Class OA2SE
- java.lang.Object
-
- edu.uiuc.ncsa.security.core.util.AbstractEnvironment
-
- org.oa4mp.server.api.MyProxyServiceEnvironment
-
- org.oa4mp.server.api.ServiceEnvironmentImpl
-
- org.oa4mp.server.loader.oauth2.OA2SE
-
- All Implemented Interfaces:
ServiceEnvironment
,edu.uiuc.ncsa.security.core.Logable
public class OA2SE extends ServiceEnvironmentImpl
Created by Jeff Gaynor
on 3/27/14 at 4:16 PM
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class edu.uiuc.ncsa.myproxy.oa4mp.server.ServiceEnvironmentImpl
ServiceEnvironmentImpl.MessagesProvider
-
-
Field Summary
Fields Modifier and Type Field Description protected javax.inject.Provider<AdminClientStore>
acs
protected ClaimSource
claimSource
protected javax.inject.Provider<edu.uiuc.ncsa.security.util.json.JSONStore>
jsonStoreProvider
protected edu.uiuc.ncsa.security.util.jwk.JSONWebKeys
jsonWebKeys
-
Fields inherited from class edu.uiuc.ncsa.myproxy.oa4mp.server.ServiceEnvironmentImpl
agip, atip, casp, clientApprovalStore, clientStore, csp, mailUtil, paip, psp, tfp, transactionStore, tsp
-
Fields inherited from class edu.uiuc.ncsa.myproxy.oa4mp.server.MyProxyServiceEnvironment
myProxyServices
-
-
Constructor Summary
Constructors Constructor Description OA2SE(edu.uiuc.ncsa.security.core.util.MyLoggingFacade logger, javax.inject.Provider<TransactionStore> tsp, javax.inject.Provider<TXStore> txStoreProvider, javax.inject.Provider<VOStore> voStoreProvider, javax.inject.Provider<ClientStore> csp, int maxAllowedNewClientRequests, long agLifetime, long maxAGLifetime, long idTokenLifetime, long maxIDTokenLifetime, long maxATLifetime, long atLifetime, long maxRTLifetime, javax.inject.Provider<ClientApprovalStore> casp, List<MyProxyFacadeProvider> mfp, edu.uiuc.ncsa.security.util.mail.MailUtilProvider mup, ServiceEnvironmentImpl.MessagesProvider messagesProvider, javax.inject.Provider<AGIssuer> agip, javax.inject.Provider<ATIssuer> atip, javax.inject.Provider<PAIssuer> paip, javax.inject.Provider<TokenForge> tfp, HashMap<String,String> constants, AuthorizationServletConfig ac, edu.uiuc.ncsa.security.servlet.UsernameTransformer usernameTransformer, boolean isPingable, javax.inject.Provider<PermissionsStore> psp, javax.inject.Provider<AdminClientStore> acs, int clientSecretLength, Collection<String> scopes, ClaimSource claimSource, LDAPConfiguration ldapConfiguration2, boolean isRefreshTokenEnabled, boolean twoFactorSupportEnabled, long maxClientRefreshTokenLifetime, edu.uiuc.ncsa.security.util.jwk.JSONWebKeys jsonWebKeys, String issuer, boolean utilServletEnabled, boolean oidcEnabled, CMConfigs cmConfigs, OA2QDLEnvironment qdlEnvironment, boolean rfc8693Enabled, boolean qdlStrictACLs, boolean safeGC, boolean cleanupLockingEnabled, RFC8628ServletConfig rfc8628ServletConfig, boolean rfc8628Enabled, boolean printTSInDebug, long cleanupInterval, Collection<java.time.LocalTime> cleanupAlarms, String notifyACEventEmailAddresses, boolean rfc7636Required, boolean demoModeEnabled, long rtGracePeriod, boolean isMonitorEnabled, long monitorInterval, Collection<java.time.LocalTime> monitorAlarms, edu.uiuc.ncsa.security.core.util.MetaDebugUtil debugger)
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description long
getAccessTokenLifetime()
AdminClientStore<AdminClient>
getAdminClientStore()
Returns theAdminClientStore
.long
getAuthorizationGrantLifetime()
ClaimSource
getClaimSource()
Collection<java.time.LocalTime>
getCleanupAlarms()
long
getCleanupInterval()
int
getClientSecretLength()
CMConfigs
getCmConfigs()
edu.uiuc.ncsa.security.core.util.MetaDebugUtil
getDebugger()
long
getIdTokenLifetime()
String
getIssuer()
edu.uiuc.ncsa.security.util.json.JSONStore<? extends edu.uiuc.ncsa.security.util.json.JSONEntry>
getJSONStore()
edu.uiuc.ncsa.security.util.jwk.JSONWebKeys
getJsonWebKeys()
LDAPConfiguration
getLdapConfiguration()
long
getMaxATLifetime()
long
getMaxAuthorizationGrantLifetime()
long
getMaxClientRefreshTokenLifetime()
long
getMaxIdTokenLifetime()
long
getMaxRTLifetime()
Collection<java.time.LocalTime>
getMonitorAlarms()
long
getMonitorInterval()
String
getNotifyACEventEmailAddresses()
OA2QDLEnvironment
getQDLEnvironment()
long
getRefreshTokenLifetime()
Deprecated.This was badly named.RFC8628ServletConfig
getRfc8628ServletConfig()
long
getRtGracePeriod()
Collection<String>
getScopes()
The scopes this server currently supports.TXStore
getTxStore()
VirtualOrganization
getVO(edu.uiuc.ncsa.security.core.Identifier clientID)
Given the client id, look up the admin and determine what (if any) the VO is.VOStore
getVOStore()
boolean
hasCleanupAlarms()
boolean
hasMonitorAlarams()
boolean
hasMonitorInterval()
boolean
hasScopeHandler()
boolean
isCleanupLockingEnabled()
boolean
isDemoModeEnabled()
boolean
isMonitorEnabled()
boolean
isOIDCEnabled()
Returnstrue
if this server has OIDC support enabled.boolean
isPrintTSInDebug()
boolean
isQdlStrictACLs()
boolean
isRefreshTokenEnabled()
boolean
isRfc7636Required()
boolean
isRfc8628Enabled()
Device authorization flow endpoints.boolean
isRfc8693Enabled()
Token exchange endpointboolean
isRTGracePeriodEnabled()
boolean
isSafeGC()
boolean
isTwoFactorSupportEnabled()
boolean
isUtilServletEnabled()
List<edu.uiuc.ncsa.security.core.Store>
listStores()
List the current stores in this environment.void
setAccessTokenLifetime(long accessTokenLifetime)
void
setAuthorizationGrantLifetime(long authorizationGrantLifetime)
void
setClaimSource(ClaimSource claimSource)
void
setCleanupLockingEnabled(boolean cleanupLockingEnabled)
void
setDebugger(edu.uiuc.ncsa.security.core.util.MetaDebugUtil debugger)
void
setDemoModeEnabled(boolean demoModeEnabled)
void
setJsonWebKeys(edu.uiuc.ncsa.security.util.jwk.JSONWebKeys jsonWebKeys)
void
setLdapConfiguration(LDAPConfiguration ldapConfiguration2)
void
setMonitorAlarms(Collection<java.time.LocalTime> monitorAlarms)
void
setMonitorEnabled(boolean monitorEnabled)
void
setMonitorInterval(long monitorInterval)
void
setQDLEnvironment(OA2QDLEnvironment qdlEnvironment)
void
setRefreshTokenEnabled(boolean refreshTokenEnabled)
void
setRfc7636Required(boolean rfc7636Required)
void
setRfc8628Enabled(boolean rfc8628Enabled)
void
setRfc8693Enabled(boolean rfc8693Enabled)
void
setRtGracePeriod(long rtGracePeriod)
void
setSafeGC(boolean safeGC)
void
setScopes(Collection<String> scopes)
void
setTxStore(TXStore txStore)
void
setUtilServletEnabled(boolean utilServletEnabled)
-
Methods inherited from class edu.uiuc.ncsa.myproxy.oa4mp.server.ServiceEnvironmentImpl
getAgIssuer, getAtIssuer, getAuthorizationServletConfig, getClientApprovalStore, getClientApprovalThread, getClientStore, getKeyPair, getKeyPairQueue, getMailUtil, getMaxAllowedNewClientRequests, getMessages, getPaIssuer, getPermissionStore, getServiceAddress, getTokenForge, getTransactionStore, getUsernameTransformer, isPollingEnabled, setClientApprovalThread, setServiceAddress, setUsernameTransformer
-
Methods inherited from class edu.uiuc.ncsa.myproxy.oa4mp.server.MyProxyServiceEnvironment
getMyProxyServices
-
Methods inherited from class edu.uiuc.ncsa.security.core.util.AbstractEnvironment
debug, error, getConstants, getMyLogger, info, isDebugOn, isPingable, setDebugOn, setPingable, warn
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface edu.uiuc.ncsa.security.core.Logable
debug, error, info, isDebugOn, setDebugOn, warn
-
Methods inherited from interface edu.uiuc.ncsa.myproxy.oa4mp.server.ServiceEnvironment
getConstants, getMyProxyServices, isPingable
-
-
-
-
Field Detail
-
jsonStoreProvider
protected javax.inject.Provider<edu.uiuc.ncsa.security.util.json.JSONStore> jsonStoreProvider
-
acs
protected javax.inject.Provider<AdminClientStore> acs
-
jsonWebKeys
protected edu.uiuc.ncsa.security.util.jwk.JSONWebKeys jsonWebKeys
-
claimSource
protected ClaimSource claimSource
-
-
Constructor Detail
-
OA2SE
public OA2SE(edu.uiuc.ncsa.security.core.util.MyLoggingFacade logger, javax.inject.Provider<TransactionStore> tsp, javax.inject.Provider<TXStore> txStoreProvider, javax.inject.Provider<VOStore> voStoreProvider, javax.inject.Provider<ClientStore> csp, int maxAllowedNewClientRequests, long agLifetime, long maxAGLifetime, long idTokenLifetime, long maxIDTokenLifetime, long maxATLifetime, long atLifetime, long maxRTLifetime, javax.inject.Provider<ClientApprovalStore> casp, List<MyProxyFacadeProvider> mfp, edu.uiuc.ncsa.security.util.mail.MailUtilProvider mup, ServiceEnvironmentImpl.MessagesProvider messagesProvider, javax.inject.Provider<AGIssuer> agip, javax.inject.Provider<ATIssuer> atip, javax.inject.Provider<PAIssuer> paip, javax.inject.Provider<TokenForge> tfp, HashMap<String,String> constants, AuthorizationServletConfig ac, edu.uiuc.ncsa.security.servlet.UsernameTransformer usernameTransformer, boolean isPingable, javax.inject.Provider<PermissionsStore> psp, javax.inject.Provider<AdminClientStore> acs, int clientSecretLength, Collection<String> scopes, ClaimSource claimSource, LDAPConfiguration ldapConfiguration2, boolean isRefreshTokenEnabled, boolean twoFactorSupportEnabled, long maxClientRefreshTokenLifetime, edu.uiuc.ncsa.security.util.jwk.JSONWebKeys jsonWebKeys, String issuer, boolean utilServletEnabled, boolean oidcEnabled, CMConfigs cmConfigs, OA2QDLEnvironment qdlEnvironment, boolean rfc8693Enabled, boolean qdlStrictACLs, boolean safeGC, boolean cleanupLockingEnabled, RFC8628ServletConfig rfc8628ServletConfig, boolean rfc8628Enabled, boolean printTSInDebug, long cleanupInterval, Collection<java.time.LocalTime> cleanupAlarms, String notifyACEventEmailAddresses, boolean rfc7636Required, boolean demoModeEnabled, long rtGracePeriod, boolean isMonitorEnabled, long monitorInterval, Collection<java.time.LocalTime> monitorAlarms, edu.uiuc.ncsa.security.core.util.MetaDebugUtil debugger)
-
-
Method Detail
-
isMonitorEnabled
public boolean isMonitorEnabled()
-
setMonitorEnabled
public void setMonitorEnabled(boolean monitorEnabled)
-
getMonitorInterval
public long getMonitorInterval()
-
setMonitorInterval
public void setMonitorInterval(long monitorInterval)
-
getMonitorAlarms
public Collection<java.time.LocalTime> getMonitorAlarms()
-
setMonitorAlarms
public void setMonitorAlarms(Collection<java.time.LocalTime> monitorAlarms)
-
isCleanupLockingEnabled
public boolean isCleanupLockingEnabled()
-
setCleanupLockingEnabled
public void setCleanupLockingEnabled(boolean cleanupLockingEnabled)
-
getCleanupAlarms
public Collection<java.time.LocalTime> getCleanupAlarms()
-
hasCleanupAlarms
public boolean hasCleanupAlarms()
-
getDebugger
public edu.uiuc.ncsa.security.core.util.MetaDebugUtil getDebugger()
-
setDebugger
public void setDebugger(edu.uiuc.ncsa.security.core.util.MetaDebugUtil debugger)
-
isDemoModeEnabled
public boolean isDemoModeEnabled()
-
setDemoModeEnabled
public void setDemoModeEnabled(boolean demoModeEnabled)
-
getNotifyACEventEmailAddresses
public String getNotifyACEventEmailAddresses()
-
getCleanupInterval
public long getCleanupInterval()
-
hasMonitorAlarams
public boolean hasMonitorAlarams()
-
hasMonitorInterval
public boolean hasMonitorInterval()
-
getRfc8628ServletConfig
public RFC8628ServletConfig getRfc8628ServletConfig()
-
isPrintTSInDebug
public boolean isPrintTSInDebug()
-
isSafeGC
public boolean isSafeGC()
-
setSafeGC
public void setSafeGC(boolean safeGC)
-
isQdlStrictACLs
public boolean isQdlStrictACLs()
-
getMaxATLifetime
public long getMaxATLifetime()
-
getMaxRTLifetime
public long getMaxRTLifetime()
-
getVOStore
public VOStore getVOStore()
-
getTxStore
public TXStore getTxStore()
-
setTxStore
public void setTxStore(TXStore txStore)
-
getQDLEnvironment
public OA2QDLEnvironment getQDLEnvironment()
-
setQDLEnvironment
public void setQDLEnvironment(OA2QDLEnvironment qdlEnvironment)
-
getCmConfigs
public CMConfigs getCmConfigs()
-
getJSONStore
public edu.uiuc.ncsa.security.util.json.JSONStore<? extends edu.uiuc.ncsa.security.util.json.JSONEntry> getJSONStore()
-
isRfc8693Enabled
public boolean isRfc8693Enabled()
Token exchange endpoint- Returns:
-
setRfc8693Enabled
public void setRfc8693Enabled(boolean rfc8693Enabled)
-
isRfc8628Enabled
public boolean isRfc8628Enabled()
Device authorization flow endpoints.- Returns:
-
setRfc8628Enabled
public void setRfc8628Enabled(boolean rfc8628Enabled)
-
getAdminClientStore
public AdminClientStore<AdminClient> getAdminClientStore()
Description copied from interface:ServiceEnvironment
Returns theAdminClientStore
.- Specified by:
getAdminClientStore
in interfaceServiceEnvironment
- Overrides:
getAdminClientStore
in classServiceEnvironmentImpl
- Returns:
-
isUtilServletEnabled
public boolean isUtilServletEnabled()
-
setUtilServletEnabled
public void setUtilServletEnabled(boolean utilServletEnabled)
-
getIssuer
public String getIssuer()
-
getJsonWebKeys
public edu.uiuc.ncsa.security.util.jwk.JSONWebKeys getJsonWebKeys()
-
setJsonWebKeys
public void setJsonWebKeys(edu.uiuc.ncsa.security.util.jwk.JSONWebKeys jsonWebKeys)
-
isTwoFactorSupportEnabled
public boolean isTwoFactorSupportEnabled()
-
getMaxClientRefreshTokenLifetime
public long getMaxClientRefreshTokenLifetime()
-
getMaxIdTokenLifetime
public long getMaxIdTokenLifetime()
-
getIdTokenLifetime
public long getIdTokenLifetime()
-
isRefreshTokenEnabled
public boolean isRefreshTokenEnabled()
-
setRefreshTokenEnabled
public void setRefreshTokenEnabled(boolean refreshTokenEnabled)
-
getRefreshTokenLifetime
public long getRefreshTokenLifetime()
Deprecated.This was badly named. UsegetMaxRTLifetime()
The default if nothing is specified is 15 days.- Returns:
-
getClientSecretLength
public int getClientSecretLength()
-
getScopes
public Collection<String> getScopes()
The scopes this server currently supports.- Returns:
-
setScopes
public void setScopes(Collection<String> scopes)
-
getClaimSource
public ClaimSource getClaimSource()
-
setClaimSource
public void setClaimSource(ClaimSource claimSource)
-
hasScopeHandler
public boolean hasScopeHandler()
-
getLdapConfiguration
public LDAPConfiguration getLdapConfiguration()
-
setLdapConfiguration
public void setLdapConfiguration(LDAPConfiguration ldapConfiguration2)
-
isOIDCEnabled
public boolean isOIDCEnabled()
Returnstrue
if this server has OIDC support enabled.- Returns:
-
getAccessTokenLifetime
public long getAccessTokenLifetime()
-
setAccessTokenLifetime
public void setAccessTokenLifetime(long accessTokenLifetime)
-
getMaxAuthorizationGrantLifetime
public long getMaxAuthorizationGrantLifetime()
-
getAuthorizationGrantLifetime
public long getAuthorizationGrantLifetime()
-
setAuthorizationGrantLifetime
public void setAuthorizationGrantLifetime(long authorizationGrantLifetime)
-
getVO
public VirtualOrganization getVO(edu.uiuc.ncsa.security.core.Identifier clientID)
Given the client id, look up the admin and determine what (if any) the VO is. The returned value may be null,, meaning there is no VO. If the VO is disabled, it will not be returned either.
This has its own call here because it involves multiple store lookups. It cannot be done as a join in SQL or some such because there are no guarantees the stores are all SQL -- some may be file stores or even in another unrelated database.- Parameters:
clientID
-- Returns:
-
listStores
public List<edu.uiuc.ncsa.security.core.Store> listStores()
Description copied from interface:ServiceEnvironment
List the current stores in this environment. Used at bootstrapping for various types of introspection.- Specified by:
listStores
in interfaceServiceEnvironment
- Overrides:
listStores
in classServiceEnvironmentImpl
- Returns:
-
isRfc7636Required
public boolean isRfc7636Required()
-
setRfc7636Required
public void setRfc7636Required(boolean rfc7636Required)
-
getRtGracePeriod
public long getRtGracePeriod()
-
setRtGracePeriod
public void setRtGracePeriod(long rtGracePeriod)
-
isRTGracePeriodEnabled
public boolean isRTGracePeriodEnabled()
-
-