource roles for the resource specified in the resource parameter
    Set<String>
    getRoles()
    Returns all the roles, realm and from all the resources in the token in the same set
    protected org.gcube.common.keycloak.model.TokenResponse
    getTokenResponse()
    Returns the token response.
    boolean
    isAccessTokenValid()
    Quick way to check if the access token is valid by checking the digital signature and the token expiration
    boolean
    isAccessTokenValid(boolean checkExpiration)
    Quick way to check if the access token is valid by checking the digital signature and the token expiration if the checkExpiration parameter is true
    boolean
    isExpired()
    Check if the current response is expired
    boolean
    isRefreshTokenValid()
    Quick way to check if the refresh token present in the current response and it is valid by checking the digital signature and the token expiration
    boolean
    isRefreshTokenValid(boolean checkExpiration)
    Quick way to check if the refresh token present in the current response and it is valid by checking the digital signature and the token expiration if the checkExpiration parameter is true
    void
    refresh()
    Refreshes the current response, new data can be obtained again with accessors.
    void
    refresh(String clientId, String clientSecret)
    Refreshes the token using the specified client credentials.
    void
    setIamClient(D4ScienceIAMClient iamClient)
    Sets the IAM client instance.
    void
    setTokenResponse(org.gcube.common.keycloak.model.TokenResponse tokenResponse)
    Sets the token response.
    void
    verifyAccessToken()
    Verifies the access token integrity and validity; token digital signature and expiration are reported via specific exceptions.
    void
    verifyRefreshToken()
    Verifies the refresh token integrity and validity; token digital signature and expiration are reported via specific exceptions.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • AbstractIAMResponse

      public AbstractIAMResponse(D4ScienceIAMClient iamClient, org.gcube.common.keycloak.model.TokenResponse tokenResponse)
      Creates a new AbstractIAMResponse with the specified IAM client and token response.
      Parameters:
      iamClient - the D4Science IAM client instance
      tokenResponse - the token response from the authentication/authorization process

  • Method Details

    • setIamClient

      public void setIamClient(D4ScienceIAMClient iamClient)
      Sets the IAM client instance.
      Parameters:
      iamClient - the D4Science IAM client to set

    • getIamClient

      public D4ScienceIAMClient getIamClient()
      Returns the IAM client instance.
      Returns:
      the D4Science IAM client

    • setTokenResponse

      public void setTokenResponse(org.gcube.common.keycloak.model.TokenResponse tokenResponse)
      Sets the token response.
      Parameters:
      tokenResponse - the token response to set

    • getTokenResponse

      protected org.gcube.common.keycloak.model.TokenResponse getTokenResponse()
      Returns the token response.
      Returns:
      the token response

    • getAccessToken

      public org.gcube.common.keycloak.model.AccessToken getAccessToken() throws D4ScienceIAMClientException
      Description copied from interface: IAMResponse
      Returns the access token in the response.
      Specified by:
      getAccessToken in interface IAMResponse
      Returns:
      The access token
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

    • getAccessTokenString

      public String getAccessTokenString()
      Description copied from interface: IAMResponse
      Returns the access token in the response as string.
      Specified by:
      getAccessTokenString in interface IAMResponse
      Returns:
      The access token as string

    • isExpired

      public boolean isExpired() throws D4ScienceIAMClientException
      Description copied from interface: IAMResponse
      Check if the current response is expired
      Specified by:
      isExpired in interface IAMResponse
      Returns:
      true if the response is expired, false otherwise
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

    • getRefreshTokenString

      public String getRefreshTokenString()
      Returns the refresh token as a string.
      Returns:
      the refresh token string

    • canBeRefreshed

      public boolean canBeRefreshed() throws D4ScienceIAMClientException
      Description copied from interface: IAMResponse
      Check if the current response can be refreshed
      Specified by:
      canBeRefreshed in interface IAMResponse
      Returns:
      true if the response can be refreshed, false otherwise
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

    • refresh

      public void refresh() throws D4ScienceIAMClientException
      Description copied from interface: IAMResponse
      Refreshes the current response, new data can be obtained again with accessors.
      Specified by:
      refresh in interface IAMResponse
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token refresh

    • refresh

      public void refresh(String clientId, String clientSecret) throws D4ScienceIAMClientException
      Refreshes the token using the specified client credentials.
      Parameters:
      clientId - the client ID
      clientSecret - the client secret
      Throws:
      D4ScienceIAMClientException - if an error occurs during token refresh

    • getGlobalRoles

      public Set<String> getGlobalRoles() throws D4ScienceIAMClientException
      Description copied from interface: IAMResponse
      Returns the realm roles in the token
      Specified by:
      getGlobalRoles in interface IAMResponse
      Returns:
      the realm roles
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

    • getRoles

      public Set<String> getRoles() throws D4ScienceIAMClientException
      Description copied from interface: IAMResponse
      Returns all the roles, realm and from all the resources in the token in the same set
      Specified by:
      getRoles in interface IAMResponse
      Returns:
      the union of all the roles in the token
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

    • getResourceRoles

      public Set<String> getResourceRoles(String resource) throws D4ScienceIAMClientException
      Description copied from interface: IAMResponse
      Returns the resource roles for the resource specified in the resource parameter
      Specified by:
      getResourceRoles in interface IAMResponse
      Parameters:
      resource - the resource of which obtain the roles
      Returns:
      the roles for the resource
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

    • getContextRoles

      public Set<String> getContextRoles() throws D4ScienceIAMClientException
      Description copied from interface: IAMResponse
      Returns the resource roles for the resource specified in the token context
      Specified by:
      getContextRoles in interface IAMResponse
      Returns:
      the token context's roles
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

    • getName

      public String getName() throws D4ScienceIAMClientException
      Description copied from interface: IAMResponse
      Returns the client's name from the token
      Specified by:
      getName in interface IAMResponse
      Returns:
      the name string
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

    • getContactPerson

      public String getContactPerson() throws D4ScienceIAMClientException
      Description copied from interface: IAMResponse
      Returns the client's contact person from the token
      Specified by:
      getContactPerson in interface IAMResponse
      Returns:
      the contact person string
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

    • getContactOrganization

      public String getContactOrganization() throws D4ScienceIAMClientException
      Description copied from interface: IAMResponse
      Returns the client's contact organization from the token
      Specified by:
      getContactOrganization in interface IAMResponse
      Returns:
      the contact organization string
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

    • isAccessTokenValid

      public boolean isAccessTokenValid() throws D4ScienceIAMClientException
      Description copied from interface: IAMResponse
      Quick way to check if the access token is valid by checking the digital signature and the token expiration
      Specified by:
      isAccessTokenValid in interface IAMResponse
      Returns:
      true if the access token is valid, false otherwise
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token validity checks

    • isAccessTokenValid

      public boolean isAccessTokenValid(boolean checkExpiration) throws D4ScienceIAMClientException
      Description copied from interface: IAMResponse
      Quick way to check if the access token is valid by checking the digital signature and the token expiration if the checkExpiration parameter is true
      Specified by:
      isAccessTokenValid in interface IAMResponse
      Parameters:
      checkExpiration - checks also if the token is expired
      Returns:
      true if the access token is valid, false otherwise
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token validity checks

    • verifyAccessToken

      public void verifyAccessToken() throws org.gcube.io.jsonwebtoken.security.SignatureException, org.gcube.io.jsonwebtoken.ExpiredJwtException, D4ScienceIAMClientException
      Description copied from interface: IAMResponse
      Verifies the access token integrity and validity; token digital signature and expiration are reported via specific exceptions.
      Specified by:
      verifyAccessToken in interface IAMResponse
      Throws:
      org.gcube.io.jsonwebtoken.security.SignatureException - if the token has been tampered and/or signature is invalid
      org.gcube.io.jsonwebtoken.ExpiredJwtException - if the token validity is expired
      D4ScienceIAMClientException - if something else goes wrong during the token verification

    • isRefreshTokenValid

      public boolean isRefreshTokenValid() throws D4ScienceIAMClientException
      Description copied from interface: IAMResponse
      Quick way to check if the refresh token present in the current response and it is valid by checking the digital signature and the token expiration
      Specified by:
      isRefreshTokenValid in interface IAMResponse
      Returns:
      true if the refresh token is valid, false otherwise
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token validity checks

    • isRefreshTokenValid

      public boolean isRefreshTokenValid(boolean checkExpiration) throws D4ScienceIAMClientException
      Description copied from interface: IAMResponse
      Quick way to check if the refresh token present in the current response and it is valid by checking the digital signature and the token expiration if the checkExpiration parameter is true
      Specified by:
      isRefreshTokenValid in interface IAMResponse
      Parameters:
      checkExpiration - checks also if the token is expired
      Returns:
      true if the refresh token is valid, false otherwise
      Throws:
      D4ScienceIAMClientException - if something goes wrong during the token validity checks

    • verifyRefreshToken

      public void verifyRefreshToken() throws org.gcube.io.jsonwebtoken.security.SignatureException, org.gcube.io.jsonwebtoken.ExpiredJwtException, D4ScienceIAMClientException
      Description copied from interface: IAMResponse
      Verifies the refresh token integrity and validity; token digital signature and expiration are reported via specific exceptions.
      Specified by:
      verifyRefreshToken in interface IAMResponse
      Throws:
      org.gcube.io.jsonwebtoken.security.SignatureException - if the token has been tampered and/or signature is invalid
      org.gcube.io.jsonwebtoken.ExpiredJwtException - if the token validity is expired
      D4ScienceIAMClientException - if something else goes wrong during the token verification