Package org.oa4mp.server.loader.oauth2.claims

Class IDTokenHandler

  • All Implemented Interfaces:
    Serializable, org.oa4mp.delegation.server.jwt.IDTokenHandlerInterface, org.oa4mp.delegation.server.jwt.PayloadHandler, org.oa4mp.delegation.server.OA2Scopes
    public class IDTokenHandler
extends AbstractPayloadHandler
implements org.oa4mp.delegation.server.jwt.IDTokenHandlerInterface

    Created by Jeff Gaynor
    on 2/16/20 at 6:51 AM

    See Also:
    Serialized Form

    • Method Detail

      • getPayload

        public net.sf.json.JSONObject getPayload()
        Specified by:
        getPayload in interface org.oa4mp.delegation.server.jwt.PayloadHandler

      • getUserMetaData

        public net.sf.json.JSONObject getUserMetaData()
        Specified by:
        getUserMetaData in interface org.oa4mp.delegation.server.jwt.IDTokenHandlerInterface

      • setUserMetaData

        public void setUserMetaData​(net.sf.json.JSONObject userMetaData)
        Specified by:
        setUserMetaData in interface org.oa4mp.delegation.server.jwt.IDTokenHandlerInterface

      • setIssuer

        protected void setIssuer​(javax.servlet.http.HttpServletRequest request)

      • init

        public void init()
          throws Throwable
        Specified by:
        init in interface org.oa4mp.delegation.server.jwt.PayloadHandler
        Throws:
        Throwable

      • refreshAccountingInformation

        public void refreshAccountingInformation()
        Specified by:
        refreshAccountingInformation in interface org.oa4mp.delegation.server.jwt.PayloadHandler

      • NEWrefreshAccountingInformation

        protected void NEWrefreshAccountingInformation()

      • setAccountingInformation

        public void setAccountingInformation()
        Specified by:
        setAccountingInformation in interface org.oa4mp.delegation.server.jwt.PayloadHandler

      • addRequestState

        public void addRequestState​(edu.uiuc.ncsa.security.util.scripting.ScriptRunRequest req)
                     throws Throwable
        Specified by:
        addRequestState in interface org.oa4mp.delegation.server.jwt.PayloadHandler
        Throws:
        Throwable

      • handleResponse

        public void handleResponse​(edu.uiuc.ncsa.security.util.scripting.ScriptRunResponse resp)
                    throws Throwable
        Specified by:
        handleResponse in interface org.oa4mp.delegation.server.jwt.PayloadHandler
        Overrides:
        handleResponse in class AbstractPayloadHandler
        Throws:
        Throwable

      • checkClaims

        public void checkClaims()
                 throws Throwable
        Specified by:
        checkClaims in interface org.oa4mp.delegation.server.jwt.PayloadHandler
        Throws:
        Throwable

      • getSources

        public List<org.oa4mp.delegation.server.server.claims.ClaimSource> getSources()
                                                                       throws Throwable
        Specified by:
        getSources in interface org.oa4mp.delegation.server.jwt.PayloadHandler
        Throws:
        Throwable

      • finish

        public void finish​(String execPhase)
            throws Throwable
        For CIL-499. It is possible to remove key claims with functors and return unusable claims objects. This method will check that claims that must be present are there or will raise a server-side exception.
        Specified by:
        finish in interface org.oa4mp.delegation.server.jwt.PayloadHandler
        Throws:
        Throwable

      • getScopes

        public Collection<String> getScopes()
        Contract is to return the current scopes. If these are not overridden, return the original scopes, which as still in effect.
        Returns:

      • restrictiveFinish

        protected void restrictiveFinish​(Collection<String> scopes,
                                 String execPhase)
                          throws Throwable
        Restrictive finish = user must explicitly request things and will be limited to them. The model here is that the claim source gets whatever, but the results are filtered to a restricted subset.
        Parameters:
        execPhase -
        Throws:
        Throwable

      • permissiveFinish

        protected void permissiveFinish​(Collection<String> configuredScopes,
                                String execPhase)
                         throws Throwable
        Permissive finish = whittle down certain claims that are not explicit, and pass back everything else. This is needed for scripting where claims may be simply added. If a client is set to strict scopes, adding claims in a script will have them stripped off. CILogon uses this by default since the scopes they get come from SAML assertions
        Parameters:
        execPhase -
        Throws:
        Throwable

      • setCurrentClaim

        protected void setCurrentClaim​(net.sf.json.JSONObject currentClaims,
                               net.sf.json.JSONObject finalClaims,
                               String key)

      • checkRequiredScopes

        protected void checkRequiredScopes​(OA2ServiceTransaction t)
                            throws Throwable
        Use this to check for any requires scopes that the request must have. It is usually best to check these in the transaction since they have been normalized there, but the request is supplied too for completeness.
        Parameters:
        t -
        Throws:
        Throwable

      • checkClaim

        protected void checkClaim​(net.sf.json.JSONObject claims,
                          String claimKey)
        Enforces that the claim exists in the claims argument. This is mostly used for the openid scope. An error is raised if ths claim is missing.
        Parameters:
        claims -
        claimKey -

      • execute

        public net.sf.json.JSONObject execute​(org.oa4mp.delegation.server.server.claims.ClaimSource source,
                                      net.sf.json.JSONObject claims)
                               throws Throwable
        Specified by:
        execute in interface org.oa4mp.delegation.server.jwt.PayloadHandler
        Overrides:
        execute in class AbstractPayloadHandler
        Throws:
        Throwable

      • getSignedPayload

        public IDTokenImpl getSignedPayload​(edu.uiuc.ncsa.security.util.jwk.JSONWebKey key)
        Specified by:
        getSignedPayload in interface org.oa4mp.delegation.server.jwt.PayloadHandler

      • getSignedPayload

        public IDTokenImpl getSignedPayload​(edu.uiuc.ncsa.security.util.jwk.JSONWebKey key,
                                    String headerType)
        Specified by:
        getSignedPayload in interface org.oa4mp.delegation.server.jwt.PayloadHandler