Package org.gcube.common.iam

Interface IAMResponse

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      boolean canBeRefreshed()
      Check if the current response can be refreshed
      org.gcube.common.keycloak.model.AccessToken getAccessToken()
      Returns the access token in the response.
      String getAccessTokenString()
      Returns the access token in the response as string.
      String getContactOrganization()
      Returns the client's contact organization from the token
      String getContactPerson()
      Returns the client's contact person from the token
      Set<String> getContextRoles()
      Returns the resource roles for the resource specified in the token context
      Set<String> getGlobalRoles()
      Returns the realm roles in the token
      String getName()
      Returns the client's name from the token
      Set<String> getResourceRoles​(String resource)
      Returns the resource roles for the resource specified in the resource parameter
      Set<String> getRoles()
      Returns all the roles, realm and from all the resources in the token in the same set
      boolean isAccessTokenValid()
      Quick way to check if the access token is valid by checking the digital signature and the token expiration
      boolean isAccessTokenValid​(boolean checkExpiration)
      Quick way to check if the access token is valid by checking the digital signature and the token expiration if the checkExpiration parameter is true
      boolean isExpired()
      Check if the current response is expired
      boolean isRefreshTokenValid()
      Quick way to check if the refresh token present in the current response and it is valid by checking the digital signature and the token expiration
      boolean isRefreshTokenValid​(boolean checkExpiration)
      Quick way to check if the refresh token present in the current response and it is valid by checking the digital signature and the token expiration if the checkExpiration parameter is true
      void refresh()
      Refreshes the current response, new data can be obtained again with accessors.
      void verifyAccessToken()
      Verifies the access token integrity and validity; token digital signature and expiration are reported via specific exceptions.
      void verifyRefreshToken()
      Verifies the refresh token integrity and validity; token digital signature and expiration are reported via specific exceptions.

    • Method Detail

      • getAccessToken

        org.gcube.common.keycloak.model.AccessToken getAccessToken()
                                                    throws D4ScienceIAMClientException
        Returns the access token in the response.
        Returns:
        The access token
        Throws:
        D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

      • getAccessTokenString

        String getAccessTokenString()
        Returns the access token in the response as string.
        Returns:
        The access token as string

      • isExpired

        boolean isExpired()
           throws D4ScienceIAMClientException
        Check if the current response is expired
        Returns:
        true if the response is expired, false otherwise
        Throws:
        D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

      • canBeRefreshed

        boolean canBeRefreshed()
                throws D4ScienceIAMClientException
        Check if the current response can be refreshed
        Returns:
        true if the response can be refreshed, false otherwise
        Throws:
        D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

      • getResourceRoles

        Set<String> getResourceRoles​(String resource)
                      throws D4ScienceIAMClientException
        Returns the resource roles for the resource specified in the resource parameter
        Parameters:
        resource - the resource of which obtain the roles
        Returns:
        the roles for the resource
        Throws:
        D4ScienceIAMClientException - if something goes wrong during the token decoding or JSON parsing

      • isAccessTokenValid

        boolean isAccessTokenValid()
                    throws D4ScienceIAMClientException
        Quick way to check if the access token is valid by checking the digital signature and the token expiration
        Returns:
        true if the access token is valid, false otherwise
        Throws:
        D4ScienceIAMClientException - if something goes wrong during the token validity checks

      • isAccessTokenValid

        boolean isAccessTokenValid​(boolean checkExpiration)
                    throws D4ScienceIAMClientException
        Quick way to check if the access token is valid by checking the digital signature and the token expiration if the checkExpiration parameter is true
        Parameters:
        checkExpiration - checks also if the token is expired
        Returns:
        true if the access token is valid, false otherwise
        Throws:
        D4ScienceIAMClientException - if something goes wrong during the token validity checks

      • verifyAccessToken

        void verifyAccessToken()
                throws org.gcube.io.jsonwebtoken.security.SignatureException,
                       org.gcube.io.jsonwebtoken.ExpiredJwtException,
                       D4ScienceIAMClientException
        Verifies the access token integrity and validity; token digital signature and expiration are reported via specific exceptions.
        Throws:
        org.gcube.io.jsonwebtoken.security.SignatureException - if the token has been tampered and/or signature is invalid
        org.gcube.io.jsonwebtoken.ExpiredJwtException - if the token validity is expired
        D4ScienceIAMClientException - if something else goes wrong during the token verification

      • isRefreshTokenValid

        boolean isRefreshTokenValid()
                     throws D4ScienceIAMClientException
        Quick way to check if the refresh token present in the current response and it is valid by checking the digital signature and the token expiration
        Returns:
        true if the refresh token is valid, false otherwise
        Throws:
        D4ScienceIAMClientException - if something goes wrong during the token validity checks

      • isRefreshTokenValid

        boolean isRefreshTokenValid​(boolean checkExpiration)
                     throws D4ScienceIAMClientException
        Quick way to check if the refresh token present in the current response and it is valid by checking the digital signature and the token expiration if the checkExpiration parameter is true
        Parameters:
        checkExpiration - checks also if the token is expired
        Returns:
        true if the refresh token is valid, false otherwise
        Throws:
        D4ScienceIAMClientException - if something goes wrong during the token validity checks

      • verifyRefreshToken

        void verifyRefreshToken()
                 throws org.gcube.io.jsonwebtoken.security.SignatureException,
                        org.gcube.io.jsonwebtoken.ExpiredJwtException,
                        D4ScienceIAMClientException
        Verifies the refresh token integrity and validity; token digital signature and expiration are reported via specific exceptions.
        Throws:
        org.gcube.io.jsonwebtoken.security.SignatureException - if the token has been tampered and/or signature is invalid
        org.gcube.io.jsonwebtoken.ExpiredJwtException - if the token validity is expired
        D4ScienceIAMClientException - if something else goes wrong during the token verification