Package com.sap.cloud.security.xsuaa.client

Class AbstractOAuth2TokenService

java.lang.Object
com.sap.cloud.security.xsuaa.client.AbstractOAuth2TokenService
All Implemented Interfaces:
OAuth2TokenService, Cacheable
Direct Known Subclasses:
DefaultOAuth2TokenService, XsuaaOAuth2TokenService
public abstract class AbstractOAuth2TokenService extends Object implements OAuth2TokenService, Cacheable

  • Constructor Details

    • AbstractOAuth2TokenService

      public AbstractOAuth2TokenService()

    • AbstractOAuth2TokenService

      public AbstractOAuth2TokenService(TokenCacheConfiguration tokenCacheConfiguration)
      Constructor used to overwrite the default cache configuration.
      Parameters:
      tokenCacheConfiguration - the cache configuration used to configure the cache.

  • Method Details

    • clearCache

      public void clearCache()
      Description copied from interface: Cacheable
      Clears the cache of the component.
      Specified by:
      clearCache in interface Cacheable

    • getCacheConfiguration

      @Nonnull public TokenCacheConfiguration getCacheConfiguration()
      Description copied from interface: Cacheable
      Provides the cache configuration of the component. Must not be null.
      Specified by:
      getCacheConfiguration in interface Cacheable
      Returns:
      the cache configuration

    • retrieveAccessTokenViaClientCredentialsGrant

      public OAuth2TokenResponse retrieveAccessTokenViaClientCredentialsGrant(@Nonnull URI tokenEndpointUri, @Nonnull ClientIdentity clientIdentity, @Nullable String zoneId, @Nullable String subdomain, @Nullable Map<String,String> optionalParameters, boolean disableCacheForRequest) throws OAuth2ServiceException
      Description copied from interface: OAuth2TokenService
      Requests access token from OAuth Server with client credentials.
      Specified by:
      retrieveAccessTokenViaClientCredentialsGrant in interface OAuth2TokenService
      Parameters:
      tokenEndpointUri - the token endpoint URI.
      clientIdentity - the client identity of the OAuth client, the recipient of the token.
      zoneId - Zone identifier - tenant discriminator
      subdomain - optionally indicates what Identity Zone this request goes to by supplying a subdomain (tenant).
      optionalParameters - optional request parameters, can be null.
      disableCacheForRequest - set to true disables the token cache for this request.
      Returns:
      the OAuth2AccessToken.
      Throws:
      OAuth2ServiceException - in case of an error during the http request.

    • retrieveAccessTokenViaRefreshToken

      public OAuth2TokenResponse retrieveAccessTokenViaRefreshToken(@Nonnull URI tokenEndpointUri, @Nonnull ClientIdentity clientIdentity, @Nonnull String refreshToken, String subdomain, boolean disableCacheForRequest) throws OAuth2ServiceException
      Description copied from interface: OAuth2TokenService
      Requests access token from OAuth Server with refresh-token.
      Specified by:
      retrieveAccessTokenViaRefreshToken in interface OAuth2TokenService
      Parameters:
      tokenEndpointUri - the token endpoint URI.
      clientIdentity - the client identity of the OAuth client, the recipient of the token.
      refreshToken - the refresh token that was returned along with the access token {link #OAuth2AccessToken}.
      subdomain - optionally indicates what Identity Zone this request goes to by supplying a subdomain (tenant).
      disableCacheForRequest - set to true disables the token cache for this request.
      Returns:
      the OAuth2AccessToken
      Throws:
      OAuth2ServiceException - in case of an error during the http request.

    • retrieveAccessTokenViaPasswordGrant

      public OAuth2TokenResponse retrieveAccessTokenViaPasswordGrant(@Nonnull URI tokenEndpoint, @Nonnull ClientIdentity clientIdentity, @Nonnull String username, @Nonnull String password, @Nullable String subdomain, @Nullable Map<String,String> optionalParameters, boolean disableCacheForRequest) throws OAuth2ServiceException
      Description copied from interface: OAuth2TokenService
      Requests access token from OAuth Server with user / password.
      Specified by:
      retrieveAccessTokenViaPasswordGrant in interface OAuth2TokenService
      Parameters:
      tokenEndpoint - the token endpoint URI.
      clientIdentity - the client identity of the OAuth client, the recipient of the token.
      username - the username for the user trying to get a token
      password - the password for the user trying to get a token
      subdomain - optionally indicates what Identity Zone this request goes to by supplying a subdomain (tenant).
      optionalParameters - optional request parameters, can be null.
      disableCacheForRequest - set to true disables the token cache for this request.
      Returns:
      the OAuth2AccessToken
      Throws:
      OAuth2ServiceException - in case of an error during the http request.

    • retrieveAccessTokenViaJwtBearerTokenGrant

      public OAuth2TokenResponse retrieveAccessTokenViaJwtBearerTokenGrant(URI tokenEndpoint, ClientIdentity clientIdentity, String token, @Nullable String subdomain, @Nullable Map<String,String> optionalParameters, boolean disableCacheForRequest) throws OAuth2ServiceException
      Specified by:
      retrieveAccessTokenViaJwtBearerTokenGrant in interface OAuth2TokenService
      Parameters:
      tokenEndpoint - the token endpoint URI.
      clientIdentity - the client identity of the OAuth client, the recipient of the token.
      token - the JWT token identifying representing the user to be authenticated
      subdomain - optionally indicates what Identity Zone this request goes to by supplying a subdomain (tenant).
      optionalParameters - optional request parameters, can be null.
      disableCacheForRequest - set to true disables the token cache for this request.
      Returns:
      the OAuth2AccessToken
      Throws:
      OAuth2ServiceException - in case of an error during the http request.

    • retrieveAccessTokenViaJwtBearerTokenGrant

      public OAuth2TokenResponse retrieveAccessTokenViaJwtBearerTokenGrant(URI tokenEndpoint, ClientIdentity clientIdentity, @Nonnull String token, @Nullable Map<String,String> optionalParameters, boolean disableCacheForRequest, @Nonnull String zoneId) throws OAuth2ServiceException
      Specified by:
      retrieveAccessTokenViaJwtBearerTokenGrant in interface OAuth2TokenService
      Parameters:
      tokenEndpoint - the token endpoint URI.
      clientIdentity - the client identity of the OAuth client, the recipient of the token.
      token - the JWT token identifying representing the user to be authenticated
      optionalParameters - optional request parameters, can be null.
      disableCacheForRequest - setting to true disables the token cache for this request.
      zoneId - zone id of the tenant
      Returns:
      the OAuth2AccessToken
      Throws:
      OAuth2ServiceException - in case of an error during the http request.

    • requestAccessToken

      protected abstract OAuth2TokenResponse requestAccessToken(URI tokenEndpointUri, HttpHeaders headers, Map<String,String> parameters) throws OAuth2ServiceException
      Implements the HTTP client specific logic to perform an HTTP request and handle the response.
      Parameters:
      tokenEndpointUri - the URI of the token endpoint the request must be sent to.
      headers - the HTTP headers that must be sent with the request.
      parameters - a map of request parameters that must be sent with the request.
      Returns:
      the token response.
      Throws:
      OAuth2ServiceException - when the request ot the token endpoint fails or returns an error code.

    • getClock

      protected Clock getClock()
      By default Clock.systemUTC() is used to determine of a cached token has reached its expiration (exp) point in time. This method can be overridden for testing purposes.
      Returns:
      the Clock

    • getCacheStatistics

      public Object getCacheStatistics()
      Description copied from interface: Cacheable
      This returns an implementation specific statistics object if the underlying cache supports it and cache statistics have been enabled in the CacheConfiguration.

      Use with care. The type of the statistics object might change in later versions.

      Specified by:
      getCacheStatistics in interface Cacheable
      Returns:
      the cache statistics object.