Package org.gcube.common.iam
Class AbstractIAMResponse
- java.lang.Object
-
- org.gcube.common.iam.AbstractIAMResponse
-
- All Implemented Interfaces:
IAMResponse
- Direct Known Subclasses:
D4ScienceIAMClientAuthn,D4ScienceIAMClientAuthz,OIDCBearerAuth
public class AbstractIAMResponse extends Object implements IAMResponse
-
-
Constructor Summary
Constructors Constructor Description AbstractIAMResponse(D4ScienceIAMClient iamClient, org.gcube.common.keycloak.model.TokenResponse tokenResponse)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description booleancanBeRefreshed()Check if the current response can be refreshedorg.gcube.common.keycloak.model.AccessTokengetAccessToken()Returns the access token in the response.StringgetAccessTokenString()Returns the access token in the response as string.StringgetContactOrganization()Returns the client's contact organization from the tokenStringgetContactPerson()Returns the client's contact person from the tokenSet<String>getContextRoles()Returns the resource roles for the resource specified in the token contextSet<String>getGlobalRoles()Returns the realm roles in the tokenD4ScienceIAMClientgetIamClient()StringgetName()Returns the client's name from the tokenStringgetRefreshTokenString()Set<String>getResourceRoles(String resource)Returns the resource roles for the resource specified in the resource parameterSet<String>getRoles()Returns all the roles, realm and from all the resources in the token in the same setprotected org.gcube.common.keycloak.model.TokenResponsegetTokenResponse()booleanisAccessTokenValid()Quick way to check if the access token is valid by checking the digital signature and the token expirationbooleanisAccessTokenValid(boolean checkExpiration)Quick way to check if the access token is valid by checking the digital signature and the token expiration if thecheckExpirationparameter istruebooleanisExpired()Check if the current response is expiredbooleanisRefreshTokenValid()Quick way to check if the refresh token present in the current response and it is valid by checking the digital signature and the token expirationbooleanisRefreshTokenValid(boolean checkExpiration)Quick way to check if the refresh token present in the current response and it is valid by checking the digital signature and the token expiration if thecheckExpirationparameter istruevoidrefresh()Refreshes the current response, new data can be obtained again with accessors.voidsetIamClient(D4ScienceIAMClient iamClient)voidsetTokenResponse(org.gcube.common.keycloak.model.TokenResponse tokenResponse)voidverifyAccessToken()Verifies the access token integrity and validity; token digital signature and expiration are reported via specific exceptions.voidverifyRefreshToken()Verifies the refresh token integrity and validity; token digital signature and expiration are reported via specific exceptions.
-
-
-
Constructor Detail
-
AbstractIAMResponse
public AbstractIAMResponse(D4ScienceIAMClient iamClient, org.gcube.common.keycloak.model.TokenResponse tokenResponse)
-
-
Method Detail
-
setIamClient
public void setIamClient(D4ScienceIAMClient iamClient)
-
getIamClient
public D4ScienceIAMClient getIamClient()
-
setTokenResponse
public void setTokenResponse(org.gcube.common.keycloak.model.TokenResponse tokenResponse)
-
getTokenResponse
protected org.gcube.common.keycloak.model.TokenResponse getTokenResponse()
-
getAccessToken
public org.gcube.common.keycloak.model.AccessToken getAccessToken() throws D4ScienceIAMClientExceptionDescription copied from interface:IAMResponseReturns the access token in the response.- Specified by:
getAccessTokenin interfaceIAMResponse- Returns:
- The access token
- Throws:
D4ScienceIAMClientException- if something goes wrong during the token decoding or JSON parsing
-
getAccessTokenString
public String getAccessTokenString()
Description copied from interface:IAMResponseReturns the access token in the response as string.- Specified by:
getAccessTokenStringin interfaceIAMResponse- Returns:
- The access token as string
-
isExpired
public boolean isExpired() throws D4ScienceIAMClientExceptionDescription copied from interface:IAMResponseCheck if the current response is expired- Specified by:
isExpiredin interfaceIAMResponse- Returns:
trueif the response is expired,falseotherwise- Throws:
D4ScienceIAMClientException- if something goes wrong during the token decoding or JSON parsing
-
getRefreshTokenString
public String getRefreshTokenString()
-
canBeRefreshed
public boolean canBeRefreshed() throws D4ScienceIAMClientExceptionDescription copied from interface:IAMResponseCheck if the current response can be refreshed- Specified by:
canBeRefreshedin interfaceIAMResponse- Returns:
trueif the response can be refreshed,falseotherwise- Throws:
D4ScienceIAMClientException- if something goes wrong during the token decoding or JSON parsing
-
refresh
public void refresh() throws D4ScienceIAMClientExceptionDescription copied from interface:IAMResponseRefreshes the current response, new data can be obtained again with accessors.- Specified by:
refreshin interfaceIAMResponse- Throws:
D4ScienceIAMClientException- if something goes wrong during the token refresh
-
getGlobalRoles
public Set<String> getGlobalRoles() throws D4ScienceIAMClientException
Description copied from interface:IAMResponseReturns the realm roles in the token- Specified by:
getGlobalRolesin interfaceIAMResponse- Returns:
- the realm roles
- Throws:
D4ScienceIAMClientException- if something goes wrong during the token decoding or JSON parsing
-
getRoles
public Set<String> getRoles() throws D4ScienceIAMClientException
Description copied from interface:IAMResponseReturns all the roles, realm and from all the resources in the token in the same set- Specified by:
getRolesin interfaceIAMResponse- Returns:
- the union of all the roles in the token
- Throws:
D4ScienceIAMClientException- if something goes wrong during the token decoding or JSON parsing
-
getResourceRoles
public Set<String> getResourceRoles(String resource) throws D4ScienceIAMClientException
Description copied from interface:IAMResponseReturns the resource roles for the resource specified in the resource parameter- Specified by:
getResourceRolesin interfaceIAMResponse- Parameters:
resource- the resource of which obtain the roles- Returns:
- the roles for the resource
- Throws:
D4ScienceIAMClientException- if something goes wrong during the token decoding or JSON parsing
-
getContextRoles
public Set<String> getContextRoles() throws D4ScienceIAMClientException
Description copied from interface:IAMResponseReturns the resource roles for the resource specified in the token context- Specified by:
getContextRolesin interfaceIAMResponse- Returns:
- the token context's roles
- Throws:
D4ScienceIAMClientException- if something goes wrong during the token decoding or JSON parsing
-
getName
public String getName() throws D4ScienceIAMClientException
Description copied from interface:IAMResponseReturns the client's name from the token- Specified by:
getNamein interfaceIAMResponse- Returns:
- the name string
- Throws:
D4ScienceIAMClientException- if something goes wrong during the token decoding or JSON parsing
-
getContactPerson
public String getContactPerson() throws D4ScienceIAMClientException
Description copied from interface:IAMResponseReturns the client's contact person from the token- Specified by:
getContactPersonin interfaceIAMResponse- Returns:
- the contact person string
- Throws:
D4ScienceIAMClientException- if something goes wrong during the token decoding or JSON parsing
-
getContactOrganization
public String getContactOrganization() throws D4ScienceIAMClientException
Description copied from interface:IAMResponseReturns the client's contact organization from the token- Specified by:
getContactOrganizationin interfaceIAMResponse- Returns:
- the contact organization string
- Throws:
D4ScienceIAMClientException- if something goes wrong during the token decoding or JSON parsing
-
isAccessTokenValid
public boolean isAccessTokenValid() throws D4ScienceIAMClientExceptionDescription copied from interface:IAMResponseQuick way to check if the access token is valid by checking the digital signature and the token expiration- Specified by:
isAccessTokenValidin interfaceIAMResponse- Returns:
trueif the access token is valid,falseotherwise- Throws:
D4ScienceIAMClientException- if something goes wrong during the token validity checks
-
isAccessTokenValid
public boolean isAccessTokenValid(boolean checkExpiration) throws D4ScienceIAMClientExceptionDescription copied from interface:IAMResponseQuick way to check if the access token is valid by checking the digital signature and the token expiration if thecheckExpirationparameter istrue- Specified by:
isAccessTokenValidin interfaceIAMResponse- Parameters:
checkExpiration- checks also if the token is expired- Returns:
trueif the access token is valid,falseotherwise- Throws:
D4ScienceIAMClientException- if something goes wrong during the token validity checks
-
verifyAccessToken
public void verifyAccessToken() throws org.gcube.io.jsonwebtoken.security.SignatureException, org.gcube.io.jsonwebtoken.ExpiredJwtException, D4ScienceIAMClientExceptionDescription copied from interface:IAMResponseVerifies the access token integrity and validity; token digital signature and expiration are reported via specific exceptions.- Specified by:
verifyAccessTokenin interfaceIAMResponse- Throws:
org.gcube.io.jsonwebtoken.security.SignatureException- if the token has been tampered and/or signature is invalidorg.gcube.io.jsonwebtoken.ExpiredJwtException- if the token validity is expiredD4ScienceIAMClientException- if something else goes wrong during the token verification
-
isRefreshTokenValid
public boolean isRefreshTokenValid() throws D4ScienceIAMClientExceptionDescription copied from interface:IAMResponseQuick way to check if the refresh token present in the current response and it is valid by checking the digital signature and the token expiration- Specified by:
isRefreshTokenValidin interfaceIAMResponse- Returns:
trueif the refresh token is valid,falseotherwise- Throws:
D4ScienceIAMClientException- if something goes wrong during the token validity checks
-
isRefreshTokenValid
public boolean isRefreshTokenValid(boolean checkExpiration) throws D4ScienceIAMClientExceptionDescription copied from interface:IAMResponseQuick way to check if the refresh token present in the current response and it is valid by checking the digital signature and the token expiration if thecheckExpirationparameter istrue- Specified by:
isRefreshTokenValidin interfaceIAMResponse- Parameters:
checkExpiration- checks also if the token is expired- Returns:
trueif the refresh token is valid,falseotherwise- Throws:
D4ScienceIAMClientException- if something goes wrong during the token validity checks
-
verifyRefreshToken
public void verifyRefreshToken() throws org.gcube.io.jsonwebtoken.security.SignatureException, org.gcube.io.jsonwebtoken.ExpiredJwtException, D4ScienceIAMClientExceptionDescription copied from interface:IAMResponseVerifies the refresh token integrity and validity; token digital signature and expiration are reported via specific exceptions.- Specified by:
verifyRefreshTokenin interfaceIAMResponse- Throws:
org.gcube.io.jsonwebtoken.security.SignatureException- if the token has been tampered and/or signature is invalidorg.gcube.io.jsonwebtoken.ExpiredJwtException- if the token validity is expiredD4ScienceIAMClientException- if something else goes wrong during the token verification
-
-