Package edu.uiuc.ncsa.oa2.servlet
Class ProxyUtils
- java.lang.Object
-
- edu.uiuc.ncsa.oa2.servlet.ProxyUtils
-
public class ProxyUtils extends Object
Class with shared proxy utilitiesCreated by Jeff Gaynor
on 3/4/22 at 4:55 PM
-
-
Field Summary
Fields Modifier and Type Field Description static StringNO_PROXY_SCOPES
-
Constructor Summary
Constructors Constructor Description ProxyUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description protected static OA2CLCCommandscreateCLC(OA2SE oa2SE, OA2ServiceTransaction t)Create a completely new CLC and load the configuration into it.protected static voiddoProxy(OA2SE oa2SE, AbstractAuthorizationServlet.AuthorizedState state)protected static voiddoProxy(OA2SE oa2SE, RFC8628AuthorizationServer.PendingState pendingState)protected static voiddoProxyClaimsRefresh(OA2SE oa2SE, OA2ServiceTransaction t)Attempt to do a refresh of the claims from the proxy server.protected static voiddoProxyRedirect(OA2SE oa2SE, OA2ServiceTransaction t, javax.servlet.http.HttpServletResponse response)In the Authorization servlet, this creates the redirect to the proxy and redirects the user's browser.protected static voiddoRFC8628AT(OA2SE oa2SE, OA2ServiceTransaction t)protected static OA2CLCCommandsgetCLC(OA2SE oa2SE, OA2ServiceTransaction t)Get the fully functional CLC (Command Line Client) associated with this transaction.protected static StringgetProxyUserCode(OA2SE oa2SE, OA2ServiceTransaction t, RFC8628State rfc8628State)Sets up device flow with proxy and populates theRFC8628Statewith the information from the proxy.protected static Collection<String>getRequestScopes(OA2ServiceTransaction t, OA2CLCCommands clcCommands)This will take the various bits and determine the actual scopes that should be in the request to the proxy.protected static voidsetClaimsFromProxy(OA2ServiceTransaction t, net.sf.json.JSONObject proxyClaims, edu.uiuc.ncsa.security.core.util.MetaDebugUtil debugger)protected static OA2ATExceptiontoOA2X(edu.uiuc.ncsa.security.servlet.ServiceClientHTTPException serviceClientHTTPException, OA2ServiceTransaction t)protected static voiduserCodeToProxyRedirect(OA2SE oa2SE, OA2ServiceTransaction t, RFC8628AuthorizationServer.PendingState pendingState)Takes the user code in the service transaction (which has been found) and does the redirect to the proxy for login.
-
-
-
Field Detail
-
NO_PROXY_SCOPES
public static final String NO_PROXY_SCOPES
- See Also:
- Constant Field Values
-
-
Method Detail
-
doProxy
protected static void doProxy(OA2SE oa2SE, RFC8628AuthorizationServer.PendingState pendingState) throws Throwable
- Throws:
Throwable
-
doProxy
protected static void doProxy(OA2SE oa2SE, AbstractAuthorizationServlet.AuthorizedState state) throws Throwable
- Throws:
Throwable
-
doProxyRedirect
protected static void doProxyRedirect(OA2SE oa2SE, OA2ServiceTransaction t, javax.servlet.http.HttpServletResponse response) throws Throwable
In the Authorization servlet, this creates the redirect to the proxy and redirects the user's browser.- Parameters:
oa2SE-t-response-- Throws:
Throwable
-
getProxyUserCode
protected static String getProxyUserCode(OA2SE oa2SE, OA2ServiceTransaction t, RFC8628State rfc8628State) throws Throwable
Sets up device flow with proxy and populates theRFC8628Statewith the information from the proxy. This returns the proxy's user code.
-
userCodeToProxyRedirect
protected static void userCodeToProxyRedirect(OA2SE oa2SE, OA2ServiceTransaction t, RFC8628AuthorizationServer.PendingState pendingState) throws Throwable
Takes the user code in the service transaction (which has been found) and does the redirect to the proxy for login. For RFC8628- Parameters:
oa2SE-t-- Throws:
Throwable
-
getCLC
protected static OA2CLCCommands getCLC(OA2SE oa2SE, OA2ServiceTransaction t) throws Throwable
Get the fully functional CLC (Command Line Client) associated with this transaction. Note that if you update the client, you must save the state
-
createCLC
protected static OA2CLCCommands createCLC(OA2SE oa2SE, OA2ServiceTransaction t) throws Throwable
Create a completely new CLC and load the configuration into it.
-
doRFC8628AT
protected static void doRFC8628AT(OA2SE oa2SE, OA2ServiceTransaction t) throws Throwable
- Throws:
Throwable
-
toOA2X
protected static OA2ATException toOA2X(edu.uiuc.ncsa.security.servlet.ServiceClientHTTPException serviceClientHTTPException, OA2ServiceTransaction t)
-
setClaimsFromProxy
protected static void setClaimsFromProxy(OA2ServiceTransaction t, net.sf.json.JSONObject proxyClaims, edu.uiuc.ncsa.security.core.util.MetaDebugUtil debugger)
-
doProxyClaimsRefresh
protected static void doProxyClaimsRefresh(OA2SE oa2SE, OA2ServiceTransaction t) throws Throwable
Attempt to do a refresh of the claims from the proxy server. This is not sued yet since there are a lot of policy type decisions to make. For instance, what if the lifetimes of tokens on the proxy are much shorter than on the server? Then there has to be some way to communicate that no updates to the claims are possible.
-
getRequestScopes
protected static Collection<String> getRequestScopes(OA2ServiceTransaction t, OA2CLCCommands clcCommands)
This will take the various bits and determine the actual scopes that should be in the request to the proxy.Logic
- forward scopes to proxy: true
⇒ forward everything allowed - forward scopes to proxy: false
OA2Client.getProxyRequestScopes()is trivial
⇒ forward full set of configured scopes for the proxy- else
⇒ forward intersection of this list with the configured scopes for the proxy - If the proxy requests scopes contains the reserved scope of
NO_PROXY_SCOPES, then request no scopes at all from the proxy server.
- Parameters:
t-clcCommands-- Returns:
- forward scopes to proxy: true
-
-