Package com.sap.cloud.security.xsuaa.client

Class AbstractOAuth2TokenService

    • Constructor Detail

      • AbstractOAuth2TokenService

        public AbstractOAuth2TokenService()

      • AbstractOAuth2TokenService

        public AbstractOAuth2TokenService​(TokenCacheConfiguration tokenCacheConfiguration)
        Constructor used to overwrite the default cache configuration.
        Parameters:
        tokenCacheConfiguration - the cache configuration used to configure the cache.

    • Method Detail

      • clearCache

        public void clearCache()
        Description copied from interface: Cacheable
        Clears the cache of the component.
        Specified by:
        clearCache in interface Cacheable

      • retrieveAccessTokenViaUserTokenGrant

        public OAuth2TokenResponse retrieveAccessTokenViaUserTokenGrant​(@Nonnull
                                                                URI tokenEndpointUri,
                                                                @Nonnull
                                                                ClientIdentity clientIdentity,
                                                                @Nonnull
                                                                String token,
                                                                @Nullable
                                                                String subdomain,
                                                                @Nullable
                                                                Map<String,​String> optionalParameters)
                                                         throws OAuth2ServiceException
        Description copied from interface: OAuth2TokenService
        Exchanges user access token from OAuth Server with user access token. This endpoint returns only opaque access token, so that another call using {link #retrieveAccessTokenViaRefreshToken} is required.
        Specified by:
        retrieveAccessTokenViaUserTokenGrant in interface OAuth2TokenService
        Parameters:
        tokenEndpointUri - the token endpoint URI.
        clientIdentity - the client identity of the OAuth client, the recipient of the token.
        token - the user bearer token, that represents an authenticated user.
        subdomain - optionally indicates what Identity Zone this request goes to by supplying a subdomain (tenant).
        optionalParameters - optional request parameters, can be null.
        Returns:
        the OAuth2AccessToken.
        Throws:
        OAuth2ServiceException - in case of an error during the http request.

      • retrieveAccessTokenViaRefreshToken

        public OAuth2TokenResponse retrieveAccessTokenViaRefreshToken​(@Nonnull
                                                              URI tokenEndpointUri,
                                                              @Nonnull
                                                              ClientIdentity clientIdentity,
                                                              @Nonnull
                                                              String refreshToken,
                                                              String subdomain,
                                                              boolean disableCacheForRequest)
                                                       throws OAuth2ServiceException
        Description copied from interface: OAuth2TokenService
        Requests access token from OAuth Server with refresh-token.
        Specified by:
        retrieveAccessTokenViaRefreshToken in interface OAuth2TokenService
        Parameters:
        tokenEndpointUri - the token endpoint URI.
        clientIdentity - the client identity of the OAuth client, the recipient of the token.
        refreshToken - the refresh token that was returned along with the access token {link #OAuth2AccessToken}.
        subdomain - optionally indicates what Identity Zone this request goes to by supplying a subdomain (tenant).
        disableCacheForRequest - set to true disables the token cache for this request.
        Returns:
        the OAuth2AccessToken
        Throws:
        OAuth2ServiceException - in case of an error during the http request.

      • retrieveAccessTokenViaPasswordGrant

        public OAuth2TokenResponse retrieveAccessTokenViaPasswordGrant​(@Nonnull
                                                               URI tokenEndpoint,
                                                               @Nonnull
                                                               ClientIdentity clientIdentity,
                                                               @Nonnull
                                                               String username,
                                                               @Nonnull
                                                               String password,
                                                               @Nullable
                                                               String subdomain,
                                                               @Nullable
                                                               Map<String,​String> optionalParameters,
                                                               boolean disableCacheForRequest)
                                                        throws OAuth2ServiceException
        Description copied from interface: OAuth2TokenService
        Requests access token from OAuth Server with user / password.
        Specified by:
        retrieveAccessTokenViaPasswordGrant in interface OAuth2TokenService
        Parameters:
        tokenEndpoint - the token endpoint URI.
        clientIdentity - the client identity of the OAuth client, the recipient of the token.
        username - the username for the user trying to get a token
        password - the password for the user trying to get a token
        subdomain - optionally indicates what Identity Zone this request goes to by supplying a subdomain (tenant).
        optionalParameters - optional request parameters, can be null.
        disableCacheForRequest - set to true disables the token cache for this request.
        Returns:
        the OAuth2AccessToken
        Throws:
        OAuth2ServiceException - in case of an error during the http request.

      • retrieveAccessTokenViaJwtBearerTokenGrant

        public OAuth2TokenResponse retrieveAccessTokenViaJwtBearerTokenGrant​(URI tokenEndpoint,
                                                                     ClientIdentity clientIdentity,
                                                                     String token,
                                                                     @Nullable
                                                                     String subdomain,
                                                                     @Nullable
                                                                     Map<String,​String> optionalParameters,
                                                                     boolean disableCacheForRequest)
                                                              throws OAuth2ServiceException
        Specified by:
        retrieveAccessTokenViaJwtBearerTokenGrant in interface OAuth2TokenService
        Parameters:
        tokenEndpoint - the token endpoint URI.
        clientIdentity - the client identity of the OAuth client, the recipient of the token.
        token - the JWT token identifying representing the user to be authenticated
        subdomain - optionally indicates what Identity Zone this request goes to by supplying a subdomain (tenant).
        optionalParameters - optional request parameters, can be null.
        disableCacheForRequest - set to true disables the token cache for this request.
        Returns:
        the OAuth2AccessToken
        Throws:
        OAuth2ServiceException - in case of an error during the http request.

      • requestAccessToken

        protected abstract OAuth2TokenResponse requestAccessToken​(URI tokenEndpointUri,
                                                          HttpHeaders headers,
                                                          Map<String,​String> parameters)
                                                   throws OAuth2ServiceException
        Implements the HTTP client specific logic to perform an HTTP request and handle the response.
        Parameters:
        tokenEndpointUri - the URI of the token endpoint the request must be sent to.
        headers - the HTTP headers that must be sent with the request.
        parameters - a map of request parameters that must be sent with the request.
        Returns:
        the token response.
        Throws:
        OAuth2ServiceException - when the request ot the token endpoint fails or returns an error code.

      • getClock

        protected Clock getClock()
        By default Clock.systemUTC() is used to determine of a cached token has reached its expiration (exp) point in time. This method can be overridden for testing purposes.
        Returns:
        the Clock

      • getCacheStatistics

        public Object getCacheStatistics()
        Description copied from interface: Cacheable
        This returns an implementation specific statistics object if the underlying cache supports it and cache statistics have been enabled in the CacheConfiguration. Use with care. The type of the statistics object might change in later versions.
        Specified by:
        getCacheStatistics in interface Cacheable
        Returns:
        the cache statistics object.