Package org.oa4mp.delegation.server.jwt

Interface PayloadHandler

  • All Superinterfaces:
    Serializable
    All Known Subinterfaces:
    AccessTokenHandlerInterface, RefreshTokenHandlerInterface
    public interface PayloadHandler
extends Serializable
    This class is charged with creating and managing the payload of a single type of JWT. As we get more types of these (OIDC, SciToken, etc.) each of these has completely separate requirements for creating, management and such. All of that should be encapsulated into a class.

    Created by Jeff Gaynor
    on 2/15/20 at 7:13 AM

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      void addRequestState​(edu.uiuc.ncsa.security.util.scripting.ScriptRunRequest req)
      Marshall any resources this script needs to make a request.
      void checkClaims()
      Called after the runner has gotten the claims so that this class can check integrity.
      net.sf.json.JSONObject execute​(ClaimSource source, net.sf.json.JSONObject claims)
      Runs this specific claim source against the internal state of this class.
      void finish​(String execPhase)
      Called at the very end of all processing, this lets the handler, clean up or whatever it needs to do.
      net.sf.json.JSONObject getExtendedAttributes()
      Get the claims (the actual payload).
      net.sf.json.JSONObject getPayload()
      The payload for this is the actual token created (payload is the middle of a JWT, e.g.)
      PayloadHandlerConfig getPhCfg()  
      int getResponseCode()  
      org.oa4mp.delegation.common.token.impl.TokenImpl getSignedPayload​(edu.uiuc.ncsa.security.util.jwk.JSONWebKey key)  
      org.oa4mp.delegation.common.token.impl.TokenImpl getSignedPayload​(edu.uiuc.ncsa.security.util.jwk.JSONWebKey key, String headerType)
      Take the payload of this and sign it with the given key, using the header as needed.
      List<ClaimSource> getSources()
      These are the sources that the runner will use to populate the claims
      void handleResponse​(edu.uiuc.ncsa.security.util.scripting.ScriptRunResponse resp)
      This takes the response from a script and unmarshalls the resources
      boolean hasScript()  
      void init()
      Creates and initializes the claims object this class manages.
      void refresh()
      If the claims need to be updated (e.g. for a refresh and the timestamps need adjusting) this method needs to be called.
      void refreshAccountingInformation()
      This is used on refresh only.
      void saveState​(String execPhase)
      Called at the end of each block, this lets the handler save its state.
      void setAccountingInformation()
      This sets the accounting information (such as the expiration and such) for a token.
      void setPayload​(net.sf.json.JSONObject payload)  
      void setPhCfg​(PayloadHandlerConfig phCfg)  
      void setResponseCode​(int responseCode)  

    • Method Detail

      • init

        void init()
   throws Throwable
        Creates and initializes the claims object this class manages.
        Throws:
        Throwable

      • refresh

        void refresh()
      throws Throwable
        If the claims need to be updated (e.g. for a refresh and the timestamps need adjusting) this method needs to be called. It's contract is to reget all of the claims.
        Throws:
        Throwable

      • addRequestState

        void addRequestState​(edu.uiuc.ncsa.security.util.scripting.ScriptRunRequest req)
              throws Throwable
        Marshall any resources this script needs to make a request. I.e., add specific state (if needed) from this handler to the ScriptRunRequest.
        Throws:
        Throwable

      • handleResponse

        void handleResponse​(edu.uiuc.ncsa.security.util.scripting.ScriptRunResponse resp)
             throws Throwable
        This takes the response from a script and unmarshalls the resources
        Parameters:
        resp -
        Throws:
        Throwable

      • checkClaims

        void checkClaims()
          throws Throwable
        Called after the runner has gotten the claims so that this class can check integrity. For instance, an OIDC server would need to see that the subject is set properly. SciTokens needs to check that its scopes (aka resource permissions) were set
        Throws:
        Throwable

      • execute

        net.sf.json.JSONObject execute​(ClaimSource source,
                               net.sf.json.JSONObject claims)
                        throws Throwable
        Runs this specific claim source against the internal state of this class. Note that the contract is that it returns the updated claims and if there are no new claims, it should just return its claims argument.
        Parameters:
        claims -
        Returns:
        Throws:
        Throwable

      • finish

        void finish​(String execPhase)
     throws Throwable
        Called at the very end of all processing, this lets the handler, clean up or whatever it needs to do. It is called before saveState(String) ()}.
        Parameters:
        execPhase - - the current execution phase.
        Throws:
        Throwable

      • saveState

        void saveState​(String execPhase)
        throws Throwable
        Called at the end of each block, this lets the handler save its state. Note that for OA4MP, the state is saved in the transaction which is saved once after the handlers run. Only put actual save code in here if needed, since it is apt to get called a lot.
        Throws:
        Throwable

      • getExtendedAttributes

        net.sf.json.JSONObject getExtendedAttributes()
                                      throws Throwable
        Get the claims (the actual payload).
        Returns:
        Throws:
        Throwable

      • setAccountingInformation

        void setAccountingInformation()
        This sets the accounting information (such as the expiration and such) for a token. This is called when a token is created or refreshed.

      • refreshAccountingInformation

        void refreshAccountingInformation()
        This is used on refresh only. It will reset all the standard accounting information (such as timestamps) for an existing claims object.

        Usage

        Create an instance of the handler with the constructor for any state, then invoke this method.

      • hasScript

        boolean hasScript()

      • setResponseCode

        void setResponseCode​(int responseCode)

      • getResponseCode

        int getResponseCode()

      • getPayload

        net.sf.json.JSONObject getPayload()
        The payload for this is the actual token created (payload is the middle of a JWT, e.g.)
        Returns:

      • setPayload

        void setPayload​(net.sf.json.JSONObject payload)

      • getSignedPayload

        org.oa4mp.delegation.common.token.impl.TokenImpl getSignedPayload​(edu.uiuc.ncsa.security.util.jwk.JSONWebKey key)

      • getSignedPayload

        org.oa4mp.delegation.common.token.impl.TokenImpl getSignedPayload​(edu.uiuc.ncsa.security.util.jwk.JSONWebKey key,
                                                                  String headerType)
        Take the payload of this and sign it with the given key, using the header as needed.
        Parameters:
        key -
        headerType -
        Returns: