Package com.sap.xsa.security.container

Interface XSUserInfo

  • public interface XSUserInfo
    API for OAuth resource servers to extract authentication and authorization information from the OAuth token. deprecated with version 2.4.0 in favor of the new SAP Java Client library.

    • Method Summary

      All Methods Instance Methods Abstract Methods Deprecated Methods 
      Modifier and Type Method Description
      boolean checkLocalScope​(String scope)
      Deprecated.
      can be replaced with xsuaaToken.hasLocalScope(scope) from the com.sap.cloud.security.token package.
      boolean checkScope​(String scope)
      Deprecated.
      can be replaced with xsuaaToken.hasScope(scope) from the com.sap.cloud.security.token package.
      String getAdditionalAuthAttribute​(String attributeName)
      Return additional authentication attributes included by the OAuth client component.
      String getAppToken()
      Deprecated.
      Can be replaced with token.getAccessToken() from the com.sap.cloud.security.token package.
      String[] getAttribute​(String attributeName)
      Return user attributes.
      String getClientId()
      Deprecated.
      Can be replaced with token.getClaimAsString(TokenClaims.XSUAA.CLIENT_ID) from the com.sap.cloud.security.token package.
      String getCloneServiceInstanceId()
      In case of xsuaa broker plan tokens, it contains the service instance id Still Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package.
      String getDBToken()
      Deprecated.
      use getHdbToken() instead.
      String getEmail()
      Deprecated.
      Can be replaced with token.getClaimAsString(TokenClaims.EMAIL) from the com.sap.cloud.security.token package.
      String getFamilyName()
      Deprecated.
      Can be replaced with token.getClaimAsString(TokenClaims.FAMILY_NAME) from the com.sap.cloud.security.token package.
      String getGivenName()
      Deprecated.
      Can be replaced with token.getClaimAsString(TokenClaims.GIVEN_NAME) from the com.sap.cloud.security.token package.
      String getGrantType()
      Deprecated.
      can be replaced with token.getGrantType() from the com.sap.cloud.security.token package.
      String getHdbToken()
      Still Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package.
      String getIdentityZone()
      Deprecated.
      Have to be replaced with getZoneId() or getSubaccountId().
      String getJsonValue​(String attribute)
      Deprecated.
      Can be replaced with token.getClaimAsString(attribute) from the com.sap.cloud.security.token package.
      String getLogonName()
      Deprecated.
      Can be replaced with token.getClaimAsString(TokenClaims.USER_NAME) from the com.sap.cloud.security.token package or with token.getPrincipal().
      String getOrigin()
      Deprecated.
      Can be replaced with token.getClaimAsString(TokenClaims.XSUAA.ORIGIN) from the com.sap.cloud.security.token package.
      String getSubaccountId()
      Return subaccount identifier.
      String getSubdomain()
      Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package.
      String[] getSystemAttribute​(String attributeName)
      Still Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package.
      String getToken​(String namespace, String name)
      Deprecated.
      use getHdbToken() instead.
      String getZoneId()
      Deprecated.
      Can be replaced with token.getZoneId() from the com.sap.cloud.security.token package.
      boolean hasAttributes()
      Check if the authentication token contains user attributes.
      boolean isInForeignMode()
      Check if a token issued for another OAuth client has been forwarded to a different client,
      String requestToken​(XSTokenRequest tokenRequest)
      Deprecated.
      can be replaced with token flows from the token-client library.
      String requestTokenForClient​(String clientId, String clientSecret, String uaaUrl)
      Deprecated.
      can be replaced with token flows from the token-client library.
      String requestTokenForUser​(String clientId, String clientSecret, String uaaUrl)
      Deprecated.
      can be replaced with token flows from the token-client library.

    • Method Detail

      • getLogonName

        String getLogonName()
             throws XSUserInfoException
        Deprecated.
        Can be replaced with token.getClaimAsString(TokenClaims.USER_NAME) from the com.sap.cloud.security.token package or with token.getPrincipal().
        User name used for authentication, e.g. an email address or other identifier. A user might exist in multiple identity providers. The following information is required to to uniquely identify a user: - - - username: name of the user in an identity provider - origin: alias to an identity provider - subaccount id: identifier for the subaccount
        Returns:
        user name
        Throws:
        XSUserInfoException - if attribute is not available in the authentication token

      • getGivenName

        String getGivenName()
             throws XSUserInfoException
        Deprecated.
        Can be replaced with token.getClaimAsString(TokenClaims.GIVEN_NAME) from the com.sap.cloud.security.token package. Only if it is not an external attribute.
        Given name of the user.
        Returns:
        given name
        Throws:
        XSUserInfoException - if attribute is not available in the authentication token

      • getFamilyName

        String getFamilyName()
              throws XSUserInfoException
        Deprecated.
        Can be replaced with token.getClaimAsString(TokenClaims.FAMILY_NAME) from the com.sap.cloud.security.token package. Only if it is not an external attribute.
        Familiy name of the user.
        Returns:
        family name
        Throws:
        XSUserInfoException - if attribute is not available in the authentication token

      • getOrigin

        String getOrigin()
          throws XSUserInfoException
        Deprecated.
        Can be replaced with token.getClaimAsString(TokenClaims.XSUAA.ORIGIN) from the com.sap.cloud.security.token package.
        Return the user origin. The origin is an alias that refers to a user store in which the user is persisted. For example, users that are authenticated by the UAA itself with a username/password combination have their origin set to the value uaa.
        Returns:
        user origin
        Throws:
        XSUserInfoException - if attribute is not available in the authentication token

      • getSubaccountId

        String getSubaccountId()
                throws XSUserInfoException
        Return subaccount identifier. DO only use this for metering purposes. DO NOT longer use this method to get the unique tenant id! For that use getZoneId().
        Returns:
        subaccount identifier
        Throws:
        XSUserInfoException - if attribute is not available in the authentication token

      • getZoneId

        String getZoneId()
          throws XSUserInfoException
        Deprecated.
        Can be replaced with token.getZoneId() from the com.sap.cloud.security.token package.
        Return zone identifier which should be used as tenant discriminator (tenant id). For most of the old subaccounts this matches the id returned by getSubaccountId().
        Returns:
        zone identifier
        Throws:
        XSUserInfoException - if attribute is not available in the authentication token

      • getSubdomain

        String getSubdomain()
             throws XSUserInfoException
        Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package. Also available on tokens of type XsuaaToken from java-security.
        Returns:
        the subdomain
        Throws:
        XSUserInfoException - if subdomain is not available in the authentication token

      • getClientId

        String getClientId()
            throws XSUserInfoException
        Deprecated.
        Can be replaced with token.getClaimAsString(TokenClaims.XSUAA.CLIENT_ID) from the com.sap.cloud.security.token package.
        Return the client id of the authentication token
        Returns:
        client id
        Throws:
        XSUserInfoException - if attribute is not available in the authentication token

      • getJsonValue

        @Deprecated
String getJsonValue​(String attribute)
             throws XSUserInfoException
        Deprecated.
        Can be replaced with token.getClaimAsString(attribute) from the com.sap.cloud.security.token package.
        Parameters:
        attribute - the name of the JSON property
        Returns:
        value of attribute
        Throws:
        XSUserInfoException - if attribute is not available in the authentication token

      • getEmail

        String getEmail()
         throws XSUserInfoException
        Deprecated.
        Can be replaced with token.getClaimAsString(TokenClaims.EMAIL) from the com.sap.cloud.security.token package.
        Return the email of the user
        Returns:
        email
        Throws:
        XSUserInfoException - if attribute is not available in the authentication token

      • getHdbToken

        String getHdbToken()
            throws XSUserInfoException
        Still Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package.
        Returns:
        the hana database token
        Throws:
        XSUserInfoException - if db token is not available in the authentication token

      • getAppToken

        String getAppToken()
        Deprecated.
        Can be replaced with token.getAccessToken() from the com.sap.cloud.security.token package.
        Return authentication token
        Returns:
        authentication token

      • getAttribute

        String[] getAttribute​(String attributeName)
               throws XSUserInfoException
        Return user attributes. Still Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package.
        Parameters:
        attributeName - name of attribute
        Returns:
        attribute values array
        Throws:
        XSUserInfoException - if attribute is not available in the authentication token

      • hasAttributes

        boolean hasAttributes()
               throws XSUserInfoException
        Check if the authentication token contains user attributes. Still Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package.
        Returns:
        true if user attributes are available
        Throws:
        XSUserInfoException - if attribute is not available in the authentication token

      • getSystemAttribute

        String[] getSystemAttribute​(String attributeName)
                     throws XSUserInfoException
        Still Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package.
        Parameters:
        attributeName - the name of the system attribute
        Returns:
        the system attribute
        Throws:
        XSUserInfoException - if system attribute is not available in the authentication token

      • checkScope

        boolean checkScope​(String scope)
            throws XSUserInfoException
        Deprecated.
        can be replaced with xsuaaToken.hasScope(scope) from the com.sap.cloud.security.token package.
        Check if a scope is present in the authentication token
        Parameters:
        scope - name of fully qualified scope
        Returns:
        true if scope is available
        Throws:
        XSUserInfoException - if attribute is not available in the authentication token

      • checkLocalScope

        boolean checkLocalScope​(String scope)
                 throws XSUserInfoException
        Deprecated.
        can be replaced with xsuaaToken.hasLocalScope(scope) from the com.sap.cloud.security.token package.
        Check if a "local" scope is available in the authentication token according to the ScopeConverter.
        Parameters:
        scope - name of local scope (the XsuaaScopeConverter omits the xsappid)
        Returns:
        true if local scope is available
        Throws:
        XSUserInfoException - if attribute is not available in the authentication token

      • getAdditionalAuthAttribute

        String getAdditionalAuthAttribute​(String attributeName)
                           throws XSUserInfoException
        Return additional authentication attributes included by the OAuth client component. Note: this is data controlled by the requester of a token. Might be not trustworthy. Still Supported via XSUserInfoAdapter
        Parameters:
        attributeName - name of the authentication attribute
        Returns:
        addition authentication attributes
        Throws:
        XSUserInfoException - if attribute is not available in the authentication token

      • getCloneServiceInstanceId

        String getCloneServiceInstanceId()
                          throws XSUserInfoException
        In case of xsuaa broker plan tokens, it contains the service instance id Still Supported via XSUserInfoAdapter from the com.sap.cloud.security.adapter.xs package.
        Returns:
        service instance id
        Throws:
        XSUserInfoException - if attribute is not available in the authentication token

      • getGrantType

        String getGrantType()
             throws XSUserInfoException
        Deprecated.
        can be replaced with token.getGrantType() from the com.sap.cloud.security.token package. This will give you a GrantType enum entry on which you can call toString to obtain the grant type as string, e.g. "client_credentials".
        OAuth Grant Type used for this token
        Returns:
        grant type
        Throws:
        XSUserInfoException - if attribute is not available in the authentication token

      • isInForeignMode

        boolean isInForeignMode()
                 throws XSUserInfoException
        Check if a token issued for another OAuth client has been forwarded to a different client,
        Returns:
        true if token was forwarded
        Throws:
        XSUserInfoException - if attribute is not available in the authentication token

      • requestTokenForClient

        @Deprecated
String requestTokenForClient​(String clientId,
                             String clientSecret,
                             String uaaUrl)
                      throws XSUserInfoException
        Deprecated.
        can be replaced with token flows from the token-client library. Does not support mtls-based communication to XSUAA identity provider and will be removed with version 3.0.0.
        Performs a client credentials token flow.
        Parameters:
        clientId - client id
        clientSecret - client secret
        uaaUrl - the uaa url
        Returns:
        the token
        Throws:
        XSUserInfoException - if an error occurs during token request

      • requestTokenForUser

        @Deprecated
String requestTokenForUser​(String clientId,
                           String clientSecret,
                           String uaaUrl)
                    throws XSUserInfoException
        Deprecated.
        can be replaced with token flows from the token-client library. Does not support mtls-based communication to XSUAA identity provider and will be removed with version 3.0.0.
        Performs a user token flow.
        Parameters:
        clientId - client id
        clientSecret - client secret
        uaaUrl - the uaa url
        Returns:
        the token
        Throws:
        XSUserInfoException - if an error occurs during token request

      • requestToken

        @Deprecated
String requestToken​(XSTokenRequest tokenRequest)
             throws XSUserInfoException
        Deprecated.
        can be replaced with token flows from the token-client library. Does not support mtls-based communication to XSUAA identity provider and will be removed with version 3.0.0.
        Exchange a token into a token from another service instance
        Parameters:
        tokenRequest - request data
        Returns:
        requested token
        Throws:
        XSUserInfoException - if an error occurs during token exchange