public abstract class AbstractFederationClient extends Object implements FederationClient, ProvidesConfigurableRefresh
This class gets a security token from the auth service by signing the request with a PKI issued leaf certificate, passing along a temporary public key that is bounded to the the security token, and the leaf certificate.
Modifier and Type | Field and Description |
---|---|
protected String |
federationEndpoint |
protected String |
resourcePrincipalTokenEndpoint |
protected RestClient |
restClient |
protected static com.google.common.base.Function<javax.ws.rs.core.Response,WithHeaders<X509FederationClient.SecurityToken>> |
SECURITY_TOKEN_FN |
protected SessionKeySupplier |
sessionKeySupplier |
Constructor and Description |
---|
AbstractFederationClient(String resourcePrincipalTokenEndpoint,
String federationEndpoint,
SessionKeySupplier sessionKeySupplier,
BasicAuthenticationDetailsProvider basicAuthenticationDetailsProvider,
ClientConfigurator clientConfigurator,
CircuitBreakerConfiguration circuitBreakerConfiguration)
Constructor of AbstractFederationClient.
|
Modifier and Type | Method and Description |
---|---|
String |
getSecurityToken()
Gets a security token from the federation endpoint.
|
protected abstract com.oracle.bmc.auth.internal.SecurityTokenAdapter |
getSecurityTokenFromServer()
Gets a security token from the federation server
|
String |
getStringClaim(String key)
Get a claim embedded in the security token.
|
protected javax.ws.rs.core.Response |
makeCall(javax.ws.rs.client.Invocation.Builder ib,
URI requestUri) |
protected javax.ws.rs.core.Response |
makeCall(javax.ws.rs.client.Invocation.Builder ib,
URI requestUri,
GetResourcePrincipalSessionTokenRequest request) |
protected javax.ws.rs.core.Response |
makeCallInner(WrappedInvocationBuilder wrappedIb,
Object request) |
String |
refreshAndGetSecurityToken()
Gets a security token from the federation endpoint.
|
String |
refreshAndGetSecurityTokenIfExpiringWithin(Duration time)
Gets a security token from the federation endpoint.
|
protected static final com.google.common.base.Function<javax.ws.rs.core.Response,WithHeaders<X509FederationClient.SecurityToken>> SECURITY_TOKEN_FN
protected final SessionKeySupplier sessionKeySupplier
protected final String resourcePrincipalTokenEndpoint
protected final String federationEndpoint
protected final RestClient restClient
public AbstractFederationClient(String resourcePrincipalTokenEndpoint, String federationEndpoint, SessionKeySupplier sessionKeySupplier, BasicAuthenticationDetailsProvider basicAuthenticationDetailsProvider, ClientConfigurator clientConfigurator, CircuitBreakerConfiguration circuitBreakerConfiguration)
Constructor of AbstractFederationClient.
resourcePrincipalTokenEndpoint
- the endpoint that can provide the resource principal token.federationEndpoint
- the endpoint that can provide the resource principal session token.sessionKeySupplier
- the session key supplier.basicAuthenticationDetailsProvider
- the instance principals authentication details provider.clientConfigurator
- the reset client configurator.public String getSecurityToken()
Gets a security token from the federation endpoint. May use a cached token if it judged to still be valid.
getSecurityToken
in interface FederationClient
public String refreshAndGetSecurityToken()
Gets a security token from the federation endpoint. This will always retrieve a new token from the federation endpoint and does not use a cached token.
refreshAndGetSecurityToken
in interface FederationClient
public String refreshAndGetSecurityTokenIfExpiringWithin(Duration time)
Gets a security token from the federation endpoint. This will always retrieve a new token from the federation endpoint and does not use a cached token.
refreshAndGetSecurityTokenIfExpiringWithin
in interface ProvidesConfigurableRefresh
protected javax.ws.rs.core.Response makeCall(javax.ws.rs.client.Invocation.Builder ib, URI requestUri, GetResourcePrincipalSessionTokenRequest request)
protected javax.ws.rs.core.Response makeCall(javax.ws.rs.client.Invocation.Builder ib, URI requestUri)
protected abstract com.oracle.bmc.auth.internal.SecurityTokenAdapter getSecurityTokenFromServer()
Gets a security token from the federation server
protected javax.ws.rs.core.Response makeCallInner(WrappedInvocationBuilder wrappedIb, Object request)
public String getStringClaim(String key)
Get a claim embedded in the security token. May use the cached token if it is judged to still be valid.
getStringClaim
in interface FederationClient
Copyright © 2016–2022. All rights reserved.