Interface PayloadHandler
-
- All Superinterfaces:
Serializable
- All Known Subinterfaces:
AccessTokenHandlerInterface,RefreshTokenHandlerInterface
public interface PayloadHandler extends Serializable
This class is charged with creating and managing the payload of a single type of JWT. As we get more types of these (OIDC, SciToken, etc.) each of these has completely separate requirements for creating, management and such. All of that should be encapsulated into a class.Created by Jeff Gaynor
on 2/15/20 at 7:13 AM
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description voidaddRequestState(edu.uiuc.ncsa.security.util.scripting.ScriptRunRequest req)Marshall any resources this script needs to make a request.voidcheckClaims()Called after the runner has gotten the claims so that this class can check integrity.net.sf.json.JSONObjectexecute(ClaimSource source, net.sf.json.JSONObject claims)Runs this specific claim source against the internal state of this class.voidfinish(String execPhase)Called at the very end of all processing, this lets the handler, clean up or whatever it needs to do.net.sf.json.JSONObjectgetExtendedAttributes()Get the claims (the actual payload).net.sf.json.JSONObjectgetPayload()The payload for this is the actual token created (payload is the middle of a JWT, e.g.)PayloadHandlerConfiggetPhCfg()intgetResponseCode()TokenImplgetSignedPayload(edu.uiuc.ncsa.security.util.jwk.JSONWebKey key)TokenImplgetSignedPayload(edu.uiuc.ncsa.security.util.jwk.JSONWebKey key, String headerType)Take the payload of this and sign it with the given key, using the header as needed.List<ClaimSource>getSources()These are the sources that the runner will use to populate the claimsvoidhandleResponse(edu.uiuc.ncsa.security.util.scripting.ScriptRunResponse resp)This takes the response from a script and unmarshalls the resourcesbooleanhasScript()voidinit()Creates and initializes the claims object this class manages.voidrefresh()If the claims need to be updated (e.g.voidrefreshAccountingInformation()This is used on refresh only.voidsaveState(String execPhase)Called at the end of each block, this lets the handler save its state.voidsetAccountingInformation()This sets the accounting information (such as the expiration and such) for a token.voidsetPayload(net.sf.json.JSONObject payload)voidsetPhCfg(PayloadHandlerConfig phCfg)voidsetResponseCode(int responseCode)
-
-
-
Method Detail
-
init
void init() throws Throwable
Creates and initializes the claims object this class manages.- Throws:
Throwable
-
refresh
void refresh() throws ThrowableIf the claims need to be updated (e.g. for a refresh and the timestamps need adjusting) this method needs to be called. It's contract is to reget all of the claims.- Throws:
Throwable
-
addRequestState
void addRequestState(edu.uiuc.ncsa.security.util.scripting.ScriptRunRequest req) throws ThrowableMarshall any resources this script needs to make a request. I.e., add specific state (if needed) from this handler to theScriptRunRequest.- Throws:
Throwable
-
handleResponse
void handleResponse(edu.uiuc.ncsa.security.util.scripting.ScriptRunResponse resp) throws ThrowableThis takes the response from a script and unmarshalls the resources- Parameters:
resp-- Throws:
Throwable
-
checkClaims
void checkClaims() throws ThrowableCalled after the runner has gotten the claims so that this class can check integrity. For instance, an OIDC server would need to see that the subject is set properly. SciTokens needs to check that its scopes (aka resource permissions) were set- Throws:
Throwable
-
getSources
List<ClaimSource> getSources() throws Throwable
These are the sources that the runner will use to populate the claims- Returns:
- Throws:
Throwable
-
execute
net.sf.json.JSONObject execute(ClaimSource source, net.sf.json.JSONObject claims) throws Throwable
Runs this specific claim source against the internal state of this class. Note that the contract is that it returns the updated claims and if there are no new claims, it should just return its claims argument.- Parameters:
claims-- Returns:
- Throws:
Throwable
-
finish
void finish(String execPhase) throws Throwable
Called at the very end of all processing, this lets the handler, clean up or whatever it needs to do. It is called beforesaveState(String)()}.- Parameters:
execPhase- - the current execution phase.- Throws:
Throwable
-
saveState
void saveState(String execPhase) throws Throwable
Called at the end of each block, this lets the handler save its state. Note that for OA4MP, the state is saved in the transaction which is saved once after the handlers run. Only put actual save code in here if needed, since it is apt to get called a lot.- Throws:
Throwable
-
getExtendedAttributes
net.sf.json.JSONObject getExtendedAttributes() throws ThrowableGet the claims (the actual payload).- Returns:
- Throws:
Throwable
-
setAccountingInformation
void setAccountingInformation()
This sets the accounting information (such as the expiration and such) for a token. This is called when a token is created or refreshed.
-
refreshAccountingInformation
void refreshAccountingInformation()
This is used on refresh only. It will reset all the standard accounting information (such as timestamps) for an existing claims object.Usage
Create an instance of the handler with the constructor for any state, then invoke this method.
-
getPhCfg
PayloadHandlerConfig getPhCfg()
-
setPhCfg
void setPhCfg(PayloadHandlerConfig phCfg)
-
hasScript
boolean hasScript()
-
setResponseCode
void setResponseCode(int responseCode)
-
getResponseCode
int getResponseCode()
-
getPayload
net.sf.json.JSONObject getPayload()
The payload for this is the actual token created (payload is the middle of a JWT, e.g.)- Returns:
-
setPayload
void setPayload(net.sf.json.JSONObject payload)
-
getSignedPayload
TokenImpl getSignedPayload(edu.uiuc.ncsa.security.util.jwk.JSONWebKey key)
-
-