Class OA2ServiceTransaction
- java.lang.Object
-
- edu.uiuc.ncsa.security.core.util.IdentifiableImpl
-
- org.oa4mp.delegation.common.transactions.storage.BasicTransaction
-
- edu.uiuc.ncsa.oa4mp.delegation.server.ServiceTransaction
-
- org.oa4mp.server.api.OA4MPServiceTransaction
-
- org.oa4mp.server.loader.oauth2.storage.transactions.OA2ServiceTransaction
-
- All Implemented Interfaces:
OA2TransactionScopes
,OIDCServiceTransactionInterface
,edu.uiuc.ncsa.security.core.cache.Cacheable
,edu.uiuc.ncsa.security.core.DateComparable
,edu.uiuc.ncsa.security.core.Identifiable
,Serializable
,Cloneable
public class OA2ServiceTransaction extends OA4MPServiceTransaction implements OA2TransactionScopes, OIDCServiceTransactionInterface, edu.uiuc.ncsa.security.core.DateComparable
Created by Jeff Gaynor
on 2/28/14 at 1:46 PM- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description String
AUDIENCE_KEY
String
CLAIMS_KEY
String
CLAIMS_SOURCES_STATE_KEY
String
CLAIMS_SOURCES_STATE_KEY2
protected ConfigtoCS
configtoCS
String
FLOW_STATE_KEY
String
proxyId
String
QUERIED_ACCESS_TOKEN_SCOPES_KEY
String
RESOURCE_KEY
String
RETURNED_ACCESS_TOKEN_JWT_KEY
String
RETURNED_REFRESH_TOKEN_JWT_KEY
static String
RFC862_STATE_KEY
String
SCRIPT_STATE_KEY
String
STATE_COMMENT_KEY
String
STATE_KEY
-
Fields inherited from class edu.uiuc.ncsa.oa4mp.delegation.server.ServiceTransaction
accessTokenValid, authGrantValid
-
Fields inherited from class edu.uiuc.ncsa.oa4mp.delegation.common.storage.transactions.BasicTransaction
authorizationGrant
-
-
Constructor Summary
Constructors Constructor Description OA2ServiceTransaction(AuthorizationGrant ag)
OA2ServiceTransaction(edu.uiuc.ncsa.security.core.Identifier identifier)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
equals(Object obj)
protected String
firstSix(URI id)
Get the last 6 characters of the unique part of an identiferprotected String
formatToString()
long
getAccessTokenLifetime()
net.sf.json.JSONObject
getATData()
String
getATJWT()
If an JWT access token was returned, a copy is saved here.List<String>
getAudience()
Clients may send an audience which is used by some components (notable SciTokens) but is generally optional.Date
getAuthTime()
long
getAuthzGrantLifetime()
List<ClaimSource>
getClaimSources(OA2SE oa2SE)
String
getCodeChallenge()
String
getCodeChallengeMethod()
ConfigtoCS
getConfigToCS()
Date
getCreationTS()
net.sf.json.JSONObject
getExtendedAttributes()
Extended attributes are sent over the wire as specific requests.FlowStates2
getFlowStates()
long
getMaxAtLifetime()
long
getMaxRtLifetime()
String
getNonce()
OA2Client
getOA2Client()
Convenience cast.edu.uiuc.ncsa.security.core.Identifier
getProvisioningAdminID()
edu.uiuc.ncsa.security.core.Identifier
getProvisioningClientID()
Set if this transaction is from a substitution.String
getProxyId()
net.sf.json.JSONObject
getProxyState()
Collection<String>
getQueriedATScopes()
RefreshToken
getRefreshToken()
long
getRefreshTokenLifetime()
long
getRequestedATLifetime()
long
getRequestedRTLifetime()
String
getRequestState()
This is the state parameter in the initial request, if presentList<String>
getResource()
Resources are URIs that are used as part of theOA2Claims.AUDIENCE
claim in a (compound) access token.String
getResponseMode()
RFC8628State
getRFC8628State()
net.sf.json.JSONObject
getRTData()
String
getRTJWT()
If an JWT refresh token was returned, a copy is saved here.Collection<String>
getScopes()
The resolved scopes for this transaction.String
getScriptState()
net.sf.json.JSONObject
getState()
String
getUserCode()
net.sf.json.JSONObject
getUserMetaData()
Collection<String>
getValidatedScopes()
The scopes that the user actually consented to on the user consent page.boolean
hasAuthTime()
boolean
hasCodeChallenge()
boolean
hasMaxATLifetime()
boolean
hasMaxRTLifetime()
boolean
hasRefreshToken()
boolean
hasRequestedATLifetime()
boolean
hasRequestedRTLifetime()
boolean
hasResponseMode()
boolean
hasScriptState()
boolean
isRefreshTokenValid()
boolean
isRFC8628Request()
protected List<ClaimSource>
newCSDeserialize(OA2SE oa2SE)
protected void
newCSSerialize(List<ClaimSource> sources)
protected List<ClaimSource>
oldCSDeserialize(OA2SE oa2SE)
protected void
oldCSSerialize(List<ClaimSource> sources)
void
setAccessTokenLifetime(long access_token_lifetime)
void
setATData(net.sf.json.JSONObject atData)
void
setATJWT(String atJWT)
void
setAudience(List<String> audience)
void
setAuthGrantLifetime(long lifetime)
void
setAuthTime(Date authTime)
void
setClaimsSources(List<ClaimSource> sources)
void
setCodeChallenge(String codeChallenge)
void
setCodeChallengeMethod(String codeChallengeMethod)
void
setExtendedAttributes(net.sf.json.JSONObject jsonObject)
void
setFlowStates(FlowStates flowStates)
void
setMaxATLifetime(long max)
void
setMaxRTLifetime(long max)
void
setNonce(String nonce)
void
setProvisioningAdminID(edu.uiuc.ncsa.security.core.Identifier provisioningAdminID)
Sets the provisioning admin partly so we don't have to look it up again and partly so that for very, very long lived transactions, there is absolutely no possibility that the VO can change.void
setProvisioningClientID(edu.uiuc.ncsa.security.core.Identifier provisioningClientID)
void
setProxyId(String proxyId)
void
setProxyState(net.sf.json.JSONObject proxyState)
void
setQueriedATScopes(Collection<String> queriedATScopes)
void
setRefreshToken(RefreshToken refreshToken)
void
setRefreshTokenLifetime(long refreshTokenLifetime)
void
setRefreshTokenValid(boolean refreshTokenValid)
void
setRequestedATLifetime(long atLifetime)
void
setRequestedRTLifetime(long rtLifetime)
void
setRequestState(String requestState)
void
setResource(List<String> r)
void
setResponseMode(String mode)
void
setRFC8628Request(boolean b)
void
setRFC8628State(RFC8628State rfc8628State)
void
setRTData(net.sf.json.JSONObject rtData)
void
setRTJWT(String rtJWT)
void
setScopes(Collection<String> scopes)
The scopes requested by the client.void
setScriptState(String scriptState)
Script engines have the option to save their state between calls too.void
setState(net.sf.json.JSONObject state)
Generally you should never set the state directly unless you know exactly how it is constructed.void
setUserCode(String userCode)
void
setUserMetaData(net.sf.json.JSONObject claims)
void
setValidatedScopes(Collection<String> validatedScopes)
String
summary()
Summary for debugging.String
toString()
-
Methods inherited from class edu.uiuc.ncsa.myproxy.oa4mp.server.OA4MPServiceTransaction
getMyproxyUsername, setMyproxyUsername
-
Methods inherited from class edu.uiuc.ncsa.oa4mp.delegation.server.ServiceTransaction
getCallback, getCertReq, getCertReqString, getClient, getLifetime, getUsername, isAccessTokenValid, isAuthGrantValid, setAccessTokenValid, setAuthGrantValid, setCallback, setCertReq, setCertReq, setCertReqString, setClient, setLifetime, setUsername
-
Methods inherited from class edu.uiuc.ncsa.oa4mp.delegation.common.storage.transactions.BasicTransaction
checkTokenEquals, getAccessToken, getAuthorizationGrant, getProtectedAsset, getVerifier, hasAccessToken, hasAuthorizationGrant, hasProtectedAsset, hasVerifier, setAccessToken, setAuthorizationGrant, setProtectedAsset, setVerifier
-
Methods inherited from class edu.uiuc.ncsa.security.core.util.IdentifiableImpl
clone, getDescription, getIdentifier, getIdentifierString, isReadOnly, setDescription, setIdentifier, setReadOnly
-
-
-
-
Field Detail
-
FLOW_STATE_KEY
public String FLOW_STATE_KEY
-
CLAIMS_SOURCES_STATE_KEY
public String CLAIMS_SOURCES_STATE_KEY
-
CLAIMS_SOURCES_STATE_KEY2
public String CLAIMS_SOURCES_STATE_KEY2
-
STATE_KEY
public String STATE_KEY
-
STATE_COMMENT_KEY
public String STATE_COMMENT_KEY
-
CLAIMS_KEY
public String CLAIMS_KEY
-
SCRIPT_STATE_KEY
public String SCRIPT_STATE_KEY
-
AUDIENCE_KEY
public String AUDIENCE_KEY
-
RESOURCE_KEY
public String RESOURCE_KEY
-
QUERIED_ACCESS_TOKEN_SCOPES_KEY
public String QUERIED_ACCESS_TOKEN_SCOPES_KEY
-
RETURNED_ACCESS_TOKEN_JWT_KEY
public String RETURNED_ACCESS_TOKEN_JWT_KEY
-
RETURNED_REFRESH_TOKEN_JWT_KEY
public String RETURNED_REFRESH_TOKEN_JWT_KEY
-
proxyId
public String proxyId
-
RFC862_STATE_KEY
public static String RFC862_STATE_KEY
-
configtoCS
protected ConfigtoCS configtoCS
-
-
Constructor Detail
-
OA2ServiceTransaction
public OA2ServiceTransaction(AuthorizationGrant ag)
-
OA2ServiceTransaction
public OA2ServiceTransaction(edu.uiuc.ncsa.security.core.Identifier identifier)
-
-
Method Detail
-
getProxyId
public String getProxyId()
- Specified by:
getProxyId
in interfaceOIDCServiceTransactionInterface
-
setProxyId
public void setProxyId(String proxyId)
- Specified by:
setProxyId
in interfaceOIDCServiceTransactionInterface
-
getCreationTS
public Date getCreationTS()
- Specified by:
getCreationTS
in interfaceedu.uiuc.ncsa.security.core.DateComparable
-
getUserCode
public String getUserCode()
-
setUserCode
public void setUserCode(String userCode)
-
getOA2Client
public OA2Client getOA2Client()
Convenience cast.- Returns:
-
getFlowStates
public FlowStates2 getFlowStates()
- Specified by:
getFlowStates
in interfaceOIDCServiceTransactionInterface
-
getRFC8628State
public RFC8628State getRFC8628State()
-
setProxyState
public void setProxyState(net.sf.json.JSONObject proxyState)
- Specified by:
setProxyState
in interfaceOIDCServiceTransactionInterface
-
getProxyState
public net.sf.json.JSONObject getProxyState()
- Specified by:
getProxyState
in interfaceOIDCServiceTransactionInterface
-
setRFC8628State
public void setRFC8628State(RFC8628State rfc8628State)
-
getAccessTokenLifetime
public long getAccessTokenLifetime()
- Specified by:
getAccessTokenLifetime
in interfaceOIDCServiceTransactionInterface
-
setAccessTokenLifetime
public void setAccessTokenLifetime(long access_token_lifetime)
-
getAudience
public List<String> getAudience()
Clients may send an audience which is used by some components (notable SciTokens) but is generally optional. This is a list of them. This is returned as theOA2Claims.AUDIENCE
claim in JWT access tokens.
Note: These are simply logical names that describe the audience, such as "ALL" or "ligo_cluster." Compare withgetResource()
which has a list of URIs for the same purpose.- Specified by:
getAudience
in interfaceOIDCServiceTransactionInterface
- Returns:
-
setAudience
public void setAudience(List<String> audience)
- Specified by:
setAudience
in interfaceOIDCServiceTransactionInterface
-
isRFC8628Request
public boolean isRFC8628Request()
-
setRFC8628Request
public void setRFC8628Request(boolean b)
-
getResource
public List<String> getResource()
Resources are URIs that are used as part of theOA2Claims.AUDIENCE
claim in a (compound) access token.- Specified by:
getResource
in interfaceOIDCServiceTransactionInterface
- Returns:
-
setResource
public void setResource(List<String> r)
- Specified by:
setResource
in interfaceOIDCServiceTransactionInterface
-
setState
public void setState(net.sf.json.JSONObject state)
Generally you should never set the state directly unless you know exactly how it is constructed.- Parameters:
state
-
-
getState
public net.sf.json.JSONObject getState()
-
getExtendedAttributes
public net.sf.json.JSONObject getExtendedAttributes()
Extended attributes are sent over the wire as specific requests.- Specified by:
getExtendedAttributes
in interfaceOIDCServiceTransactionInterface
- Returns:
-
getAuthzGrantLifetime
public long getAuthzGrantLifetime()
- Specified by:
getAuthzGrantLifetime
in interfaceOIDCServiceTransactionInterface
-
setAuthGrantLifetime
public void setAuthGrantLifetime(long lifetime)
-
setExtendedAttributes
public void setExtendedAttributes(net.sf.json.JSONObject jsonObject)
- Specified by:
setExtendedAttributes
in interfaceOIDCServiceTransactionInterface
-
setFlowStates
public void setFlowStates(FlowStates flowStates)
- Specified by:
setFlowStates
in interfaceOIDCServiceTransactionInterface
-
setClaimsSources
public void setClaimsSources(List<ClaimSource> sources)
-
newCSSerialize
protected void newCSSerialize(List<ClaimSource> sources)
-
oldCSSerialize
protected void oldCSSerialize(List<ClaimSource> sources)
-
getClaimSources
public List<ClaimSource> getClaimSources(OA2SE oa2SE)
-
getConfigToCS
public ConfigtoCS getConfigToCS()
-
newCSDeserialize
protected List<ClaimSource> newCSDeserialize(OA2SE oa2SE) throws Throwable
- Throws:
Throwable
-
oldCSDeserialize
protected List<ClaimSource> oldCSDeserialize(OA2SE oa2SE) throws Throwable
- Throws:
Throwable
-
setScriptState
public void setScriptState(String scriptState)
Script engines have the option to save their state between calls too. The argument is a (probably base 64 encoded) string that will be returned on request.- Parameters:
scriptState
-
-
hasScriptState
public boolean hasScriptState()
-
getScriptState
public String getScriptState()
-
getUserMetaData
public net.sf.json.JSONObject getUserMetaData()
- Specified by:
getUserMetaData
in interfaceOA2TransactionScopes
- Specified by:
getUserMetaData
in interfaceOIDCServiceTransactionInterface
-
setUserMetaData
public void setUserMetaData(net.sf.json.JSONObject claims)
- Specified by:
setUserMetaData
in interfaceOIDCServiceTransactionInterface
-
getATData
public net.sf.json.JSONObject getATData()
-
setATData
public void setATData(net.sf.json.JSONObject atData)
-
getProvisioningAdminID
public edu.uiuc.ncsa.security.core.Identifier getProvisioningAdminID()
-
setProvisioningAdminID
public void setProvisioningAdminID(edu.uiuc.ncsa.security.core.Identifier provisioningAdminID)
Sets the provisioning admin partly so we don't have to look it up again and partly so that for very, very long lived transactions, there is absolutely no possibility that the VO can change.- Parameters:
provisioningAdminID
-
-
getProvisioningClientID
public edu.uiuc.ncsa.security.core.Identifier getProvisioningClientID()
Set if this transaction is from a substitution. This is the ID of the client that originally started the flow.- Returns:
-
setProvisioningClientID
public void setProvisioningClientID(edu.uiuc.ncsa.security.core.Identifier provisioningClientID)
-
setRTData
public void setRTData(net.sf.json.JSONObject rtData)
-
getRTData
public net.sf.json.JSONObject getRTData()
-
getResponseMode
public String getResponseMode()
-
setResponseMode
public void setResponseMode(String mode)
-
hasResponseMode
public boolean hasResponseMode()
-
getRequestedATLifetime
public long getRequestedATLifetime()
-
hasRequestedATLifetime
public boolean hasRequestedATLifetime()
-
setRequestedATLifetime
public void setRequestedATLifetime(long atLifetime)
-
getRequestedRTLifetime
public long getRequestedRTLifetime()
-
setRequestedRTLifetime
public void setRequestedRTLifetime(long rtLifetime)
-
hasRequestedRTLifetime
public boolean hasRequestedRTLifetime()
-
getMaxAtLifetime
public long getMaxAtLifetime()
-
setMaxATLifetime
public void setMaxATLifetime(long max)
-
hasMaxATLifetime
public boolean hasMaxATLifetime()
-
getMaxRtLifetime
public long getMaxRtLifetime()
-
setMaxRTLifetime
public void setMaxRTLifetime(long max)
-
hasMaxRTLifetime
public boolean hasMaxRTLifetime()
-
hasCodeChallenge
public boolean hasCodeChallenge()
-
getCodeChallenge
public String getCodeChallenge()
-
setCodeChallenge
public void setCodeChallenge(String codeChallenge)
-
getCodeChallengeMethod
public String getCodeChallengeMethod()
-
setCodeChallengeMethod
public void setCodeChallengeMethod(String codeChallengeMethod)
-
hasAuthTime
public boolean hasAuthTime()
-
getAuthTime
public Date getAuthTime()
-
setAuthTime
public void setAuthTime(Date authTime)
-
getScopes
public Collection<String> getScopes()
The resolved scopes for this transaction. This means that the intersection of the client's allowed scopes, the client's requested scopes and the scopes enabled on the server are placed here. This should be passed to anything that needs the scopes (e.g. aClaimSource
.- Specified by:
getScopes
in interfaceOA2TransactionScopes
- Specified by:
getScopes
in interfaceOIDCServiceTransactionInterface
- Returns:
-
setScopes
public void setScopes(Collection<String> scopes)
The scopes requested by the client. This does not mean they are all allowed, just so we have a list of them- Specified by:
setScopes
in interfaceOIDCServiceTransactionInterface
- Parameters:
scopes
-
-
getNonce
public String getNonce()
-
setNonce
public void setNonce(String nonce)
-
isRefreshTokenValid
public boolean isRefreshTokenValid()
-
setRefreshTokenValid
public void setRefreshTokenValid(boolean refreshTokenValid)
-
getRefreshTokenLifetime
public long getRefreshTokenLifetime()
- Specified by:
getRefreshTokenLifetime
in interfaceOIDCServiceTransactionInterface
-
setRefreshTokenLifetime
public void setRefreshTokenLifetime(long refreshTokenLifetime)
-
getRequestState
public String getRequestState()
This is the state parameter in the initial request, if present- Returns:
-
setRequestState
public void setRequestState(String requestState)
-
hasRefreshToken
public boolean hasRefreshToken()
-
getRefreshToken
public RefreshToken getRefreshToken()
-
setRefreshToken
public void setRefreshToken(RefreshToken refreshToken)
-
formatToString
protected String formatToString()
- Overrides:
formatToString
in classOA4MPServiceTransaction
-
toString
public String toString()
- Overrides:
toString
in classServiceTransaction
-
equals
public boolean equals(Object obj)
- Overrides:
equals
in classOA4MPServiceTransaction
-
getValidatedScopes
public Collection<String> getValidatedScopes()
The scopes that the user actually consented to on the user consent page. These are set once and never updated to prevent up scoping.- Returns:
-
setValidatedScopes
public void setValidatedScopes(Collection<String> validatedScopes)
-
getQueriedATScopes
public Collection<String> getQueriedATScopes()
-
setQueriedATScopes
public void setQueriedATScopes(Collection<String> queriedATScopes)
-
getATJWT
public String getATJWT()
If an JWT access token was returned, a copy is saved here.- Returns:
-
setATJWT
public void setATJWT(String atJWT)
-
getRTJWT
public String getRTJWT()
If an JWT refresh token was returned, a copy is saved here.- Returns:
-
setRTJWT
public void setRTJWT(String rtJWT)
-
firstSix
protected String firstSix(URI id)
Get the last 6 characters of the unique part of an identifer- Parameters:
id
-- Returns:
-
summary
public String summary()
Summary for debugging.- Returns:
-
-