Class OA2SE

    • Field Detail

      • jsonStoreProvider

        protected javax.inject.Provider<edu.uiuc.ncsa.security.util.json.JSONStore> jsonStoreProvider
      • jsonWebKeys

        protected edu.uiuc.ncsa.security.util.jwk.JSONWebKeys jsonWebKeys
    • Constructor Detail

      • OA2SE

        public OA2SE​(edu.uiuc.ncsa.security.core.util.MyLoggingFacade logger,
                     javax.inject.Provider<TransactionStore> tsp,
                     javax.inject.Provider<TXStore> txStoreProvider,
                     javax.inject.Provider<VOStore> voStoreProvider,
                     javax.inject.Provider<ClientStore> csp,
                     int maxAllowedNewClientRequests,
                     long agLifetime,
                     long maxAGLifetime,
                     long idTokenLifetime,
                     long maxIDTokenLifetime,
                     long maxATLifetime,
                     long atLifetime,
                     long maxRTLifetime,
                     javax.inject.Provider<ClientApprovalStore> casp,
                     List<MyProxyFacadeProvider> mfp,
                     edu.uiuc.ncsa.security.util.mail.MailUtilProvider mup,
                     ServiceEnvironmentImpl.MessagesProvider messagesProvider,
                     javax.inject.Provider<AGIssuer> agip,
                     javax.inject.Provider<ATIssuer> atip,
                     javax.inject.Provider<PAIssuer> paip,
                     javax.inject.Provider<TokenForge> tfp,
                     HashMap<String,​String> constants,
                     AuthorizationServletConfig ac,
                     edu.uiuc.ncsa.security.servlet.UsernameTransformer usernameTransformer,
                     boolean isPingable,
                     javax.inject.Provider<PermissionsStore> psp,
                     javax.inject.Provider<AdminClientStore> acs,
                     int clientSecretLength,
                     Collection<String> scopes,
                     ClaimSource claimSource,
                     LDAPConfiguration ldapConfiguration2,
                     boolean isRefreshTokenEnabled,
                     boolean twoFactorSupportEnabled,
                     long maxClientRefreshTokenLifetime,
                     edu.uiuc.ncsa.security.util.jwk.JSONWebKeys jsonWebKeys,
                     String issuer,
                     boolean utilServletEnabled,
                     boolean oidcEnabled,
                     CMConfigs cmConfigs,
                     OA2QDLEnvironment qdlEnvironment,
                     boolean rfc8693Enabled,
                     boolean qdlStrictACLs,
                     boolean safeGC,
                     boolean cleanupLockingEnabled,
                     RFC8628ServletConfig rfc8628ServletConfig,
                     boolean rfc8628Enabled,
                     boolean printTSInDebug,
                     long cleanupInterval,
                     Collection<java.time.LocalTime> cleanupAlarms,
                     String notifyACEventEmailAddresses,
                     boolean rfc7636Required,
                     boolean demoModeEnabled,
                     long rtGracePeriod,
                     boolean isMonitorEnabled,
                     long monitorInterval,
                     Collection<java.time.LocalTime> monitorAlarms,
                     edu.uiuc.ncsa.security.core.util.MetaDebugUtil debugger)
    • Method Detail

      • isMonitorEnabled

        public boolean isMonitorEnabled()
      • setMonitorEnabled

        public void setMonitorEnabled​(boolean monitorEnabled)
      • getMonitorInterval

        public long getMonitorInterval()
      • setMonitorInterval

        public void setMonitorInterval​(long monitorInterval)
      • getMonitorAlarms

        public Collection<java.time.LocalTime> getMonitorAlarms()
      • setMonitorAlarms

        public void setMonitorAlarms​(Collection<java.time.LocalTime> monitorAlarms)
      • isCleanupLockingEnabled

        public boolean isCleanupLockingEnabled()
      • setCleanupLockingEnabled

        public void setCleanupLockingEnabled​(boolean cleanupLockingEnabled)
      • getCleanupAlarms

        public Collection<java.time.LocalTime> getCleanupAlarms()
      • hasCleanupAlarms

        public boolean hasCleanupAlarms()
      • getDebugger

        public edu.uiuc.ncsa.security.core.util.MetaDebugUtil getDebugger()
      • setDebugger

        public void setDebugger​(edu.uiuc.ncsa.security.core.util.MetaDebugUtil debugger)
      • isDemoModeEnabled

        public boolean isDemoModeEnabled()
      • setDemoModeEnabled

        public void setDemoModeEnabled​(boolean demoModeEnabled)
      • getNotifyACEventEmailAddresses

        public String getNotifyACEventEmailAddresses()
      • getCleanupInterval

        public long getCleanupInterval()
      • hasMonitorAlarams

        public boolean hasMonitorAlarams()
      • hasMonitorInterval

        public boolean hasMonitorInterval()
      • isPrintTSInDebug

        public boolean isPrintTSInDebug()
      • isSafeGC

        public boolean isSafeGC()
      • setSafeGC

        public void setSafeGC​(boolean safeGC)
      • isQdlStrictACLs

        public boolean isQdlStrictACLs()
      • getMaxATLifetime

        public long getMaxATLifetime()
      • getMaxRTLifetime

        public long getMaxRTLifetime()
      • getVOStore

        public VOStore getVOStore()
      • getTxStore

        public TXStore getTxStore()
      • setTxStore

        public void setTxStore​(TXStore txStore)
      • setQDLEnvironment

        public void setQDLEnvironment​(OA2QDLEnvironment qdlEnvironment)
      • getCmConfigs

        public CMConfigs getCmConfigs()
      • getJSONStore

        public edu.uiuc.ncsa.security.util.json.JSONStore<? extends edu.uiuc.ncsa.security.util.json.JSONEntry> getJSONStore()
      • isRfc8693Enabled

        public boolean isRfc8693Enabled()
        Token exchange endpoint
        Returns:
      • setRfc8693Enabled

        public void setRfc8693Enabled​(boolean rfc8693Enabled)
      • isRfc8628Enabled

        public boolean isRfc8628Enabled()
        Device authorization flow endpoints.
        Returns:
      • setRfc8628Enabled

        public void setRfc8628Enabled​(boolean rfc8628Enabled)
      • isUtilServletEnabled

        public boolean isUtilServletEnabled()
      • setUtilServletEnabled

        public void setUtilServletEnabled​(boolean utilServletEnabled)
      • getIssuer

        public String getIssuer()
      • getJsonWebKeys

        public edu.uiuc.ncsa.security.util.jwk.JSONWebKeys getJsonWebKeys()
      • setJsonWebKeys

        public void setJsonWebKeys​(edu.uiuc.ncsa.security.util.jwk.JSONWebKeys jsonWebKeys)
      • isTwoFactorSupportEnabled

        public boolean isTwoFactorSupportEnabled()
      • getMaxClientRefreshTokenLifetime

        public long getMaxClientRefreshTokenLifetime()
      • getMaxIdTokenLifetime

        public long getMaxIdTokenLifetime()
      • getIdTokenLifetime

        public long getIdTokenLifetime()
      • isRefreshTokenEnabled

        public boolean isRefreshTokenEnabled()
      • setRefreshTokenEnabled

        public void setRefreshTokenEnabled​(boolean refreshTokenEnabled)
      • getRefreshTokenLifetime

        public long getRefreshTokenLifetime()
        Deprecated.
        This was badly named. Use getMaxRTLifetime()
        The default if nothing is specified is 15 days.
        Returns:
      • getClientSecretLength

        public int getClientSecretLength()
      • getScopes

        public Collection<String> getScopes()
        The scopes this server currently supports.
        Returns:
      • setClaimSource

        public void setClaimSource​(ClaimSource claimSource)
      • hasScopeHandler

        public boolean hasScopeHandler()
      • setLdapConfiguration

        public void setLdapConfiguration​(LDAPConfiguration ldapConfiguration2)
      • isOIDCEnabled

        public boolean isOIDCEnabled()
        Returns true if this server has OIDC support enabled.
        Returns:
      • getAccessTokenLifetime

        public long getAccessTokenLifetime()
      • setAccessTokenLifetime

        public void setAccessTokenLifetime​(long accessTokenLifetime)
      • getMaxAuthorizationGrantLifetime

        public long getMaxAuthorizationGrantLifetime()
      • getAuthorizationGrantLifetime

        public long getAuthorizationGrantLifetime()
      • setAuthorizationGrantLifetime

        public void setAuthorizationGrantLifetime​(long authorizationGrantLifetime)
      • getVO

        public VirtualOrganization getVO​(edu.uiuc.ncsa.security.core.Identifier clientID)
        Given the client id, look up the admin and determine what (if any) the VO is. The returned value may be null,, meaning there is no VO. If the VO is disabled, it will not be returned either.

        This has its own call here because it involves multiple store lookups. It cannot be done as a join in SQL or some such because there are no guarantees the stores are all SQL -- some may be file stores or even in another unrelated database.
        Parameters:
        clientID -
        Returns:
      • isRfc7636Required

        public boolean isRfc7636Required()
      • setRfc7636Required

        public void setRfc7636Required​(boolean rfc7636Required)
      • getRtGracePeriod

        public long getRtGracePeriod()
      • setRtGracePeriod

        public void setRtGracePeriod​(long rtGracePeriod)
      • isRTGracePeriodEnabled

        public boolean isRTGracePeriodEnabled()