Class ProxyUtils


  • public class ProxyUtils
    extends Object
    Class with shared proxy utilities

    Created by Jeff Gaynor
    on 3/4/22 at 4:55 PM

    • Constructor Detail

      • ProxyUtils

        public ProxyUtils()
    • Method Detail

      • doProxyRedirect

        protected static void doProxyRedirect​(OA2SE oa2SE,
                                              OA2ServiceTransaction t,
                                              javax.servlet.http.HttpServletResponse response)
                                       throws Throwable
        In the Authorization servlet, this creates the redirect to the proxy and redirects the user's browser.
        Parameters:
        oa2SE -
        t -
        response -
        Throws:
        Throwable
      • setClaimsFromProxy

        protected static void setClaimsFromProxy​(OA2ServiceTransaction t,
                                                 net.sf.json.JSONObject proxyClaims,
                                                 edu.uiuc.ncsa.security.core.util.MetaDebugUtil debugger)
      • doProxyClaimsRefresh

        protected static void doProxyClaimsRefresh​(OA2SE oa2SE,
                                                   OA2ServiceTransaction t)
                                            throws Throwable
        Attempt to do a refresh of the claims from the proxy server. This is not sued yet since there are a lot of policy type decisions to make. For instance, what if the lifetimes of tokens on the proxy are much shorter than on the server? Then there has to be some way to communicate that no updates to the claims are possible.
        Parameters:
        oa2SE -
        t -
        Throws:
        Exception
        Throwable
      • getRequestScopes

        protected static Collection<String> getRequestScopes​(OA2ServiceTransaction t,
                                                             OA2CLCCommands clcCommands)
        This will take the various bits and determine the actual scopes that should be in the request to the proxy.

        Logic

        • forward scopes to proxy: true
               ⇒ forward everything allowed
        • forward scopes to proxy: false
          • OA2Client.getProxyRequestScopes() is trivial
                 ⇒ forward full set of configured scopes for the proxy
          • else
                 ⇒ forward intersection of this list with the configured scopes for the proxy
          • If the proxy requests scopes contains the reserved scope of NO_PROXY_SCOPES, then request no scopes at all from the proxy server.
        When we say above to forward everything allowed, we mean that the policies for scopes are applied to the request as per usual (e.g. a public client with strict scopes on cannot even make a request with extra scopes). On top of this, even if the client requests forwarding, the proxy itself may restrict scopes and is free to reject them.
        Parameters:
        t -
        clcCommands -
        Returns: