Package de.dlr.proseo.api.odip

Class OAuth2TokenManager

java.lang.Object

de.dlr.proseo.api.odip.OAuth2TokenManager

@Component
public class OAuth2TokenManager
extends Object

Class for managing OAuth2 tokens and to access user information based on OAuth2 tokens

Author:

Dr. Thomas Bassler

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	OAuth2TokenManager.UserInfo	Information about a user including cached password for authentication with prosEO backend services and authorities to determine access rights to order and workflow classes depending on their visibility

Constructor Summary

Constructors

Constructor	Description
OAuth2TokenManager()

Method Summary

Modifier and Type	Method	Description
OAuth2Response	getToken(String grantType, String username, String password, org.springframework.http.HttpHeaders headers, OdipSecurity securityConfig)	Retrieves an OAuth2 token based on the provided grant type, username, password, and headers
(package private) OAuth2TokenManager.UserInfo	getUser(String username)	Gets the user information for the given username
OAuth2TokenManager.UserInfo	getUserInfoFromToken(String token)	Analyze a given OAuth2 token (JSON Web Token format) and return the user information associated with the token

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

OAuth2TokenManager

public OAuth2TokenManager()

Method Details

getUser

OAuth2TokenManager.UserInfo getUser(String username)

Gets the user information for the given username

Parameters:

username - the username (format <mission>\<user>) to check

Returns:

a UserInfo object or null, if no entry for the given username exists

getToken

public OAuth2Response getToken(String grantType,
 String username,
 String password,
 org.springframework.http.HttpHeaders headers,
 OdipSecurity securityConfig)
                        throws IllegalArgumentException,
UnsupportedOperationException,
SecurityException

Retrieves an OAuth2 token based on the provided grant type, username, password, and headers

Parameters:

grantType - type of grant requested (value must be set to "password" for "Resource Owner Password Credentials Grant" flow or to "client_credentials" for "Client Credentials Grant" flow as per RFC 6749; REQUIRED)

username - the ODIP username (as per RFC 6749; REQUIRED for "Resource Owner Password Credentials Grant" flow, must not be set otherwise)

password - the ODIP password (as per RFC 6749; REQUIRED for "Resource Owner Password Credentials Grant" flow, must not be set otherwise)

headers - the HTTP request headers (for extraction of the Authentication header)

Returns:

an OAuth2 token grant response

Throws:

IllegalArgumentException - if the request is missing a required parameter, includes an unsupported parameter value (other than grant type), repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed.

UnsupportedOperationException - if the authorization grant type is not supported by the ODIP service

SecurityException - if the authenticated client is not authorized to use this authorization grant type

getUserInfoFromToken

public OAuth2TokenManager.UserInfo getUserInfoFromToken(String token)
                                                 throws SecurityException

Analyze a given OAuth2 token (JSON Web Token format) and return the user information associated with the token

Parameters:

token - the OAuth2 token to analyze

Returns:

the UserInfo object associated with this token

Throws:

SecurityException - if the token cannot be associated with a user or is expired