com.oracle.bmc.auth.internal

Class AbstractFederationClient

java.lang.Object

com.oracle.bmc.auth.internal.AbstractFederationClient

All Implemented Interfaces:

FederationClient, ProvidesConfigurableRefresh

Direct Known Subclasses:

ResourcePrincipalsFederationClient

public abstract class AbstractFederationClient
extends Object
implements FederationClient, ProvidesConfigurableRefresh

This class gets a security token from the auth service by signing the request with a PKI issued leaf certificate, passing along a temporary public key that is bounded to the the security token, and the leaf certificate.

Field Summary

Fields

Modifier and Type	Field and Description
protected String	federationEndpoint
protected String	resourcePrincipalTokenEndpoint
protected RestClient	restClient
protected static com.google.common.base.Function<javax.ws.rs.core.Response,WithHeaders<X509FederationClient.SecurityToken>>	SECURITY_TOKEN_FN
protected SessionKeySupplier	sessionKeySupplier

Constructor Summary

Constructors

Constructor and Description
AbstractFederationClient(String resourcePrincipalTokenEndpoint, String federationEndpoint, SessionKeySupplier sessionKeySupplier, BasicAuthenticationDetailsProvider basicAuthenticationDetailsProvider, ClientConfigurator clientConfigurator, CircuitBreakerConfiguration circuitBreakerConfiguration) Constructor of AbstractFederationClient.

Method Summary

Modifier and Type	Method and Description
String	getSecurityToken() Gets a security token from the federation endpoint.
protected abstract com.oracle.bmc.auth.internal.SecurityTokenAdapter	getSecurityTokenFromServer() Gets a security token from the federation server
String	getStringClaim(String key) Get a claim embedded in the security token.
protected javax.ws.rs.core.Response	makeCall(javax.ws.rs.client.Invocation.Builder ib, URI requestUri)
protected javax.ws.rs.core.Response	makeCall(javax.ws.rs.client.Invocation.Builder ib, URI requestUri, GetResourcePrincipalSessionTokenRequest request)
protected javax.ws.rs.core.Response	makeCallInner(WrappedInvocationBuilder wrappedIb, Object request)
String	refreshAndGetSecurityToken() Gets a security token from the federation endpoint.
String	refreshAndGetSecurityTokenIfExpiringWithin(Duration time) Gets a security token from the federation endpoint.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SECURITY_TOKEN_FN

protected static final com.google.common.base.Function<javax.ws.rs.core.Response,WithHeaders<X509FederationClient.SecurityToken>> SECURITY_TOKEN_FN

sessionKeySupplier

protected final SessionKeySupplier sessionKeySupplier

resourcePrincipalTokenEndpoint

protected final String resourcePrincipalTokenEndpoint

federationEndpoint

protected final String federationEndpoint

restClient

protected final RestClient restClient

Constructor Detail

AbstractFederationClient

public AbstractFederationClient(String resourcePrincipalTokenEndpoint,
                                String federationEndpoint,
                                SessionKeySupplier sessionKeySupplier,
                                BasicAuthenticationDetailsProvider basicAuthenticationDetailsProvider,
                                ClientConfigurator clientConfigurator,
                                CircuitBreakerConfiguration circuitBreakerConfiguration)

Constructor of AbstractFederationClient.

Parameters:

resourcePrincipalTokenEndpoint - the endpoint that can provide the resource principal token.

federationEndpoint - the endpoint that can provide the resource principal session token.

sessionKeySupplier - the session key supplier.

basicAuthenticationDetailsProvider - the instance principals authentication details provider.

clientConfigurator - the reset client configurator.

Method Detail

getSecurityToken

public String getSecurityToken()

Gets a security token from the federation endpoint. May use a cached token if it judged to still be valid.

Specified by:

getSecurityToken in interface FederationClient

Returns:

A security token that can be used to authenticate requests.

refreshAndGetSecurityToken

public String refreshAndGetSecurityToken()

Gets a security token from the federation endpoint. This will always retrieve a new token from the federation endpoint and does not use a cached token.

Specified by:

refreshAndGetSecurityToken in interface FederationClient

Returns:

A security token that can be used to authenticate requests.

refreshAndGetSecurityTokenIfExpiringWithin

public String refreshAndGetSecurityTokenIfExpiringWithin(Duration time)

Gets a security token from the federation endpoint. This will always retrieve a new token from the federation endpoint and does not use a cached token.

Specified by:

refreshAndGetSecurityTokenIfExpiringWithin in interface ProvidesConfigurableRefresh

Returns:

A security token that can be used to authenticate requests.

makeCall

protected javax.ws.rs.core.Response makeCall(javax.ws.rs.client.Invocation.Builder ib,
                                             URI requestUri,
                                             GetResourcePrincipalSessionTokenRequest request)

makeCall

protected javax.ws.rs.core.Response makeCall(javax.ws.rs.client.Invocation.Builder ib,
                                             URI requestUri)

getSecurityTokenFromServer

protected abstract com.oracle.bmc.auth.internal.SecurityTokenAdapter getSecurityTokenFromServer()

Gets a security token from the federation server

Returns:

the security token, which is basically a JWT token string

makeCallInner

protected javax.ws.rs.core.Response makeCallInner(WrappedInvocationBuilder wrappedIb,
                                                  Object request)

getStringClaim

public String getStringClaim(String key)

Get a claim embedded in the security token. May use the cached token if it is judged to still be valid.

Specified by:

getStringClaim in interface FederationClient