com.sap.xsa.security.container

Interface XSUserInfo

public interface XSUserInfo

API for OAuth resource servers to extract authentication and authorization information from the OAuth token. deprecated with version 2.4.0 in favor of the new SAP Java Client library.

Method Summary

Modifier and Type	Method and Description
boolean	checkLocalScope(String scope) Deprecated. can be replaced with xsuaaToken.hasLocalScope(scope) from the com.sap.cloud.security.token package.
boolean	checkScope(String scope) Deprecated. can be replaced with xsuaaToken.hasScope(scope) from the com.sap.cloud.security.token package.
String	getAdditionalAuthAttribute(String attributeName) Return additional authentication attributes included by the OAuth client component.
String	getAppToken() Deprecated. Can be replaced with token.getAccessToken() from the com.sap.cloud.security.token package.
String[]	getAttribute(String attributeName) Return user attributes.
String	getClientId() Deprecated. Can be replaced with token.getClaimAsString(TokenClaims.XSUAA.CLIENT_ID) from the com.sap.cloud.security.token package.
String	getCloneServiceInstanceId() In case of xsuaa broker plan tokens, it contains the service instance id Still Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package.
String	getDBToken() Deprecated. use getHdbToken() instead.
String	getEmail() Deprecated. Can be replaced with token.getClaimAsString(TokenClaims.EMAIL) from the com.sap.cloud.security.token package.
String	getFamilyName() Deprecated. Can be replaced with token.getClaimAsString(TokenClaims.FAMILY_NAME) from the com.sap.cloud.security.token package. Only if it is not an external attribute.
String	getGivenName() Deprecated. Can be replaced with token.getClaimAsString(TokenClaims.GIVEN_NAME) from the com.sap.cloud.security.token package. Only if it is not an external attribute.
String	getGrantType() Deprecated. can be replaced with token.getGrantType() from the com.sap.cloud.security.token package. This will give you a GrantType enum entry on which you can call toString to obtain the grant type as string, e.g. "client_credentials".
String	getHdbToken() Still Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package.
String	getIdentityZone() Deprecated. Have to be replaced with getZoneId() or getSubaccountId().
String	getJsonValue(String attribute) Deprecated. Can be replaced with token.getClaimAsString(attribute) from the com.sap.cloud.security.token package.
String	getLogonName() Deprecated. Can be replaced with token.getClaimAsString(TokenClaims.USER_NAME) from the com.sap.cloud.security.token package or with token.getPrincipal().
String	getOrigin() Deprecated. Can be replaced with token.getClaimAsString(TokenClaims.XSUAA.ORIGIN) from the com.sap.cloud.security.token package.
String	getSubaccountId() Return subaccount identifier.
String	getSubdomain() Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package.
String[]	getSystemAttribute(String attributeName) Still Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package.
String	getToken(String namespace, String name) Deprecated. use getHdbToken() instead.
String	getZoneId() Deprecated. Can be replaced with token.getZoneId() from the com.sap.cloud.security.token package.
boolean	hasAttributes() Check if the authentication token contains user attributes.
boolean	isInForeignMode() Check if a token issued for another OAuth client has been forwarded to a different client,
String	requestToken(XSTokenRequest tokenRequest) Deprecated. can be replaced with token flows from the token-client library. Does not support mtls-based communication to XSUAA identity provider and will be removed with version 3.0.0.
String	requestTokenForClient(String clientId, String clientSecret, String uaaUrl) Deprecated. can be replaced with token flows from the token-client library. Does not support mtls-based communication to XSUAA identity provider and will be removed with version 3.0.0.
String	requestTokenForUser(String clientId, String clientSecret, String uaaUrl) Deprecated. can be replaced with token flows from the token-client library. Does not support mtls-based communication to XSUAA identity provider and will be removed with version 3.0.0.

Method Detail

getLogonName

String getLogonName()
             throws XSUserInfoException

Deprecated. Can be replaced with token.getClaimAsString(TokenClaims.USER_NAME) from the com.sap.cloud.security.token package or with token.getPrincipal().

User name used for authentication, e.g. an email address or other identifier. A user might exist in multiple identity providers. The following information is required to to uniquely identify a user: - - - username: name of the user in an identity provider - origin: alias to an identity provider - subaccount id: identifier for the subaccount

Returns:

user name

Throws:

XSUserInfoException - if attribute is not available in the authentication token

getGivenName

String getGivenName()
             throws XSUserInfoException

Deprecated. Can be replaced with token.getClaimAsString(TokenClaims.GIVEN_NAME) from the com.sap.cloud.security.token package. Only if it is not an external attribute.

Given name of the user.

Returns:

given name

Throws:

XSUserInfoException - if attribute is not available in the authentication token

getFamilyName

String getFamilyName()
              throws XSUserInfoException

Deprecated. Can be replaced with token.getClaimAsString(TokenClaims.FAMILY_NAME) from the com.sap.cloud.security.token package. Only if it is not an external attribute.

Familiy name of the user.

Returns:

family name

Throws:

XSUserInfoException - if attribute is not available in the authentication token

getOrigin

String getOrigin()
          throws XSUserInfoException

Deprecated. Can be replaced with token.getClaimAsString(TokenClaims.XSUAA.ORIGIN) from the com.sap.cloud.security.token package.

Return the user origin. The origin is an alias that refers to a user store in which the user is persisted. For example, users that are authenticated by the UAA itself with a username/password combination have their origin set to the value uaa.

Returns:

user origin

Throws:

XSUserInfoException - if attribute is not available in the authentication token

getIdentityZone

@Deprecated
String getIdentityZone()
                            throws XSUserInfoException

Deprecated. Have to be replaced with getZoneId() or getSubaccountId().

Return identity zone which is in most cases same like the subaccount identifier.

Returns:

identity zone

Throws:

XSUserInfoException - if attribute is not available in the authentication token

getSubaccountId

String getSubaccountId()
                throws XSUserInfoException

Return subaccount identifier. DO only use this for metering purposes. DO NOT longer use this method to get the unique tenant id! For that use getZoneId().

Returns:

subaccount identifier

Throws:

XSUserInfoException - if attribute is not available in the authentication token

getZoneId

String getZoneId()
          throws XSUserInfoException

Deprecated. Can be replaced with token.getZoneId() from the com.sap.cloud.security.token package.

Return zone identifier which should be used as tenant discriminator (tenant id). For most of the old subaccounts this matches the id returned by getSubaccountId().

Returns:

zone identifier

Throws:

XSUserInfoException - if attribute is not available in the authentication token

getSubdomain

String getSubdomain()
             throws XSUserInfoException

Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package. Also available on tokens of type XsuaaToken from java-security.

Returns:

the subdomain

Throws:

XSUserInfoException - if subdomain is not available in the authentication token

getClientId

String getClientId()
            throws XSUserInfoException

Deprecated. Can be replaced with token.getClaimAsString(TokenClaims.XSUAA.CLIENT_ID) from the com.sap.cloud.security.token package.

Return the client id of the authentication token

Returns:

client id

Throws:

XSUserInfoException - if attribute is not available in the authentication token

getJsonValue

@Deprecated
String getJsonValue(String attribute)
                         throws XSUserInfoException

Deprecated. Can be replaced with token.getClaimAsString(attribute) from the com.sap.cloud.security.token package.

Parameters:

attribute - the name of the JSON property

Returns:

value of attribute

Throws:

XSUserInfoException - if attribute is not available in the authentication token

getEmail

String getEmail()
         throws XSUserInfoException

Deprecated. Can be replaced with token.getClaimAsString(TokenClaims.EMAIL) from the com.sap.cloud.security.token package.

Return the email of the user

Returns:

email

Throws:

XSUserInfoException - if attribute is not available in the authentication token

getDBToken

@Deprecated
String getDBToken()
                       throws XSUserInfoException

Deprecated. use getHdbToken() instead.

Returns:

the hana database token

Throws:

XSUserInfoException - if db token is not available in the authentication token

getHdbToken

String getHdbToken()
            throws XSUserInfoException

Still Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package.

Returns:

the hana database token

Throws:

XSUserInfoException - if db token is not available in the authentication token

getAppToken

String getAppToken()

Deprecated. Can be replaced with token.getAccessToken() from the com.sap.cloud.security.token package.

Return authentication token

Returns:

authentication token

getToken

@Deprecated
String getToken(String namespace,
                            String name)
                     throws XSUserInfoException

Deprecated. use getHdbToken() instead.

Still Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package.

Parameters:

namespace - the namespace

name - the name

Returns:

the token

Throws:

XSUserInfoException - if token is not available in the authentication token

getAttribute

String[] getAttribute(String attributeName)
               throws XSUserInfoException

Return user attributes. Still Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package.

Parameters:

attributeName - name of attribute

Returns:

attribute values array

Throws:

XSUserInfoException - if attribute is not available in the authentication token

hasAttributes

boolean hasAttributes()
               throws XSUserInfoException

Check if the authentication token contains user attributes. Still Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package.

Returns:

true if user attributes are available

Throws:

XSUserInfoException - if attribute is not available in the authentication token

getSystemAttribute

String[] getSystemAttribute(String attributeName)
                     throws XSUserInfoException

Still Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package.

Parameters:

attributeName - the name of the system attribute

Returns:

the system attribute

Throws:

XSUserInfoException - if system attribute is not available in the authentication token

checkScope

boolean checkScope(String scope)
            throws XSUserInfoException

Deprecated. can be replaced with xsuaaToken.hasScope(scope) from the com.sap.cloud.security.token package.

Check if a scope is present in the authentication token

Parameters:

scope - name of fully qualified scope

Returns:

true if scope is available

Throws:

XSUserInfoException - if attribute is not available in the authentication token

checkLocalScope

boolean checkLocalScope(String scope)
                 throws XSUserInfoException

Deprecated. can be replaced with xsuaaToken.hasLocalScope(scope) from the com.sap.cloud.security.token package.

Check if a "local" scope is available in the authentication token according to the ScopeConverter.

Parameters:

scope - name of local scope (the XsuaaScopeConverter omits the xsappid)

Returns:

true if local scope is available

Throws:

XSUserInfoException - if attribute is not available in the authentication token

getAdditionalAuthAttribute

String getAdditionalAuthAttribute(String attributeName)
                           throws XSUserInfoException

Return additional authentication attributes included by the OAuth client component. Note: this is data controlled by the requester of a token. Might be not trustworthy. Still Supported via XSUserInfoAdapter

Parameters:

attributeName - name of the authentication attribute

Returns:

addition authentication attributes

Throws:

XSUserInfoException - if attribute is not available in the authentication token

getCloneServiceInstanceId

String getCloneServiceInstanceId()
                          throws XSUserInfoException

In case of xsuaa broker plan tokens, it contains the service instance id Still Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package.

Returns:

service instance id

Throws:

XSUserInfoException - if attribute is not available in the authentication token

getGrantType

String getGrantType()
             throws XSUserInfoException

Deprecated. can be replaced with token.getGrantType() from the com.sap.cloud.security.token package. This will give you a GrantType enum entry on which you can call toString to obtain the grant type as string, e.g. "client_credentials".

OAuth Grant Type used for this token

Returns:

grant type

Throws:

XSUserInfoException - if attribute is not available in the authentication token

isInForeignMode

boolean isInForeignMode()
                 throws XSUserInfoException

Check if a token issued for another OAuth client has been forwarded to a different client,

Returns:

true if token was forwarded

Throws:

XSUserInfoException - if attribute is not available in the authentication token

requestTokenForClient

@Deprecated
String requestTokenForClient(String clientId,
                                         String clientSecret,
                                         String uaaUrl)
                                  throws XSUserInfoException

Deprecated. can be replaced with token flows from the token-client library. Does not support mtls-based communication to XSUAA identity provider and will be removed with version 3.0.0.

Performs a client credentials token flow.

Parameters:

clientId - client id

clientSecret - client secret

uaaUrl - the uaa url

Returns:

the token

Throws:

XSUserInfoException - if an error occurs during token request

requestTokenForUser

@Deprecated
String requestTokenForUser(String clientId,
                                       String clientSecret,
                                       String uaaUrl)
                                throws XSUserInfoException

Deprecated. can be replaced with token flows from the token-client library. Does not support mtls-based communication to XSUAA identity provider and will be removed with version 3.0.0.

Performs a user token flow.

Parameters:

clientId - client id

clientSecret - client secret

uaaUrl - the uaa url

Returns:

the token

Throws:

XSUserInfoException - if an error occurs during token request

requestToken

@Deprecated
String requestToken(XSTokenRequest tokenRequest)
                         throws XSUserInfoException

Deprecated. can be replaced with token flows from the token-client library. Does not support mtls-based communication to XSUAA identity provider and will be removed with version 3.0.0.

Exchange a token into a token from another service instance

Parameters:

tokenRequest - request data

Returns:

requested token

Throws:

XSUserInfoException - if an error occurs during token exchange