Class AbstractAccessTokenHandler

    • Constructor Detail

    • Method Detail

      • getAtData

        public net.sf.json.JSONObject getAtData()
        The underlying JSONObject that contains the claims that go in to this access token. Note that the AbstractPayloadHandler.getClaims() call will retrieve the user metadata and is not the same as the access token contents!
        Returns:
      • setAtData

        public void setAtData​(net.sf.json.JSONObject atData)
      • addRequestState

        public void addRequestState​(edu.uiuc.ncsa.security.util.scripting.ScriptRunRequest req)
                             throws Throwable
        Description copied from interface: PayloadHandler
        Marshall any resources this script needs to make a request. I.e., add specific state (if needed) from this handler to the ScriptRunRequest.
        Specified by:
        addRequestState in interface PayloadHandler
        Throws:
        Throwable
      • checkClaims

        public void checkClaims()
                         throws Throwable
        Description copied from interface: PayloadHandler
        Called after the runner has gotten the claims so that this class can check integrity. For instance, an OIDC server would need to see that the subject is set properly. SciTokens needs to check that its scopes (aka resource permissions) were set
        Specified by:
        checkClaims in interface PayloadHandler
        Throws:
        Throwable
      • resolveTemplates

        public String resolveTemplates​(boolean isQuery)
        Templates are of the format
             [{"aud":audience,
             [{"op":X0, "path":P0},
              {"op":X1, "path":P1},...}]
             ]
         
      • finish

        public void finish​(boolean doTemplates,
                           boolean isQuery)
                    throws Throwable
        Throws:
        Throwable
      • getSignedAT

        public AccessToken getSignedAT​(edu.uiuc.ncsa.security.util.jwk.JSONWebKey key,
                                       String headerType)
        Gets the AT data object (which has all the claims in it) and returns a signed access token. This does not set the access token in the transaction but leaves up to the calling application what to do, since different tokens have different contracts.
        Specified by:
        getSignedAT in interface AccessTokenHandlerInterface
        Returns:
      • saveState

        public void saveState()
                       throws Throwable
        Description copied from interface: PayloadHandler
        Called at the end of each block, this lets the handler save its state. Note that for OA4MP, the state is saved in the transaction which is saved once after the handlers run. Only put actual save code in here if needed, since it is apt to get called a lot.
        Specified by:
        saveState in interface PayloadHandler
        Throws:
        Throwable
      • setAccountingInformation

        public void setAccountingInformation()
        Description copied from interface: PayloadHandler
        This sets the accounting information (such as the expiration and such) for a token. This is called when a token is created or refreshed.
        Specified by:
        setAccountingInformation in interface PayloadHandler
      • refreshAccountingInformation

        public void refreshAccountingInformation()
        Description copied from interface: PayloadHandler
        This is used on refresh only. It will reset all the standard accounting information (such as timestamps) for an existing claims object.

        Usage

        Create an instance of the handler with the constructor for any state, then invoke this method.
        Specified by:
        refreshAccountingInformation in interface PayloadHandler