Class OA2ServiceTransaction
- java.lang.Object
-
- edu.uiuc.ncsa.security.core.util.IdentifiableImpl
-
- edu.uiuc.ncsa.oa4mp.delegation.common.storage.transactions.BasicTransaction
-
- edu.uiuc.ncsa.oa4mp.delegation.server.ServiceTransaction
-
- edu.uiuc.ncsa.myproxy.oa4mp.server.OA4MPServiceTransaction
-
- edu.uiuc.ncsa.myproxy.oa4mp.oauth2.storage.transactions.OA2ServiceTransaction
-
- All Implemented Interfaces:
OA2TransactionScopes,OIDCServiceTransactionInterface,edu.uiuc.ncsa.security.core.cache.Cacheable,edu.uiuc.ncsa.security.core.DateComparable,edu.uiuc.ncsa.security.core.Identifiable,Serializable,Cloneable
public class OA2ServiceTransaction extends OA4MPServiceTransaction implements OA2TransactionScopes, OIDCServiceTransactionInterface, edu.uiuc.ncsa.security.core.DateComparable
Created by Jeff Gaynor
on 2/28/14 at 1:46 PM- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description StringAUDIENCE_KEYStringCLAIMS_KEYStringCLAIMS_SOURCES_STATE_KEYStringCLAIMS_SOURCES_STATE_KEY2protected ConfigtoCSconfigtoCSStringFLOW_STATE_KEYStringproxyIdStringQUERIED_ACCESS_TOKEN_SCOPES_KEYStringRESOURCE_KEYStringRETURNED_ACCESS_TOKEN_JWT_KEYStringRETURNED_REFRESH_TOKEN_JWT_KEYstatic StringRFC862_STATE_KEYStringSCRIPT_STATE_KEYStringSTATE_COMMENT_KEYStringSTATE_KEY-
Fields inherited from class edu.uiuc.ncsa.oa4mp.delegation.server.ServiceTransaction
accessTokenValid, authGrantValid
-
Fields inherited from class edu.uiuc.ncsa.oa4mp.delegation.common.storage.transactions.BasicTransaction
authorizationGrant
-
-
Constructor Summary
Constructors Constructor Description OA2ServiceTransaction(AuthorizationGrant ag)OA2ServiceTransaction(edu.uiuc.ncsa.security.core.Identifier identifier)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description booleanequals(Object obj)protected StringfirstSix(URI id)Get the last 6 characters of the unique part of an identiferprotected StringformatToString()longgetAccessTokenLifetime()net.sf.json.JSONObjectgetATData()StringgetATJWT()If an JWT access token was returned, a copy is saved here.List<String>getAudience()Clients may send an audience which is used by some components (notable SciTokens) but is generally optional.DategetAuthTime()longgetAuthzGrantLifetime()List<ClaimSource>getClaimSources(OA2SE oa2SE)StringgetCodeChallenge()StringgetCodeChallengeMethod()ConfigtoCSgetConfigToCS()DategetCreationTS()net.sf.json.JSONObjectgetExtendedAttributes()Extended attributes are sent over the wire as specific requests.FlowStates2getFlowStates()longgetMaxAtLifetime()longgetMaxRtLifetime()StringgetNonce()OA2ClientgetOA2Client()Convenience cast.edu.uiuc.ncsa.security.core.IdentifiergetProvisioningAdminID()edu.uiuc.ncsa.security.core.IdentifiergetProvisioningClientID()Set if this transaction is from a substitution.StringgetProxyId()net.sf.json.JSONObjectgetProxyState()Collection<String>getQueriedATScopes()RefreshTokengetRefreshToken()longgetRefreshTokenLifetime()longgetRequestedATLifetime()longgetRequestedRTLifetime()StringgetRequestState()This is the state parameter in the initial request, if presentList<String>getResource()Resources are URIs that are used as part of theOA2Claims.AUDIENCEclaim in a (compound) access token.StringgetResponseMode()RFC8628StategetRFC8628State()net.sf.json.JSONObjectgetRTData()StringgetRTJWT()If an JWT refresh token was returned, a copy is saved here.Collection<String>getScopes()The resolved scopes for this transaction.StringgetScriptState()net.sf.json.JSONObjectgetState()StringgetUserCode()net.sf.json.JSONObjectgetUserMetaData()Collection<String>getValidatedScopes()The scopes that the user actually consented to on the user consent page.booleanhasAuthTime()booleanhasCodeChallenge()booleanhasMaxATLifetime()booleanhasMaxRTLifetime()booleanhasRefreshToken()booleanhasRequestedATLifetime()booleanhasRequestedRTLifetime()booleanhasResponseMode()booleanhasScriptState()booleanisRefreshTokenValid()booleanisRFC8628Request()protected List<ClaimSource>newCSDeserialize(OA2SE oa2SE)protected voidnewCSSerialize(List<ClaimSource> sources)protected List<ClaimSource>oldCSDeserialize(OA2SE oa2SE)protected voidoldCSSerialize(List<ClaimSource> sources)voidsetAccessTokenLifetime(long access_token_lifetime)voidsetATData(net.sf.json.JSONObject atData)voidsetATJWT(String atJWT)voidsetAudience(List<String> audience)voidsetAuthGrantLifetime(long lifetime)voidsetAuthTime(Date authTime)voidsetClaimsSources(List<ClaimSource> sources)voidsetCodeChallenge(String codeChallenge)voidsetCodeChallengeMethod(String codeChallengeMethod)voidsetExtendedAttributes(net.sf.json.JSONObject jsonObject)voidsetFlowStates(FlowStates flowStates)voidsetMaxATLifetime(long max)voidsetMaxRTLifetime(long max)voidsetNonce(String nonce)voidsetProvisioningAdminID(edu.uiuc.ncsa.security.core.Identifier provisioningAdminID)Sets the provisioning admin partly so we don't have to look it up again and partly so that for very, very long lived transactions, there is absolutely no possibility that the VO can change.voidsetProvisioningClientID(edu.uiuc.ncsa.security.core.Identifier provisioningClientID)voidsetProxyId(String proxyId)voidsetProxyState(net.sf.json.JSONObject proxyState)voidsetQueriedATScopes(Collection<String> queriedATScopes)voidsetRefreshToken(RefreshToken refreshToken)voidsetRefreshTokenLifetime(long refreshTokenLifetime)voidsetRefreshTokenValid(boolean refreshTokenValid)voidsetRequestedATLifetime(long atLifetime)voidsetRequestedRTLifetime(long rtLifetime)voidsetRequestState(String requestState)voidsetResource(List<String> r)voidsetResponseMode(String mode)voidsetRFC8628Request(boolean b)voidsetRFC8628State(RFC8628State rfc8628State)voidsetRTData(net.sf.json.JSONObject rtData)voidsetRTJWT(String rtJWT)voidsetScopes(Collection<String> scopes)The scopes requested by the client.voidsetScriptState(String scriptState)Script engines have the option to save their state between calls too.voidsetState(net.sf.json.JSONObject state)Generally you should never set the state directly unless you know exactly how it is constructed.voidsetUserCode(String userCode)voidsetUserMetaData(net.sf.json.JSONObject claims)voidsetValidatedScopes(Collection<String> validatedScopes)Stringsummary()Summary for debugging.StringtoString()-
Methods inherited from class edu.uiuc.ncsa.myproxy.oa4mp.server.OA4MPServiceTransaction
getMyproxyUsername, setMyproxyUsername
-
Methods inherited from class edu.uiuc.ncsa.oa4mp.delegation.server.ServiceTransaction
getCallback, getCertReq, getCertReqString, getClient, getLifetime, getUsername, isAccessTokenValid, isAuthGrantValid, setAccessTokenValid, setAuthGrantValid, setCallback, setCertReq, setCertReq, setCertReqString, setClient, setLifetime, setUsername
-
Methods inherited from class edu.uiuc.ncsa.oa4mp.delegation.common.storage.transactions.BasicTransaction
checkTokenEquals, getAccessToken, getAuthorizationGrant, getProtectedAsset, getVerifier, hasAccessToken, hasAuthorizationGrant, hasProtectedAsset, hasVerifier, setAccessToken, setAuthorizationGrant, setProtectedAsset, setVerifier
-
Methods inherited from class edu.uiuc.ncsa.security.core.util.IdentifiableImpl
clone, getDescription, getIdentifier, getIdentifierString, isReadOnly, setDescription, setIdentifier, setReadOnly
-
-
-
-
Field Detail
-
FLOW_STATE_KEY
public String FLOW_STATE_KEY
-
CLAIMS_SOURCES_STATE_KEY
public String CLAIMS_SOURCES_STATE_KEY
-
CLAIMS_SOURCES_STATE_KEY2
public String CLAIMS_SOURCES_STATE_KEY2
-
STATE_KEY
public String STATE_KEY
-
STATE_COMMENT_KEY
public String STATE_COMMENT_KEY
-
CLAIMS_KEY
public String CLAIMS_KEY
-
SCRIPT_STATE_KEY
public String SCRIPT_STATE_KEY
-
AUDIENCE_KEY
public String AUDIENCE_KEY
-
RESOURCE_KEY
public String RESOURCE_KEY
-
QUERIED_ACCESS_TOKEN_SCOPES_KEY
public String QUERIED_ACCESS_TOKEN_SCOPES_KEY
-
RETURNED_ACCESS_TOKEN_JWT_KEY
public String RETURNED_ACCESS_TOKEN_JWT_KEY
-
RETURNED_REFRESH_TOKEN_JWT_KEY
public String RETURNED_REFRESH_TOKEN_JWT_KEY
-
proxyId
public String proxyId
-
RFC862_STATE_KEY
public static String RFC862_STATE_KEY
-
configtoCS
protected ConfigtoCS configtoCS
-
-
Constructor Detail
-
OA2ServiceTransaction
public OA2ServiceTransaction(AuthorizationGrant ag)
-
OA2ServiceTransaction
public OA2ServiceTransaction(edu.uiuc.ncsa.security.core.Identifier identifier)
-
-
Method Detail
-
getProxyId
public String getProxyId()
- Specified by:
getProxyIdin interfaceOIDCServiceTransactionInterface
-
setProxyId
public void setProxyId(String proxyId)
- Specified by:
setProxyIdin interfaceOIDCServiceTransactionInterface
-
getCreationTS
public Date getCreationTS()
- Specified by:
getCreationTSin interfaceedu.uiuc.ncsa.security.core.DateComparable
-
getUserCode
public String getUserCode()
-
setUserCode
public void setUserCode(String userCode)
-
getOA2Client
public OA2Client getOA2Client()
Convenience cast.- Returns:
-
getFlowStates
public FlowStates2 getFlowStates()
- Specified by:
getFlowStatesin interfaceOIDCServiceTransactionInterface
-
getRFC8628State
public RFC8628State getRFC8628State()
-
setProxyState
public void setProxyState(net.sf.json.JSONObject proxyState)
- Specified by:
setProxyStatein interfaceOIDCServiceTransactionInterface
-
getProxyState
public net.sf.json.JSONObject getProxyState()
- Specified by:
getProxyStatein interfaceOIDCServiceTransactionInterface
-
setRFC8628State
public void setRFC8628State(RFC8628State rfc8628State)
-
getAccessTokenLifetime
public long getAccessTokenLifetime()
- Specified by:
getAccessTokenLifetimein interfaceOIDCServiceTransactionInterface
-
setAccessTokenLifetime
public void setAccessTokenLifetime(long access_token_lifetime)
-
getAudience
public List<String> getAudience()
Clients may send an audience which is used by some components (notable SciTokens) but is generally optional. This is a list of them. This is returned as theOA2Claims.AUDIENCEclaim in JWT access tokens.
Note: These are simply logical names that describe the audience, such as "ALL" or "ligo_cluster." Compare withgetResource()which has a list of URIs for the same purpose.- Specified by:
getAudiencein interfaceOIDCServiceTransactionInterface- Returns:
-
setAudience
public void setAudience(List<String> audience)
- Specified by:
setAudiencein interfaceOIDCServiceTransactionInterface
-
isRFC8628Request
public boolean isRFC8628Request()
-
setRFC8628Request
public void setRFC8628Request(boolean b)
-
getResource
public List<String> getResource()
Resources are URIs that are used as part of theOA2Claims.AUDIENCEclaim in a (compound) access token.- Specified by:
getResourcein interfaceOIDCServiceTransactionInterface- Returns:
-
setResource
public void setResource(List<String> r)
- Specified by:
setResourcein interfaceOIDCServiceTransactionInterface
-
setState
public void setState(net.sf.json.JSONObject state)
Generally you should never set the state directly unless you know exactly how it is constructed.- Parameters:
state-
-
getState
public net.sf.json.JSONObject getState()
-
getExtendedAttributes
public net.sf.json.JSONObject getExtendedAttributes()
Extended attributes are sent over the wire as specific requests.- Specified by:
getExtendedAttributesin interfaceOIDCServiceTransactionInterface- Returns:
-
getAuthzGrantLifetime
public long getAuthzGrantLifetime()
- Specified by:
getAuthzGrantLifetimein interfaceOIDCServiceTransactionInterface
-
setAuthGrantLifetime
public void setAuthGrantLifetime(long lifetime)
-
setExtendedAttributes
public void setExtendedAttributes(net.sf.json.JSONObject jsonObject)
- Specified by:
setExtendedAttributesin interfaceOIDCServiceTransactionInterface
-
setFlowStates
public void setFlowStates(FlowStates flowStates)
- Specified by:
setFlowStatesin interfaceOIDCServiceTransactionInterface
-
setClaimsSources
public void setClaimsSources(List<ClaimSource> sources)
-
newCSSerialize
protected void newCSSerialize(List<ClaimSource> sources)
-
oldCSSerialize
protected void oldCSSerialize(List<ClaimSource> sources)
-
getClaimSources
public List<ClaimSource> getClaimSources(OA2SE oa2SE)
-
getConfigToCS
public ConfigtoCS getConfigToCS()
-
newCSDeserialize
protected List<ClaimSource> newCSDeserialize(OA2SE oa2SE) throws Throwable
- Throws:
Throwable
-
oldCSDeserialize
protected List<ClaimSource> oldCSDeserialize(OA2SE oa2SE) throws Throwable
- Throws:
Throwable
-
setScriptState
public void setScriptState(String scriptState)
Script engines have the option to save their state between calls too. The argument is a (probably base 64 encoded) string that will be returned on request.- Parameters:
scriptState-
-
hasScriptState
public boolean hasScriptState()
-
getScriptState
public String getScriptState()
-
getUserMetaData
public net.sf.json.JSONObject getUserMetaData()
- Specified by:
getUserMetaDatain interfaceOA2TransactionScopes- Specified by:
getUserMetaDatain interfaceOIDCServiceTransactionInterface
-
setUserMetaData
public void setUserMetaData(net.sf.json.JSONObject claims)
- Specified by:
setUserMetaDatain interfaceOIDCServiceTransactionInterface
-
getATData
public net.sf.json.JSONObject getATData()
-
setATData
public void setATData(net.sf.json.JSONObject atData)
-
getProvisioningAdminID
public edu.uiuc.ncsa.security.core.Identifier getProvisioningAdminID()
-
setProvisioningAdminID
public void setProvisioningAdminID(edu.uiuc.ncsa.security.core.Identifier provisioningAdminID)
Sets the provisioning admin partly so we don't have to look it up again and partly so that for very, very long lived transactions, there is absolutely no possibility that the VO can change.- Parameters:
provisioningAdminID-
-
getProvisioningClientID
public edu.uiuc.ncsa.security.core.Identifier getProvisioningClientID()
Set if this transaction is from a substitution. This is the ID of the client that originally started the flow.- Returns:
-
setProvisioningClientID
public void setProvisioningClientID(edu.uiuc.ncsa.security.core.Identifier provisioningClientID)
-
setRTData
public void setRTData(net.sf.json.JSONObject rtData)
-
getRTData
public net.sf.json.JSONObject getRTData()
-
getResponseMode
public String getResponseMode()
-
setResponseMode
public void setResponseMode(String mode)
-
hasResponseMode
public boolean hasResponseMode()
-
getRequestedATLifetime
public long getRequestedATLifetime()
-
hasRequestedATLifetime
public boolean hasRequestedATLifetime()
-
setRequestedATLifetime
public void setRequestedATLifetime(long atLifetime)
-
getRequestedRTLifetime
public long getRequestedRTLifetime()
-
setRequestedRTLifetime
public void setRequestedRTLifetime(long rtLifetime)
-
hasRequestedRTLifetime
public boolean hasRequestedRTLifetime()
-
getMaxAtLifetime
public long getMaxAtLifetime()
-
setMaxATLifetime
public void setMaxATLifetime(long max)
-
hasMaxATLifetime
public boolean hasMaxATLifetime()
-
getMaxRtLifetime
public long getMaxRtLifetime()
-
setMaxRTLifetime
public void setMaxRTLifetime(long max)
-
hasMaxRTLifetime
public boolean hasMaxRTLifetime()
-
hasCodeChallenge
public boolean hasCodeChallenge()
-
getCodeChallenge
public String getCodeChallenge()
-
setCodeChallenge
public void setCodeChallenge(String codeChallenge)
-
getCodeChallengeMethod
public String getCodeChallengeMethod()
-
setCodeChallengeMethod
public void setCodeChallengeMethod(String codeChallengeMethod)
-
hasAuthTime
public boolean hasAuthTime()
-
getAuthTime
public Date getAuthTime()
-
setAuthTime
public void setAuthTime(Date authTime)
-
getScopes
public Collection<String> getScopes()
The resolved scopes for this transaction. This means that the intersection of the client's allowed scopes, the client's requested scopes and the scopes enabled on the server are placed here. This should be passed to anything that needs the scopes (e.g. aClaimSource.- Specified by:
getScopesin interfaceOA2TransactionScopes- Specified by:
getScopesin interfaceOIDCServiceTransactionInterface- Returns:
-
setScopes
public void setScopes(Collection<String> scopes)
The scopes requested by the client. This does not mean they are all allowed, just so we have a list of them- Specified by:
setScopesin interfaceOIDCServiceTransactionInterface- Parameters:
scopes-
-
getNonce
public String getNonce()
-
setNonce
public void setNonce(String nonce)
-
isRefreshTokenValid
public boolean isRefreshTokenValid()
-
setRefreshTokenValid
public void setRefreshTokenValid(boolean refreshTokenValid)
-
getRefreshTokenLifetime
public long getRefreshTokenLifetime()
- Specified by:
getRefreshTokenLifetimein interfaceOIDCServiceTransactionInterface
-
setRefreshTokenLifetime
public void setRefreshTokenLifetime(long refreshTokenLifetime)
-
getRequestState
public String getRequestState()
This is the state parameter in the initial request, if present- Returns:
-
setRequestState
public void setRequestState(String requestState)
-
hasRefreshToken
public boolean hasRefreshToken()
-
getRefreshToken
public RefreshToken getRefreshToken()
-
setRefreshToken
public void setRefreshToken(RefreshToken refreshToken)
-
formatToString
protected String formatToString()
- Overrides:
formatToStringin classOA4MPServiceTransaction
-
toString
public String toString()
- Overrides:
toStringin classServiceTransaction
-
equals
public boolean equals(Object obj)
- Overrides:
equalsin classOA4MPServiceTransaction
-
getValidatedScopes
public Collection<String> getValidatedScopes()
The scopes that the user actually consented to on the user consent page. These are set once and never updated to prevent up scoping.- Returns:
-
setValidatedScopes
public void setValidatedScopes(Collection<String> validatedScopes)
-
getQueriedATScopes
public Collection<String> getQueriedATScopes()
-
setQueriedATScopes
public void setQueriedATScopes(Collection<String> queriedATScopes)
-
getATJWT
public String getATJWT()
If an JWT access token was returned, a copy is saved here.- Returns:
-
setATJWT
public void setATJWT(String atJWT)
-
getRTJWT
public String getRTJWT()
If an JWT refresh token was returned, a copy is saved here.- Returns:
-
setRTJWT
public void setRTJWT(String rtJWT)
-
firstSix
protected String firstSix(URI id)
Get the last 6 characters of the unique part of an identifer- Parameters:
id-- Returns:
-
summary
public String summary()
Summary for debugging.- Returns:
-
-