Class AbstractAccessTokenHandler
- java.lang.Object
-
- org.oa4mp.server.loader.oauth2.claims.AbstractPayloadHandler
-
- org.oa4mp.server.loader.oauth2.claims.AbstractAccessTokenHandler
-
- All Implemented Interfaces:
Serializable,AccessTokenHandlerInterface,IDTokenHandlerInterface,PayloadHandler,OA2Scopes
- Direct Known Subclasses:
DefaultAccessTokenHandler,RFC9068ATHandler,ScitokenHandler,WLCGTokenHandler
public class AbstractAccessTokenHandler extends AbstractPayloadHandler implements AccessTokenHandlerInterface, IDTokenHandlerInterface
Only create an access token handler if you need some special handling, otherwise the default simple token will be used.Created by Jeff Gaynor
on 7/21/20 at 2:50 PM- See Also:
- Serialized Form
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.oa4mp.delegation.server.OA2Scopes
OA2Scopes.ScopeUtil
-
-
Field Summary
Fields Modifier and Type Field Description static StringAT_BASIC_HANDLER_TYPEstatic StringAT_DEFAULT_HANDLER_TYPE-
Fields inherited from class org.oa4mp.server.loader.oauth2.claims.AbstractPayloadHandler
client, oa2se, payload, request, transaction
-
Fields inherited from interface org.oa4mp.delegation.server.OA2Scopes
basicScopes, EDU_PERSON_ORC_ID, nonPublicScopes, SCOPE_ADDRESS, SCOPE_CILOGON_INFO, SCOPE_EMAIL, SCOPE_MYPROXY, SCOPE_OFFLINE_ACCESS, SCOPE_OPENID, SCOPE_PHONE, SCOPE_PROFILE, SCOPE_TOKEN_MANAGER, SCOPE_USER_INFO
-
-
Constructor Summary
Constructors Constructor Description AbstractAccessTokenHandler(PayloadHandlerConfigImpl payloadHandlerConfig)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidaddRequestState(edu.uiuc.ncsa.security.util.scripting.ScriptRunRequest req)Marshall any resources this script needs to make a request.voidcheckClaims()Called after the runner has gotten the claims so that this class can check integrity.voidfinish(boolean doTemplates, boolean isQuery)voidfinish(String execPhase)Called at the very end of all processing, this lets the handler, clean up or whatever it needs to do.AccessTokengetAccessToken()The actual simple access token (usually used as the identifier for the claims-based AT.protected AccessTokenConfiggetATConfig()Convenience to peel off theAccessTokenConfigfrom the handler config and return it.net.sf.json.JSONObjectgetPayload()The underlyingJSONObjectthat contains the claims that go in to this access token.AccessTokenImplgetSignedPayload(edu.uiuc.ncsa.security.util.jwk.JSONWebKey key)AccessTokenImplgetSignedPayload(edu.uiuc.ncsa.security.util.jwk.JSONWebKey key, String headerType)Take the payload of this and sign it with the given key, using the header as needed.List<ClaimSource>getSources()These are the sources that the runner will use to populate the claimsnet.sf.json.JSONObjectgetUserMetaData()generally for this class you will need to inject the user meta data.voidhandleResponse(edu.uiuc.ncsa.security.util.scripting.ScriptRunResponse resp)This takes the response from a script and unmarshalls the resourcesvoidinit()Creates and initializes the claims object this class manages.voidrefreshAccountingInformation()This is used on refresh only.StringresolveTemplates(boolean isQuery)Templates are of the formatvoidsaveState(String execPhase)Called at the end of each block, this lets the handler save its state.voidsetAccessToken(AccessToken accessToken)voidsetAccountingInformation()This sets the accounting information (such as the expiration and such) for a token.voidsetUserMetaData(net.sf.json.JSONObject userMetaData)-
Methods inherited from class org.oa4mp.server.loader.oauth2.claims.AbstractPayloadHandler
doServerVariables, doSubstitution, execute, getExtendedAttributes, getPhCfg, getResponseCode, getTXRecord, hasScript, hasTXRecord, isEmpty, listToString, refresh, setExtendedAttributes, setPayload, setPhCfg, setResponseCode
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.oa4mp.delegation.server.jwt.PayloadHandler
execute, getExtendedAttributes, getPhCfg, getResponseCode, hasScript, refresh, setPayload, setPhCfg, setResponseCode
-
-
-
-
Field Detail
-
AT_DEFAULT_HANDLER_TYPE
public static final String AT_DEFAULT_HANDLER_TYPE
- See Also:
- Constant Field Values
-
AT_BASIC_HANDLER_TYPE
public static final String AT_BASIC_HANDLER_TYPE
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
AbstractAccessTokenHandler
public AbstractAccessTokenHandler(PayloadHandlerConfigImpl payloadHandlerConfig)
-
-
Method Detail
-
getPayload
public net.sf.json.JSONObject getPayload()
The underlyingJSONObjectthat contains the claims that go in to this access token. Note that thegetUserMetaData()call will retrieve the user metadata and is not the same as the access token contents!- Specified by:
getPayloadin interfaceAccessTokenHandlerInterface- Specified by:
getPayloadin interfacePayloadHandler- Returns:
-
getUserMetaData
public net.sf.json.JSONObject getUserMetaData()
generally for this class you will need to inject the user meta data.- Specified by:
getUserMetaDatain interfaceAccessTokenHandlerInterface- Specified by:
getUserMetaDatain interfaceIDTokenHandlerInterface- Returns:
-
setUserMetaData
public void setUserMetaData(net.sf.json.JSONObject userMetaData)
- Specified by:
setUserMetaDatain interfaceIDTokenHandlerInterface
-
init
public void init() throws ThrowableDescription copied from interface:PayloadHandlerCreates and initializes the claims object this class manages.- Specified by:
initin interfacePayloadHandler- Throws:
Throwable
-
addRequestState
public void addRequestState(edu.uiuc.ncsa.security.util.scripting.ScriptRunRequest req) throws ThrowableDescription copied from interface:PayloadHandlerMarshall any resources this script needs to make a request. I.e., add specific state (if needed) from this handler to theScriptRunRequest.- Specified by:
addRequestStatein interfacePayloadHandler- Throws:
Throwable
-
handleResponse
public void handleResponse(edu.uiuc.ncsa.security.util.scripting.ScriptRunResponse resp) throws ThrowableDescription copied from interface:PayloadHandlerThis takes the response from a script and unmarshalls the resources- Specified by:
handleResponsein interfacePayloadHandler- Overrides:
handleResponsein classAbstractPayloadHandler- Throws:
Throwable
-
checkClaims
public void checkClaims() throws ThrowableDescription copied from interface:PayloadHandlerCalled after the runner has gotten the claims so that this class can check integrity. For instance, an OIDC server would need to see that the subject is set properly. SciTokens needs to check that its scopes (aka resource permissions) were set- Specified by:
checkClaimsin interfacePayloadHandler- Throws:
Throwable
-
resolveTemplates
public String resolveTemplates(boolean isQuery)
Templates are of the format[{"aud":audience, [{"op":X0, "path":P0}, {"op":X1, "path":P1},...}] ]
-
getATConfig
protected AccessTokenConfig getATConfig()
Convenience to peel off theAccessTokenConfigfrom the handler config and return it.- Returns:
-
getSources
public List<ClaimSource> getSources() throws Throwable
Description copied from interface:PayloadHandlerThese are the sources that the runner will use to populate the claims- Specified by:
getSourcesin interfacePayloadHandler- Returns:
- Throws:
Throwable
-
finish
public void finish(String execPhase) throws Throwable
Description copied from interface:PayloadHandlerCalled at the very end of all processing, this lets the handler, clean up or whatever it needs to do. It is called beforePayloadHandler.saveState(String)()}.- Specified by:
finishin interfacePayloadHandler- Parameters:
execPhase- - the current execution phase.- Throws:
Throwable
-
getSignedPayload
public AccessTokenImpl getSignedPayload(edu.uiuc.ncsa.security.util.jwk.JSONWebKey key)
- Specified by:
getSignedPayloadin interfacePayloadHandler
-
getSignedPayload
public AccessTokenImpl getSignedPayload(edu.uiuc.ncsa.security.util.jwk.JSONWebKey key, String headerType)
Description copied from interface:PayloadHandlerTake the payload of this and sign it with the given key, using the header as needed.- Specified by:
getSignedPayloadin interfacePayloadHandler- Returns:
-
saveState
public void saveState(String execPhase) throws Throwable
Description copied from interface:PayloadHandlerCalled at the end of each block, this lets the handler save its state. Note that for OA4MP, the state is saved in the transaction which is saved once after the handlers run. Only put actual save code in here if needed, since it is apt to get called a lot.- Specified by:
saveStatein interfacePayloadHandler- Overrides:
saveStatein classAbstractPayloadHandler- Throws:
Throwable
-
setAccountingInformation
public void setAccountingInformation()
Description copied from interface:PayloadHandlerThis sets the accounting information (such as the expiration and such) for a token. This is called when a token is created or refreshed.- Specified by:
setAccountingInformationin interfacePayloadHandler
-
refreshAccountingInformation
public void refreshAccountingInformation()
Description copied from interface:PayloadHandlerThis is used on refresh only. It will reset all the standard accounting information (such as timestamps) for an existing claims object.Usage
Create an instance of the handler with the constructor for any state, then invoke this method.- Specified by:
refreshAccountingInformationin interfacePayloadHandler
-
getAccessToken
public AccessToken getAccessToken()
Description copied from interface:AccessTokenHandlerInterfaceThe actual simple access token (usually used as the identifier for the claims-based AT. To get the signed claims, invokePayloadHandler.getSignedPayload(JSONWebKey, String)(JSONWebKey)}.- Specified by:
getAccessTokenin interfaceAccessTokenHandlerInterface- Returns:
-
setAccessToken
public void setAccessToken(AccessToken accessToken)
- Specified by:
setAccessTokenin interfaceAccessTokenHandlerInterface
-
-