Class AbstractAccessTokenHandler
- java.lang.Object
-
- org.oa4mp.server.loader.oauth2.claims.AbstractPayloadHandler
-
- org.oa4mp.server.loader.oauth2.claims.AbstractAccessTokenHandler
-
- All Implemented Interfaces:
AccessTokenHandlerInterface
,PayloadHandler
,Serializable
- Direct Known Subclasses:
DefaultAccessTokenHandler
,RFC9068ATHandler
,ScitokenHandler
,WLCGTokenHandler
public class AbstractAccessTokenHandler extends AbstractPayloadHandler implements AccessTokenHandlerInterface
Only create an access token handler if you need some special handling, otherwise the default simple token will be used.Created by Jeff Gaynor
on 7/21/20 at 2:50 PM- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description static String
AT_BASIC_HANDLER_TYPE
static String
AT_DEFAULT_HANDLER_TYPE
-
Fields inherited from class edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims.AbstractPayloadHandler
claims, oa2se, request, transaction
-
-
Constructor Summary
Constructors Constructor Description AbstractAccessTokenHandler(PayloadHandlerConfigImpl payloadHandlerConfig)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addRequestState(edu.uiuc.ncsa.security.util.scripting.ScriptRunRequest req)
Marshall any resources this script needs to make a request.void
checkClaims()
Called after the runner has gotten the claims so that this class can check integrity.void
finish(boolean doTemplates, boolean isQuery)
void
finish(String execPhase)
Called at the very end of all processing, this lets the handler, clean up or whatever it needs to do.AccessToken
getAccessToken()
The actual simple access token (usually used as the identifier for the claims-based AT.protected AccessTokenConfig
getATConfig()
Convenience to peel off theAccessTokenConfig
from the handler config and return it.net.sf.json.JSONObject
getAtData()
The underlyingJSONObject
that contains the claims that go in to this access token.AccessToken
getSignedAT(edu.uiuc.ncsa.security.util.jwk.JSONWebKey key)
AccessToken
getSignedAT(edu.uiuc.ncsa.security.util.jwk.JSONWebKey key, String headerType)
Gets the AT data object (which has all the claims in it) and returns a signed access token.List<ClaimSource>
getSources()
These are the sources that the runner will use to populate the claimsvoid
handleResponse(edu.uiuc.ncsa.security.util.scripting.ScriptRunResponse resp)
This takes the response from a script and unmarshalls the resourcesvoid
init()
Creates and initializes the claims object this class manages.void
refreshAccountingInformation()
This is used on refresh only.String
resolveTemplates(boolean isQuery)
Templates are of the formatvoid
saveState()
Called at the end of each block, this lets the handler save its state.void
setAccessToken(AccessToken accessToken)
void
setAccountingInformation()
This sets the accounting information (such as the expiration and such) for a token.void
setAtData(net.sf.json.JSONObject atData)
-
Methods inherited from class edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims.AbstractPayloadHandler
doServerVariables, doSubstitution, execute, getClaims, getExtendedAttributes, getPhCfg, getResponseCode, getToken, hasScript, isEmpty, listToString, refresh, setClaims, setExtendedAttributes, setPhCfg, setResponseCode
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface edu.uiuc.ncsa.oa4mp.delegation.oa2.jwt.PayloadHandler
execute, getClaims, getExtendedAttributes, getPhCfg, getResponseCode, getToken, hasScript, refresh, setPhCfg, setResponseCode
-
-
-
-
Field Detail
-
AT_DEFAULT_HANDLER_TYPE
public static final String AT_DEFAULT_HANDLER_TYPE
- See Also:
- Constant Field Values
-
AT_BASIC_HANDLER_TYPE
public static final String AT_BASIC_HANDLER_TYPE
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
AbstractAccessTokenHandler
public AbstractAccessTokenHandler(PayloadHandlerConfigImpl payloadHandlerConfig)
-
-
Method Detail
-
getAtData
public net.sf.json.JSONObject getAtData()
The underlyingJSONObject
that contains the claims that go in to this access token. Note that theAbstractPayloadHandler.getClaims()
call will retrieve the user metadata and is not the same as the access token contents!- Returns:
-
setAtData
public void setAtData(net.sf.json.JSONObject atData)
-
init
public void init() throws Throwable
Description copied from interface:PayloadHandler
Creates and initializes the claims object this class manages.- Specified by:
init
in interfacePayloadHandler
- Throws:
Throwable
-
addRequestState
public void addRequestState(edu.uiuc.ncsa.security.util.scripting.ScriptRunRequest req) throws Throwable
Description copied from interface:PayloadHandler
Marshall any resources this script needs to make a request. I.e., add specific state (if needed) from this handler to theScriptRunRequest
.- Specified by:
addRequestState
in interfacePayloadHandler
- Throws:
Throwable
-
handleResponse
public void handleResponse(edu.uiuc.ncsa.security.util.scripting.ScriptRunResponse resp) throws Throwable
Description copied from interface:PayloadHandler
This takes the response from a script and unmarshalls the resources- Specified by:
handleResponse
in interfacePayloadHandler
- Overrides:
handleResponse
in classAbstractPayloadHandler
- Throws:
Throwable
-
checkClaims
public void checkClaims() throws Throwable
Description copied from interface:PayloadHandler
Called after the runner has gotten the claims so that this class can check integrity. For instance, an OIDC server would need to see that the subject is set properly. SciTokens needs to check that its scopes (aka resource permissions) were set- Specified by:
checkClaims
in interfacePayloadHandler
- Throws:
Throwable
-
resolveTemplates
public String resolveTemplates(boolean isQuery)
Templates are of the format[{"aud":audience, [{"op":X0, "path":P0}, {"op":X1, "path":P1},...}] ]
-
getATConfig
protected AccessTokenConfig getATConfig()
Convenience to peel off theAccessTokenConfig
from the handler config and return it.- Returns:
-
getSources
public List<ClaimSource> getSources() throws Throwable
Description copied from interface:PayloadHandler
These are the sources that the runner will use to populate the claims- Specified by:
getSources
in interfacePayloadHandler
- Returns:
- Throws:
Throwable
-
finish
public void finish(String execPhase) throws Throwable
Description copied from interface:PayloadHandler
Called at the very end of all processing, this lets the handler, clean up or whatever it needs to do. It is called beforePayloadHandler.saveState()
.- Specified by:
finish
in interfacePayloadHandler
- Parameters:
execPhase
- - the current execution phase.- Throws:
Throwable
-
getSignedAT
public AccessToken getSignedAT(edu.uiuc.ncsa.security.util.jwk.JSONWebKey key)
- Specified by:
getSignedAT
in interfaceAccessTokenHandlerInterface
-
getSignedAT
public AccessToken getSignedAT(edu.uiuc.ncsa.security.util.jwk.JSONWebKey key, String headerType)
Gets the AT data object (which has all the claims in it) and returns a signed access token. This does not set the access token in the transaction but leaves up to the calling application what to do, since different tokens have different contracts.- Specified by:
getSignedAT
in interfaceAccessTokenHandlerInterface
- Returns:
-
saveState
public void saveState() throws Throwable
Description copied from interface:PayloadHandler
Called at the end of each block, this lets the handler save its state. Note that for OA4MP, the state is saved in the transaction which is saved once after the handlers run. Only put actual save code in here if needed, since it is apt to get called a lot.- Specified by:
saveState
in interfacePayloadHandler
- Throws:
Throwable
-
setAccountingInformation
public void setAccountingInformation()
Description copied from interface:PayloadHandler
This sets the accounting information (such as the expiration and such) for a token. This is called when a token is created or refreshed.- Specified by:
setAccountingInformation
in interfacePayloadHandler
-
refreshAccountingInformation
public void refreshAccountingInformation()
Description copied from interface:PayloadHandler
This is used on refresh only. It will reset all the standard accounting information (such as timestamps) for an existing claims object.Usage
Create an instance of the handler with the constructor for any state, then invoke this method.- Specified by:
refreshAccountingInformation
in interfacePayloadHandler
-
getAccessToken
public AccessToken getAccessToken()
Description copied from interface:AccessTokenHandlerInterface
The actual simple access token (usually used as the identifier for the claims-based AT. To get the signed claims, invokeAccessTokenHandlerInterface.getSignedAT(JSONWebKey)
.- Specified by:
getAccessToken
in interfaceAccessTokenHandlerInterface
- Returns:
-
setAccessToken
public void setAccessToken(AccessToken accessToken)
- Specified by:
setAccessToken
in interfaceAccessTokenHandlerInterface
-
-