Package org.gcube.portal.oidc.lr62

Class OIDCWithDynamicScopeTokenUtil

java.lang.Object

org.gcube.portal.oidc.lr62.OIDCWithDynamicScopeTokenUtil

public class OIDCWithDynamicScopeTokenUtil
extends Object

Field Summary

Fields

Modifier and Type	Field	Description
static String	D4S_DYNAMIC_SCOPE_NAME
static String	D4S_DYNAMIC_SCOPE_NAME_TOKEN_CLAIM
static String	DEFAULT_DYNAMIC_SCOPE_SEPARATOR
static String	ROOT_DYNAMIC_SCOPE_FOR_ENABLING

Constructor Summary

Constructors

Constructor	Description
OIDCWithDynamicScopeTokenUtil()

Method Summary

Modifier and Type	Method	Description
static void	checkContextTokenAndProvideInThreadLocal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, com.liferay.portal.model.User user, javax.servlet.http.HttpSession session, String scope)
protected static void	forceLogout(javax.servlet.http.HttpServletResponse response)
static org.gcube.oidc.rest.JWTToken	getContextToken(javax.servlet.http.HttpServletRequest request, com.liferay.portal.model.User user, String scope)
static org.gcube.oidc.rest.JWTToken	getContextToken(javax.servlet.http.HttpServletRequest request, Long userId, String scope)	Used to request a temporary OIDC context token from the OIDC server in a specific context for an user.
static org.gcube.oidc.rest.JWTToken	getContextToken(javax.servlet.http.HttpServletRequest request, String screenName, String scope)	Used to request a temporary OIDC context token from the OIDC server in a specific context for an user.
protected static boolean	isContextInAud(org.gcube.oidc.rest.JWTToken token, String context)
protected static boolean	isRestrictedTo(org.gcube.oidc.rest.JWTToken token, String context)
protected static boolean	isRestrictionChanged(org.gcube.oidc.rest.JWTToken token, String context)
static void	provideClientContextTokenInThreadLocal(String clientId, String clientSecret, URL tokenURL, String infraContext)
static void	provideClientContextTokenInThreadLocal(URL tokenURL, String clientAccessToken, String clientId, String clientSecret, String infraContext)
static void	provideConfiguredPortalClientContextTokenInThreadLocal(String infraContext)
static void	provideTokenInThreadlocal(org.gcube.oidc.rest.JWTToken contextToken)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

D4S_DYNAMIC_SCOPE_NAME

public static final String D4S_DYNAMIC_SCOPE_NAME

See Also:

Constant Field Values

D4S_DYNAMIC_SCOPE_NAME_TOKEN_CLAIM

public static final String D4S_DYNAMIC_SCOPE_NAME_TOKEN_CLAIM

See Also:

Constant Field Values

DEFAULT_DYNAMIC_SCOPE_SEPARATOR

public static final String DEFAULT_DYNAMIC_SCOPE_SEPARATOR

See Also:

Constant Field Values

ROOT_DYNAMIC_SCOPE_FOR_ENABLING

public static final String ROOT_DYNAMIC_SCOPE_FOR_ENABLING

See Also:

Constant Field Values

Constructor Detail

OIDCWithDynamicScopeTokenUtil

public OIDCWithDynamicScopeTokenUtil()

Method Detail

provideConfiguredPortalClientContextTokenInThreadLocal

public static void provideConfiguredPortalClientContextTokenInThreadLocal(String infraContext)

provideClientContextTokenInThreadLocal

public static void provideClientContextTokenInThreadLocal(String clientId,
                                                          String clientSecret,
                                                          URL tokenURL,
                                                          String infraContext)

provideClientContextTokenInThreadLocal

public static void provideClientContextTokenInThreadLocal(URL tokenURL,
                                                          String clientAccessToken,
                                                          String clientId,
                                                          String clientSecret,
                                                          String infraContext)

getContextToken

public static org.gcube.oidc.rest.JWTToken getContextToken(javax.servlet.http.HttpServletRequest request,
                                                           Long userId,
                                                           String scope)
                                                    throws ContextTokenException,
                                                           InvalidTokenException,
                                                           MissingTokenException,
                                                           MissingRefreshTokenException,
                                                           RefreshException,
                                                           NotInContextException,
                                                           RefreshTokenExpiredException

Used to request a temporary OIDC context token from the OIDC server in a specific context for an user. The OIDC access token in the JWTCacheProxy for the user in the current session will be used.

Parameters:

request - the current HTTP request

userId - the user's user id

scope - the scope to issue the token for (e.g. "/gcube")

Returns:

the temporary token in the requested context for the user

Throws:

ContextTokenException - if a generic error related to the OIDC context token issue occurs

InvalidTokenException - if the OIDC access token is become invalid for the user

MissingTokenException - if the OIDC token is missing for the user in the cache proxy

MissingRefreshTokenException - if the refresh token is not present in current OIDC token

RefreshException - if an error occurs refreshing the OIDC token that is expired

NotInContextException - if the user is not authorized to access the requested context

RefreshTokenExpiredException - if the refresh token has been expired (Keycloak session is expired)

getContextToken

public static org.gcube.oidc.rest.JWTToken getContextToken(javax.servlet.http.HttpServletRequest request,
                                                           String screenName,
                                                           String scope)
                                                    throws InvalidTokenException,
                                                           MissingTokenException,
                                                           MissingRefreshTokenException,
                                                           RefreshException,
                                                           NotInContextException,
                                                           ContextTokenException,
                                                           RefreshTokenExpiredException

Used to request a temporary OIDC context token from the OIDC server in a specific context for an user. The OIDC access token in the JWTCacheProxy for the user in the current session will be used.

Parameters:

request - the current HTTP request

screenName - the user's screen name

scope - the scope to issue the token for (e.g. "/gcube")

Returns:

the temporary token in the requested context for the user

Throws:

ContextTokenException - if a generic error related to the OIDC context token issue occurs

MissingTokenException - if the OIDC token is missing for the user in the cache proxy

MissingRefreshTokenException - if the refresh token is not present in current OIDC token

InvalidTokenException - if the OIDC access token is become invalid for the user

RefreshException - if an error occurs refreshing the OIDC token that is expired

NotInContextException - if the user is not authorized to access the requested context

RefreshTokenExpiredException - if the refresh token has been expired (Keycloak session is expired)

getContextToken

public static org.gcube.oidc.rest.JWTToken getContextToken(javax.servlet.http.HttpServletRequest request,
                                                           com.liferay.portal.model.User user,
                                                           String scope)
                                                    throws InvalidTokenException,
                                                           MissingTokenException,
                                                           MissingRefreshTokenException,
                                                           RefreshException,
                                                           NotInContextException,
                                                           ContextTokenException,
                                                           RefreshTokenExpiredException

Throws:

InvalidTokenException

MissingTokenException

MissingRefreshTokenException

RefreshException

NotInContextException

ContextTokenException

RefreshTokenExpiredException

isContextInAud

protected static boolean isContextInAud(org.gcube.oidc.rest.JWTToken token,
                                        String context)

isRestrictedTo

protected static boolean isRestrictedTo(org.gcube.oidc.rest.JWTToken token,
                                        String context)

isRestrictionChanged

protected static boolean isRestrictionChanged(org.gcube.oidc.rest.JWTToken token,
                                              String context)

checkContextTokenAndProvideInThreadLocal

public static void checkContextTokenAndProvideInThreadLocal(javax.servlet.http.HttpServletRequest request,
                                                            javax.servlet.http.HttpServletResponse response,
                                                            com.liferay.portal.model.User user,
                                                            javax.servlet.http.HttpSession session,
                                                            String scope)

provideTokenInThreadlocal

public static void provideTokenInThreadlocal(org.gcube.oidc.rest.JWTToken contextToken)

forceLogout

protected static void forceLogout(javax.servlet.http.HttpServletResponse response)