Package org.oa4mp.server.loader.oauth2

Class OA2SE

    • Field Detail

      • jsonStoreProvider

        protected javax.inject.Provider<edu.uiuc.ncsa.security.util.json.JSONStore> jsonStoreProvider

      • jsonWebKeys

        protected edu.uiuc.ncsa.security.util.jwk.JSONWebKeys jsonWebKeys

      • claimSource

        protected org.oa4mp.delegation.server.server.claims.ClaimSource claimSource

      • storeList

        protected List<edu.uiuc.ncsa.security.core.Store> storeList

    • Constructor Detail

      • OA2SE

        public OA2SE​(edu.uiuc.ncsa.security.core.util.MyLoggingFacade logger,
             javax.inject.Provider<TransactionStore> tsp,
             javax.inject.Provider<TXStore> txStoreProvider,
             javax.inject.Provider<VIStore> voStoreProvider,
             javax.inject.Provider<org.oa4mp.delegation.server.storage.ClientStore> csp,
             int maxAllowedNewClientRequests,
             long agLifetime,
             long maxAGLifetime,
             long idTokenLifetime,
             long maxIDTokenLifetime,
             long maxATLifetime,
             long atLifetime,
             long rtLifetime,
             long maxRTLifetime,
             javax.inject.Provider<org.oa4mp.delegation.server.storage.ClientApprovalStore> casp,
             edu.uiuc.ncsa.security.util.mail.MailUtilProvider mup,
             ServiceEnvironmentImpl.MessagesProvider messagesProvider,
             javax.inject.Provider<org.oa4mp.delegation.server.issuers.AGIssuer> agip,
             javax.inject.Provider<org.oa4mp.delegation.server.issuers.ATIssuer> atip,
             javax.inject.Provider<org.oa4mp.delegation.server.issuers.PAIssuer> paip,
             javax.inject.Provider<TokenForge> tfp,
             HashMap<String,​String> constants,
             AuthorizationServletConfig ac,
             edu.uiuc.ncsa.security.servlet.UsernameTransformer usernameTransformer,
             boolean isPingable,
             javax.inject.Provider<PermissionsStore> psp,
             javax.inject.Provider<AdminClientStore> acs,
             int clientSecretLength,
             Collection<String> scopes,
             org.oa4mp.delegation.server.server.claims.ClaimSource claimSource,
             org.oa4mp.delegation.server.server.config.LDAPConfiguration ldapConfiguration2,
             boolean isRefreshTokenEnabled,
             boolean twoFactorSupportEnabled,
             long maxClientRefreshTokenLifetime,
             edu.uiuc.ncsa.security.util.jwk.JSONWebKeys jsonWebKeys,
             String issuer,
             boolean utilServletEnabled,
             boolean oidcEnabled,
             CMConfigs cmConfigs,
             OA2QDLEnvironment qdlEnvironment,
             boolean rfc8693Enabled,
             boolean qdlStrictACLs,
             boolean safeGC,
             boolean cleanupLockingEnabled,
             boolean cleanupFailOnErrors,
             RFC8628ServletConfig rfc8628ServletConfig,
             boolean rfc8628Enabled,
             boolean printTSInDebug,
             long cleanupInterval,
             Collection<LocalTime> cleanupAlarms,
             String notifyACEventEmailAddresses,
             boolean rfc7636Required,
             boolean demoModeEnabled,
             long rtGracePeriod,
             boolean isMonitorEnabled,
             long monitorInterval,
             Collection<LocalTime> monitorAlarms,
             boolean clientCredentialFlowEnabled,
             edu.uiuc.ncsa.security.core.util.MetaDebugUtil debugger,
             boolean allowPromptNone,
             DIServiceConfig DIServiceConfig)

    • Method Detail

      • isCleanupFailOnErrors

        public boolean isCleanupFailOnErrors()

      • isMonitorEnabled

        public boolean isMonitorEnabled()

      • setMonitorEnabled

        public void setMonitorEnabled​(boolean monitorEnabled)

      • getMonitorInterval

        public long getMonitorInterval()

      • setMonitorInterval

        public void setMonitorInterval​(long monitorInterval)

      • isCleanupLockingEnabled

        public boolean isCleanupLockingEnabled()

      • setCleanupLockingEnabled

        public void setCleanupLockingEnabled​(boolean cleanupLockingEnabled)

      • hasCleanupAlarms

        public boolean hasCleanupAlarms()

      • getDebugger

        public edu.uiuc.ncsa.security.core.util.MetaDebugUtil getDebugger()

      • setDebugger

        public void setDebugger​(edu.uiuc.ncsa.security.core.util.MetaDebugUtil debugger)

      • isDemoModeEnabled

        public boolean isDemoModeEnabled()

      • setDemoModeEnabled

        public void setDemoModeEnabled​(boolean demoModeEnabled)

      • getNotifyACEventEmailAddresses

        public String getNotifyACEventEmailAddresses()

      • getCleanupInterval

        public long getCleanupInterval()

      • hasMonitorAlarams

        public boolean hasMonitorAlarams()

      • hasMonitorInterval

        public boolean hasMonitorInterval()

      • isPrintTSInDebug

        public boolean isPrintTSInDebug()

      • isSafeGC

        public boolean isSafeGC()

      • setSafeGC

        public void setSafeGC​(boolean safeGC)

      • isQdlStrictACLs

        public boolean isQdlStrictACLs()

      • getMaxATLifetime

        public long getMaxATLifetime()

      • getMaxRTLifetime

        public long getMaxRTLifetime()

      • getVIStore

        public VIStore getVIStore()

      • getTxStore

        public TXStore getTxStore()

      • setTxStore

        public void setTxStore​(TXStore txStore)

      • setQDLEnvironment

        public void setQDLEnvironment​(OA2QDLEnvironment qdlEnvironment)

      • getCmConfigs

        public CMConfigs getCmConfigs()

      • getJSONStore

        public edu.uiuc.ncsa.security.util.json.JSONStore<? extends edu.uiuc.ncsa.security.util.json.JSONEntry> getJSONStore()

      • isRfc8693Enabled

        public boolean isRfc8693Enabled()
        Token exchange endpoint
        Returns:

      • setRfc8693Enabled

        public void setRfc8693Enabled​(boolean rfc8693Enabled)

      • isCCFEnabled

        public boolean isCCFEnabled()
        Is the client credential flow enabled for this server?
        Returns:

      • setCCFEnabled

        public void setCCFEnabled​(boolean ccfEnabled)

      • isRfc8628Enabled

        public boolean isRfc8628Enabled()
        Device authorization flow endpoints.
        Returns:

      • setRfc8628Enabled

        public void setRfc8628Enabled​(boolean rfc8628Enabled)

      • isUtilServletEnabled

        public boolean isUtilServletEnabled()

      • setUtilServletEnabled

        public void setUtilServletEnabled​(boolean utilServletEnabled)

      • getIssuer

        public String getIssuer()

      • getJsonWebKeys

        public edu.uiuc.ncsa.security.util.jwk.JSONWebKeys getJsonWebKeys()

      • setJsonWebKeys

        public void setJsonWebKeys​(edu.uiuc.ncsa.security.util.jwk.JSONWebKeys jsonWebKeys)

      • isTwoFactorSupportEnabled

        public boolean isTwoFactorSupportEnabled()

      • getMaxClientRefreshTokenLifetime

        public long getMaxClientRefreshTokenLifetime()

      • getMaxIdTokenLifetime

        public long getMaxIdTokenLifetime()

      • getIdTokenLifetime

        public long getIdTokenLifetime()
        Get the configured default ID token lifetime for the server
        Returns:

      • isRefreshTokenEnabled

        public boolean isRefreshTokenEnabled()

      • setRefreshTokenEnabled

        public void setRefreshTokenEnabled​(boolean refreshTokenEnabled)

      • getClientSecretLength

        public int getClientSecretLength()

      • getScopes

        public Collection<String> getScopes()
        The scopes this server currently supports.
        Returns:

      • getClaimSource

        public org.oa4mp.delegation.server.server.claims.ClaimSource getClaimSource()

      • setClaimSource

        public void setClaimSource​(org.oa4mp.delegation.server.server.claims.ClaimSource claimSource)

      • hasScopeHandler

        public boolean hasScopeHandler()

      • getLdapConfiguration

        public org.oa4mp.delegation.server.server.config.LDAPConfiguration getLdapConfiguration()

      • setLdapConfiguration

        public void setLdapConfiguration​(org.oa4mp.delegation.server.server.config.LDAPConfiguration ldapConfiguration2)

      • isOIDCEnabled

        public boolean isOIDCEnabled()
        Returns true if this server has OIDC support enabled.
        Returns:

      • getAccessTokenLifetime

        public long getAccessTokenLifetime()
        Get the configured default access token lifetime for the server
        Returns:

      • setAccessTokenLifetime

        public void setAccessTokenLifetime​(long accessTokenLifetime)

      • setRefreshTokenLifetime

        public void setRefreshTokenLifetime​(long refreshTokenLifetime)

      • getRefreshTokenLifetime

        public long getRefreshTokenLifetime()
        Get the configured default refresh token lifetime for the server
        Returns:

      • getMaxAuthorizationGrantLifetime

        public long getMaxAuthorizationGrantLifetime()

      • getAuthorizationGrantLifetime

        public long getAuthorizationGrantLifetime()

      • setAuthorizationGrantLifetime

        public void setAuthorizationGrantLifetime​(long authorizationGrantLifetime)

      • getVI

        public VirtualIssuer getVI​(edu.uiuc.ncsa.security.core.Identifier clientID)
        Given the client id, look up the admin and determine what (if any) the VI is. The returned value may be null,, meaning there is no VI. If the VI is disabled, it will not be returned either.

        This has its own call here because it involves multiple store lookups. It cannot be done as a join in SQL or some such because there are no guarantees the stores are all SQL -- some may be file stores or even in another unrelated database.
        Parameters:
        clientID -
        Returns:

      • isRfc7636Required

        public boolean isRfc7636Required()

      • setRfc7636Required

        public void setRfc7636Required​(boolean rfc7636Required)

      • getRtGracePeriod

        public long getRtGracePeriod()

      • setRtGracePeriod

        public void setRtGracePeriod​(long rtGracePeriod)

      • isRTGracePeriodEnabled

        public boolean isRTGracePeriodEnabled()

      • isUseProxyForCerts

        public boolean isUseProxyForCerts()

      • setUseProxyForCerts

        public void setUseProxyForCerts​(boolean useProxyForCerts)

      • getAllStores

        public List<edu.uiuc.ncsa.security.core.Store> getAllStores()
        A list of all stores. This is used in bootstrapping the system and initializing it.
        Returns:

      • isAllowPromptNone

        public boolean isAllowPromptNone()
        Allow prompt = none parameter in OIDC clients. https://github.com/ncsa/oa4mp/issues/236. This should be configurable.
        Returns:

      • setAllowPromptNone

        public void setAllowPromptNone​(boolean allowPromptNone)