Package org.gcube.common.keycloak

Class DefaultKeycloakClientLegacyIS

  • All Implemented Interfaces:
    org.gcube.common.keycloak.KeycloakClient, KeycloakClientLegacyIS
    public class DefaultKeycloakClientLegacyIS
extends org.gcube.common.keycloak.DefaultKeycloakClient
implements KeycloakClientLegacyIS

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected static org.slf4j.Logger logger  

      • Fields inherited from class org.gcube.common.keycloak.DefaultKeycloakClient

        AUTHORIZATION_HEADER, BASE_URL, D4S_CONTEXT_HEADER_NAME

      • Fields inherited from interface org.gcube.common.keycloak.KeycloakClient

        DEFAULT_REALM, OPEN_ID_URI_PATH, PROD_ROOT_SCOPE, TOKEN_INTROSPECT_URI_PATH, TOKEN_URI_PATH

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      URL computeIntrospectionEndpointURL()
      Compute the keycloak introspection endpoint URL starting from the discovered token endpoint it in the current scope provided by ScopeProvider.
      URL findTokenEndpointURL()
      Finds the keycloak token endpoint URL discovering it in the current scope provided by ScopeProvider
      org.gcube.common.keycloak.model.TokenIntrospectionResponse introspectAccessToken​(String clientId, String clientSecret, String accessTokenJWTString)
      Introspects an access token against the Keycloak server discovered in the current scope.
      boolean isAccessTokenVerified​(String clientId, String clientSecret, String accessTokenJWTString)
      Verifies an access token against the Keycloak server discovered in the current scope.
      org.gcube.common.keycloak.model.TokenResponse queryOIDCToken​(String clientId, String clientSecret)
      Queries an OIDC token from the Keycloak server discovered in the current scope, by using provided clientId and client secret.
      org.gcube.common.keycloak.model.TokenResponse queryUMAToken​(String clientId, String clientSecret, String audience, List<String> permissions)
      Queries an UMA token from the Keycloak server discovered in the current scope, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
      org.gcube.common.keycloak.model.TokenResponse queryUMAToken​(String clientId, String clientSecret, List<String> permissions)
      Queries an UMA token from the Keycloak server discovered in the current scope, by using provided clientId and client secret for the current scope as audience (context), in URLEncoded form or not, and optionally a list of permissions.
      org.gcube.common.keycloak.model.TokenResponse queryUMAToken​(org.gcube.common.keycloak.model.TokenResponse oidcTokenResponse, String audience, List<String> permissions)
      Queries an UMA token from the Keycloak server discovered in the current scope, by using access-token provided by the TokenResponse object for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
      org.gcube.common.keycloak.model.TokenResponse refreshToken​(String refreshTokenJWTString)
      Refreshes a previously issued token from the Keycloak server discovered in the current scope using the the refresh token JWT encoded string obtained with the access token in the previous token response.
      org.gcube.common.keycloak.model.TokenResponse refreshToken​(String clientId, String refreshTokenJWTString)
      Refreshes a previously issued token from the Keycloak server discovered in the current scope using the provided client id and the refresh token JWT encoded string obtained with the access token in the previous token response.
      org.gcube.common.keycloak.model.TokenResponse refreshToken​(String clientId, String clientSecret, String refreshTokenJWTString)
      Refreshes a previously issued token from the Keycloak server discovered in the current scope using the provided client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.
      org.gcube.common.keycloak.model.TokenResponse refreshToken​(String clientId, String clientSecret, org.gcube.common.keycloak.model.TokenResponse tokenResponse)
      Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object and the provided client id and secret.
      org.gcube.common.keycloak.model.TokenResponse refreshToken​(String clientId, org.gcube.common.keycloak.model.TokenResponse tokenResponse)
      Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object and the provided client id.
      org.gcube.common.keycloak.model.TokenResponse refreshToken​(org.gcube.common.keycloak.model.TokenResponse tokenResponse)
      Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object.

      • Methods inherited from class org.gcube.common.keycloak.DefaultKeycloakClient

        computeIntrospectionEndpointURL, constructBasicAuthenticationHeader, constructBeareAuthenticationHeader, getIntrospectionEndpointURL, getRealmBaseURL, getRealmBaseURL, getTokenEndpointURL, introspectAccessToken, introspectAccessToken, isAccessTokenVerified, isAccessTokenVerified, performRequest, queryOIDCToken, queryOIDCToken, queryOIDCToken, queryOIDCTokenOfUser, queryOIDCTokenOfUserWithContext, queryOIDCTokenOfUserWithContext, queryOIDCTokenOfUserWithContext, queryOIDCTokenOfUserWithContext, queryOIDCTokenWithContext, queryOIDCTokenWithContext, queryOIDCTokenWithContext, queryOIDCTokenWithContext, queryUMAToken, queryUMAToken, queryUMAToken, queryUMAToken, queryUMAToken, refreshToken, refreshToken, refreshToken, refreshToken, refreshToken, safeSetAsExternalCallForOldAPI

      • Methods inherited from interface org.gcube.common.keycloak.KeycloakClient

        computeIntrospectionEndpointURL, getIntrospectionEndpointURL, getRealmBaseURL, getRealmBaseURL, getTokenEndpointURL, introspectAccessToken, introspectAccessToken, isAccessTokenVerified, isAccessTokenVerified, queryOIDCToken, queryOIDCToken, queryOIDCToken, queryOIDCTokenOfUser, queryOIDCTokenOfUserWithContext, queryOIDCTokenOfUserWithContext, queryOIDCTokenOfUserWithContext, queryOIDCTokenOfUserWithContext, queryOIDCTokenWithContext, queryOIDCTokenWithContext, queryOIDCTokenWithContext, queryOIDCTokenWithContext, queryUMAToken, queryUMAToken, queryUMAToken, queryUMAToken, queryUMAToken, refreshToken, refreshToken, refreshToken, refreshToken, refreshToken

    • Field Detail

      • logger

        protected static org.slf4j.Logger logger

    • Constructor Detail

      • DefaultKeycloakClientLegacyIS

        public DefaultKeycloakClientLegacyIS()

    • Method Detail

      • findTokenEndpointURL

        public URL findTokenEndpointURL()
                         throws org.gcube.common.keycloak.KeycloakClientException
        Description copied from interface: KeycloakClientLegacyIS
        Finds the keycloak token endpoint URL discovering it in the current scope provided by ScopeProvider
        Specified by:
        findTokenEndpointURL in interface KeycloakClientLegacyIS
        Returns:
        the keycloak token endpoint URL in the current scope
        Throws:
        org.gcube.common.keycloak.KeycloakClientException - if something goes wrong discovering the endpoint URL

      • computeIntrospectionEndpointURL

        public URL computeIntrospectionEndpointURL()
                                    throws org.gcube.common.keycloak.KeycloakClientException
        Description copied from interface: KeycloakClientLegacyIS
        Compute the keycloak introspection endpoint URL starting from the discovered token endpoint it in the current scope provided by ScopeProvider.
        Specified by:
        computeIntrospectionEndpointURL in interface KeycloakClientLegacyIS
        Returns:
        the keycloak introspection endpoint URL in the current scope
        Throws:
        org.gcube.common.keycloak.KeycloakClientException - if something goes wrong discovering the endpoint URL

      • queryOIDCToken

        public org.gcube.common.keycloak.model.TokenResponse queryOIDCToken​(String clientId,
                                                                    String clientSecret)
                                                             throws org.gcube.common.keycloak.KeycloakClientException
        Description copied from interface: KeycloakClientLegacyIS
        Queries an OIDC token from the Keycloak server discovered in the current scope, by using provided clientId and client secret.
        Specified by:
        queryOIDCToken in interface org.gcube.common.keycloak.KeycloakClient
        Specified by:
        queryOIDCToken in interface KeycloakClientLegacyIS
        Overrides:
        queryOIDCToken in class org.gcube.common.keycloak.DefaultKeycloakClient
        Parameters:
        clientId - the client id
        clientSecret - the client secret
        Returns:
        the issued token as TokenResponse object
        Throws:
        org.gcube.common.keycloak.KeycloakClientException - if something goes wrong performing the query

      • queryUMAToken

        public org.gcube.common.keycloak.model.TokenResponse queryUMAToken​(String clientId,
                                                                   String clientSecret,
                                                                   List<String> permissions)
                                                            throws org.gcube.common.keycloak.KeycloakClientException
        Description copied from interface: KeycloakClientLegacyIS
        Queries an UMA token from the Keycloak server discovered in the current scope, by using provided clientId and client secret for the current scope as audience (context), in URLEncoded form or not, and optionally a list of permissions.
        Specified by:
        queryUMAToken in interface KeycloakClientLegacyIS
        Parameters:
        clientId - the client id
        clientSecret - the client secret
        permissions - a list of permissions, can be null
        Returns:
        the issued token as TokenResponse object
        Throws:
        org.gcube.common.keycloak.KeycloakClientException - if something goes wrong performing the query

      • queryUMAToken

        public org.gcube.common.keycloak.model.TokenResponse queryUMAToken​(org.gcube.common.keycloak.model.TokenResponse oidcTokenResponse,
                                                                   String audience,
                                                                   List<String> permissions)
                                                            throws org.gcube.common.keycloak.KeycloakClientException
        Description copied from interface: KeycloakClientLegacyIS
        Queries an UMA token from the Keycloak server discovered in the current scope, by using access-token provided by the TokenResponse object for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
        Specified by:
        queryUMAToken in interface KeycloakClientLegacyIS
        audience - the audience (context) where to request the issuing of the ticket
        permissions - a list of permissions, can be null
        Returns:
        the issued token as TokenResponse object
        Throws:
        org.gcube.common.keycloak.KeycloakClientException - if something goes wrong performing the query

      • queryUMAToken

        public org.gcube.common.keycloak.model.TokenResponse queryUMAToken​(String clientId,
                                                                   String clientSecret,
                                                                   String audience,
                                                                   List<String> permissions)
                                                            throws org.gcube.common.keycloak.KeycloakClientException
        Description copied from interface: KeycloakClientLegacyIS
        Queries an UMA token from the Keycloak server discovered in the current scope, by using provided clientId and client secret for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
        Specified by:
        queryUMAToken in interface org.gcube.common.keycloak.KeycloakClient
        Specified by:
        queryUMAToken in interface KeycloakClientLegacyIS
        Overrides:
        queryUMAToken in class org.gcube.common.keycloak.DefaultKeycloakClient
        Parameters:
        clientId - the client id
        clientSecret - the client secret
        audience - the audience (context) where to request the issuing of the ticket
        permissions - a list of permissions, can be null
        Returns:
        the issued token as TokenResponse object
        Throws:
        org.gcube.common.keycloak.KeycloakClientException - if something goes wrong performing the query

      • refreshToken

        public org.gcube.common.keycloak.model.TokenResponse refreshToken​(org.gcube.common.keycloak.model.TokenResponse tokenResponse)
                                                           throws org.gcube.common.keycloak.KeycloakClientException
        Description copied from interface: KeycloakClientLegacyIS
        Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object. Client id will be read from "issued for" access token's claim and client secret will be not sent.
        NOTE: For public clients types only.
        Specified by:
        refreshToken in interface KeycloakClientLegacyIS
        Parameters:
        tokenResponse - the previously issued token as TokenResponse object
        Returns:
        the refreshed token as TokenResponse object
        Throws:
        org.gcube.common.keycloak.KeycloakClientException - if something goes wrong performing the refresh query

      • refreshToken

        public org.gcube.common.keycloak.model.TokenResponse refreshToken​(String clientId,
                                                                  org.gcube.common.keycloak.model.TokenResponse tokenResponse)
                                                           throws org.gcube.common.keycloak.KeycloakClientException
        Description copied from interface: KeycloakClientLegacyIS
        Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object and the provided client id. Client secret will be not sent.
        NOTE: For public clients types only.
        Specified by:
        refreshToken in interface org.gcube.common.keycloak.KeycloakClient
        Specified by:
        refreshToken in interface KeycloakClientLegacyIS
        Overrides:
        refreshToken in class org.gcube.common.keycloak.DefaultKeycloakClient
        Parameters:
        clientId - the requestor client id, may be null and in this case will be take from the access token "issued for" claim
        tokenResponse - the previously issued token as TokenResponse object
        Returns:
        the refreshed token as TokenResponse object
        Throws:
        org.gcube.common.keycloak.KeycloakClientException - if something goes wrong performing the refresh query

      • refreshToken

        public org.gcube.common.keycloak.model.TokenResponse refreshToken​(String clientId,
                                                                  String clientSecret,
                                                                  org.gcube.common.keycloak.model.TokenResponse tokenResponse)
                                                           throws org.gcube.common.keycloak.KeycloakClientException
        Description copied from interface: KeycloakClientLegacyIS
        Refreshes a previously issued token from the Keycloak server discovered in the current scope using the refresh token JWT encoded string in the token response object and the provided client id and secret.
        Specified by:
        refreshToken in interface KeycloakClientLegacyIS
        Parameters:
        clientId - the requestor client id, may be null and in this case will be take from the access token "issued for" claim
        clientSecret - the requestor client secret, may be null for non-confidential clients
        tokenResponse - the previously issued token as TokenResponse object
        Returns:
        the refreshed token as TokenResponse object
        Throws:
        org.gcube.common.keycloak.KeycloakClientException - if something goes wrong performing the refresh query

      • refreshToken

        public org.gcube.common.keycloak.model.TokenResponse refreshToken​(String refreshTokenJWTString)
                                                           throws org.gcube.common.keycloak.KeycloakClientException
        Description copied from interface: KeycloakClientLegacyIS
        Refreshes a previously issued token from the Keycloak server discovered in the current scope using the the refresh token JWT encoded string obtained with the access token in the previous token response. Client id will be read from "issued for" refresh token's claim and client secret will be not sent.
        NOTE: For public clients types only.
        Specified by:
        refreshToken in interface KeycloakClientLegacyIS
        Parameters:
        refreshTokenJWTString - the previously issued refresh token JWT string taken from the same token response of the access token parameter
        Returns:
        the refreshed token as TokenResponse object
        Throws:
        org.gcube.common.keycloak.KeycloakClientException - if something goes wrong performing the refresh query

      • refreshToken

        public org.gcube.common.keycloak.model.TokenResponse refreshToken​(String clientId,
                                                                  String refreshTokenJWTString)
                                                           throws org.gcube.common.keycloak.KeycloakClientException
        Description copied from interface: KeycloakClientLegacyIS
        Refreshes a previously issued token from the Keycloak server discovered in the current scope using the provided client id and the refresh token JWT encoded string obtained with the access token in the previous token response. Client secret will be not used.
        NOTE: For public clients types only.
        Specified by:
        refreshToken in interface KeycloakClientLegacyIS
        Parameters:
        clientId - the requestor client id
        refreshTokenJWTString - the previously issued refresh token JWT string taken from the same token response of the access token parameter
        Returns:
        the refreshed token as TokenResponse object
        Throws:
        org.gcube.common.keycloak.KeycloakClientException - if something goes wrong performing the refresh query

      • refreshToken

        public org.gcube.common.keycloak.model.TokenResponse refreshToken​(String clientId,
                                                                  String clientSecret,
                                                                  String refreshTokenJWTString)
                                                           throws org.gcube.common.keycloak.KeycloakClientException
        Description copied from interface: KeycloakClientLegacyIS
        Refreshes a previously issued token from the Keycloak server discovered in the current scope using the provided client id and secret and the refresh token JWT encoded string obtained with the access token in the previous token response.
        Specified by:
        refreshToken in interface KeycloakClientLegacyIS
        Parameters:
        clientId - the requestor client id
        clientSecret - the requestor client secret, may be null for non-confidential clients
        refreshTokenJWTString - the previously issued refresh token JWT string taken from the same token response of the access token parameter
        Returns:
        the refreshed token as TokenResponse object
        Throws:
        org.gcube.common.keycloak.KeycloakClientException - if something goes wrong performing the refresh query

      • introspectAccessToken

        public org.gcube.common.keycloak.model.TokenIntrospectionResponse introspectAccessToken​(String clientId,
                                                                                        String clientSecret,
                                                                                        String accessTokenJWTString)
                                                                                 throws org.gcube.common.keycloak.KeycloakClientException
        Description copied from interface: KeycloakClientLegacyIS
        Introspects an access token against the Keycloak server discovered in the current scope.
        Specified by:
        introspectAccessToken in interface KeycloakClientLegacyIS
        Parameters:
        clientId - the requestor client id
        clientSecret - the requestor client secret
        accessTokenJWTString - the access token to verify
        Returns:
        true if the token is valid, false otherwise
        Throws:
        org.gcube.common.keycloak.KeycloakClientException - if something goes wrong performing the verification

      • isAccessTokenVerified

        public boolean isAccessTokenVerified​(String clientId,
                                     String clientSecret,
                                     String accessTokenJWTString)
                              throws org.gcube.common.keycloak.KeycloakClientException
        Description copied from interface: KeycloakClientLegacyIS
        Verifies an access token against the Keycloak server discovered in the current scope.
        Specified by:
        isAccessTokenVerified in interface KeycloakClientLegacyIS
        Parameters:
        clientId - the requestor client id
        clientSecret - the requestor client secret
        accessTokenJWTString - the access token to verify
        Returns:
        a TokenIntrospectionResponse object with the introspection results; in particular, the active field represents the token validity
        Throws:
        org.gcube.common.keycloak.KeycloakClientException - if something goes wrong performing the verification