org.gcube.common.keycloak

Class DefaultKeycloakClientLegacyIS

java.lang.Object

org.gcube.common.keycloak.DefaultKeycloakClient

org.gcube.common.keycloak.DefaultKeycloakClientLegacyIS

All Implemented Interfaces:

org.gcube.common.keycloak.KeycloakClient, KeycloakClientLegacyIS

public class DefaultKeycloakClientLegacyIS
extends org.gcube.common.keycloak.DefaultKeycloakClient
implements KeycloakClientLegacyIS

Field Summary

Fields

Modifier and Type	Field and Description
protected static org.slf4j.Logger	logger

Fields inherited from interface org.gcube.common.keycloak.KeycloakClientLegacyIS

CATEGORY, DESCRIPTION, NAME

Fields inherited from interface org.gcube.common.keycloak.KeycloakClient

OPEN_ID_URI_PATH, TOKEN_INTROSPECT_URI_PATH, TOKEN_URI_PATH

Constructor Summary

Constructors

Constructor and Description
DefaultKeycloakClientLegacyIS()

Method Summary

Modifier and Type	Method and Description
URL	computeIntrospectionEndpointURL() Compute the keycloak introspection endpoint URL starting from the discovered token endpoint it in the current scope provided by ScopeProvider.
URL	findTokenEndpointURL() Finds the keycloak token endpoint URL discovering it in the current scope provided by ScopeProvider
URL	findTokenEndpointURL(String audience) Finds the keycloak token endpoint URL discovering it in the passed audience
org.gcube.common.keycloak.model.TokenIntrospectionResponse	introspectAccessToken(String clientId, String clientSecret, String accessTokenJWTString) Introspects an access token against the Keycloak server discovered in the current scope.
boolean	isAccessTokenVerified(String clientId, String clientSecret, String accessTokenJWTString) Verifies an access token against the Keycloak server discovered in the current scope.
org.gcube.common.keycloak.model.TokenResponse	queryOIDCToken(String clientId, String clientSecret) Queries an OIDC token from the Keycloak server discovered in the current scope, by using provided clientId and client secret.
org.gcube.common.keycloak.model.TokenResponse	queryUMAToken(String clientId, String clientSecret, List<String> permissions) Queries an UMA token from the Keycloak server discovered in the current scope, by using provided clientId and client secret for the current scope as audience (context), in URLEncoded form or not, and optionally a list of permissions.
org.gcube.common.keycloak.model.TokenResponse	queryUMAToken(String clientId, String clientSecret, String audience, List<String> permissions) Queries an UMA token from the Keycloak server discovered in the current scope, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
org.gcube.common.keycloak.model.TokenResponse	queryUMAToken(org.gcube.common.keycloak.model.TokenResponse oidcTokenResponse, String audience, List<String> permissions) Queries an UMA token from the Keycloak server discovered in the current scope, by using access-token provided by the TokenResponse object for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
org.gcube.common.keycloak.model.TokenResponse	refreshToken(String refreshTokenJWTString) Refreshes a previously issued token from the Keycloak server discovered in the current scope using the the refresh token JWT encoded string obtained with the access token in the previous token response.
org.gcube.common.keycloak.model.TokenResponse	refreshToken(String clientId, String refreshTokenJWTString) Refreshes a previously issued token from the Keycloak server discovered in the current scope using the provided client id and the refresh token JWT encoded string obtained with the access token in the previous token response.
org.gcube.common.keycloak.model.TokenResponse	refreshToken(String clientId, String clientSecret, String refreshTokenJWTString) Refreshes a previously issued token from the Keycloak server discovered in the current scope using the provided client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.
org.gcube.common.keycloak.model.TokenResponse	refreshToken(String clientId, String clientSecret, org.gcube.common.keycloak.model.TokenResponse tokenResponse) Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object and the provided client id and secret.
org.gcube.common.keycloak.model.TokenResponse	refreshToken(String clientId, org.gcube.common.keycloak.model.TokenResponse tokenResponse) Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object and the provided client id.
org.gcube.common.keycloak.model.TokenResponse	refreshToken(org.gcube.common.keycloak.model.TokenResponse tokenResponse) Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object.

Methods inherited from class org.gcube.common.keycloak.DefaultKeycloakClient

computeIntrospectionEndpointURL, constructBasicAuthenticationHeader, constructBeareAuthenticationHeader, getIntrospectionEndpointURL, getTokenEndpointURL, introspectAccessToken, isAccessTokenVerified, performRequest, queryOIDCToken, queryOIDCToken, queryUMAToken, queryUMAToken, queryUMAToken, refreshToken, refreshToken, refreshToken

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.gcube.common.keycloak.KeycloakClient

computeIntrospectionEndpointURL, getIntrospectionEndpointURL, getTokenEndpointURL, introspectAccessToken, isAccessTokenVerified, queryOIDCToken, queryOIDCToken, queryUMAToken, queryUMAToken, queryUMAToken, refreshToken, refreshToken, refreshToken

Field Detail

logger

protected static org.slf4j.Logger logger

Constructor Detail

DefaultKeycloakClientLegacyIS

public DefaultKeycloakClientLegacyIS()

Method Detail

findTokenEndpointURL

public URL findTokenEndpointURL(String audience)
                         throws org.gcube.common.keycloak.KeycloakClientException

Description copied from interface: KeycloakClientLegacyIS

Finds the keycloak token endpoint URL discovering it in the passed audience

Specified by:

findTokenEndpointURL in interface KeycloakClientLegacyIS

Returns:

the keycloak token endpoint URL in the current scope

Throws:

KeycloakClientException - if something goes wrong discovering the endpoint URL

findTokenEndpointURL

public URL findTokenEndpointURL()
                         throws org.gcube.common.keycloak.KeycloakClientException

Description copied from interface: KeycloakClientLegacyIS

Finds the keycloak token endpoint URL discovering it in the current scope provided by ScopeProvider

Specified by:

findTokenEndpointURL in interface KeycloakClientLegacyIS

Returns:

the keycloak token endpoint URL in the current scope

Throws:

KeycloakClientException - if something goes wrong discovering the endpoint URL

computeIntrospectionEndpointURL

public URL computeIntrospectionEndpointURL()
                                    throws org.gcube.common.keycloak.KeycloakClientException

Description copied from interface: KeycloakClientLegacyIS

Compute the keycloak introspection endpoint URL starting from the discovered token endpoint it in the current scope provided by ScopeProvider.

Specified by:

computeIntrospectionEndpointURL in interface KeycloakClientLegacyIS

Returns:

the keycloak introspection endpoint URL in the current scope

Throws:

KeycloakClientException - if something goes wrong discovering the endpoint URL

queryOIDCToken

public org.gcube.common.keycloak.model.TokenResponse queryOIDCToken(String clientId,
                                                                    String clientSecret)
                                                             throws org.gcube.common.keycloak.KeycloakClientException

Description copied from interface: KeycloakClientLegacyIS

Queries an OIDC token from the Keycloak server discovered in the current scope, by using provided clientId and client secret.

Specified by:

queryOIDCToken in interface KeycloakClientLegacyIS

Parameters:

clientId - the client id

clientSecret - the client secret

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryUMAToken

public org.gcube.common.keycloak.model.TokenResponse queryUMAToken(String clientId,
                                                                   String clientSecret,
                                                                   List<String> permissions)
                                                            throws org.gcube.common.keycloak.KeycloakClientException

Description copied from interface: KeycloakClientLegacyIS

Queries an UMA token from the Keycloak server discovered in the current scope, by using provided clientId and client secret for the current scope as audience (context), in URLEncoded form or not, and optionally a list of permissions.

Specified by:

queryUMAToken in interface KeycloakClientLegacyIS

Parameters:

clientId - the client id

clientSecret - the client secret

permissions - a list of permissions, can be null

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryUMAToken

public org.gcube.common.keycloak.model.TokenResponse queryUMAToken(org.gcube.common.keycloak.model.TokenResponse oidcTokenResponse,
                                                                   String audience,
                                                                   List<String> permissions)
                                                            throws org.gcube.common.keycloak.KeycloakClientException

Description copied from interface: KeycloakClientLegacyIS

Queries an UMA token from the Keycloak server discovered in the current scope, by using access-token provided by the TokenResponse object for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.

Specified by:

queryUMAToken in interface KeycloakClientLegacyIS

audience - the audience (context) where to request the issuing of the ticket

permissions - a list of permissions, can be null

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

queryUMAToken

public org.gcube.common.keycloak.model.TokenResponse queryUMAToken(String clientId,
                                                                   String clientSecret,
                                                                   String audience,
                                                                   List<String> permissions)
                                                            throws org.gcube.common.keycloak.KeycloakClientException

Description copied from interface: KeycloakClientLegacyIS

Queries an UMA token from the Keycloak server discovered in the current scope, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.

Specified by:

queryUMAToken in interface KeycloakClientLegacyIS

Parameters:

clientId - the client id

clientSecret - the client secret

audience - the audience (context) where to request the issuing of the ticket

permissions - a list of permissions, can be null

Returns:

the issued token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the query

refreshToken

public org.gcube.common.keycloak.model.TokenResponse refreshToken(org.gcube.common.keycloak.model.TokenResponse tokenResponse)
                                                           throws org.gcube.common.keycloak.KeycloakClientException

Description copied from interface: KeycloakClientLegacyIS

Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object. Client id will be read from "issued for" access token's claim and client secret will be not sent.
NOTE: For public clients types only.

Specified by:

refreshToken in interface KeycloakClientLegacyIS

Parameters:

tokenResponse - the previously issued token as TokenResponse object

Returns:

the refreshed token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the refresh query

refreshToken

public org.gcube.common.keycloak.model.TokenResponse refreshToken(String clientId,
                                                                  org.gcube.common.keycloak.model.TokenResponse tokenResponse)
                                                           throws org.gcube.common.keycloak.KeycloakClientException

Description copied from interface: KeycloakClientLegacyIS

Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object and the provided client id. Client secret will be not sent.
NOTE: For public clients types only.

Specified by:

refreshToken in interface KeycloakClientLegacyIS

Parameters:

clientId - the requestor client id, may be null and in this case will be take from the access token "issued for" claim

tokenResponse - the previously issued token as TokenResponse object

Returns:

the refreshed token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the refresh query

refreshToken

public org.gcube.common.keycloak.model.TokenResponse refreshToken(String clientId,
                                                                  String clientSecret,
                                                                  org.gcube.common.keycloak.model.TokenResponse tokenResponse)
                                                           throws org.gcube.common.keycloak.KeycloakClientException

Description copied from interface: KeycloakClientLegacyIS

Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object and the provided client id and secret.

Specified by:

refreshToken in interface KeycloakClientLegacyIS

Parameters:

clientId - the requestor client id, may be null and in this case will be take from the access token "issued for" claim

clientSecret - the requestor client secret, may be null for non-confidential clients

tokenResponse - the previously issued token as TokenResponse object

Returns:

the refreshed token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the refresh query

refreshToken

public org.gcube.common.keycloak.model.TokenResponse refreshToken(String refreshTokenJWTString)
                                                           throws org.gcube.common.keycloak.KeycloakClientException

Description copied from interface: KeycloakClientLegacyIS

Refreshes a previously issued token from the Keycloak server discovered in the current scope using the the refresh token JWT encoded string obtained with the access token in the previous token response. Client id will be read from "issued for" refresh token's claim and client secret will be not sent.
NOTE: For public clients types only.

Specified by:

refreshToken in interface KeycloakClientLegacyIS

Parameters:

refreshTokenJWTString - the previously issued refresh token JWT string taken from the same token response of the access token parameter

Returns:

the refreshed token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the refresh query

refreshToken

public org.gcube.common.keycloak.model.TokenResponse refreshToken(String clientId,
                                                                  String refreshTokenJWTString)
                                                           throws org.gcube.common.keycloak.KeycloakClientException

Description copied from interface: KeycloakClientLegacyIS

Refreshes a previously issued token from the Keycloak server discovered in the current scope using the provided client id and the refresh token JWT encoded string obtained with the access token in the previous token response. Client secret will be not used.
NOTE: For public clients types only.

Specified by:

refreshToken in interface KeycloakClientLegacyIS

Parameters:

clientId - the requestor client id

refreshTokenJWTString - the previously issued refresh token JWT string taken from the same token response of the access token parameter

Returns:

the refreshed token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the refresh query

refreshToken

public org.gcube.common.keycloak.model.TokenResponse refreshToken(String clientId,
                                                                  String clientSecret,
                                                                  String refreshTokenJWTString)
                                                           throws org.gcube.common.keycloak.KeycloakClientException

Description copied from interface: KeycloakClientLegacyIS

Refreshes a previously issued token from the Keycloak server discovered in the current scope using the provided client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.

Specified by:

refreshToken in interface KeycloakClientLegacyIS

Parameters:

clientId - the requestor client id

clientSecret - the requestor client secret, may be null for non-confidential clients

refreshTokenJWTString - the previously issued refresh token JWT string taken from the same token response of the access token parameter

Returns:

the refreshed token as TokenResponse object

Throws:

KeycloakClientException - if something goes wrong performing the refresh query

introspectAccessToken

public org.gcube.common.keycloak.model.TokenIntrospectionResponse introspectAccessToken(String clientId,
                                                                                        String clientSecret,
                                                                                        String accessTokenJWTString)
                                                                                 throws org.gcube.common.keycloak.KeycloakClientException

Description copied from interface: KeycloakClientLegacyIS

Introspects an access token against the Keycloak server discovered in the current scope.

Specified by:

introspectAccessToken in interface KeycloakClientLegacyIS

Parameters:

clientId - the requestor client id

clientSecret - the requestor client secret

accessTokenJWTString - the access token to verify

Returns:

true if the token is valid, false otherwise

Throws:

KeycloakClientException - if something goes wrong performing the verification

isAccessTokenVerified

public boolean isAccessTokenVerified(String clientId,
                                     String clientSecret,
                                     String accessTokenJWTString)
                              throws org.gcube.common.keycloak.KeycloakClientException

Description copied from interface: KeycloakClientLegacyIS

Verifies an access token against the Keycloak server discovered in the current scope.

Specified by:

isAccessTokenVerified in interface KeycloakClientLegacyIS

Parameters:

clientId - the requestor client id

clientSecret - the requestor client secret

accessTokenJWTString - the access token to verify

Returns:

a TokenIntrospectionResponse object with the introspection results; in particular, the active field represents the token validity

Throws:

KeycloakClientException - if something goes wrong performing the verification