118 lines
4.6 KiB
Java
118 lines
4.6 KiB
Java
package org.gcube.common.iam;
|
|
|
|
import java.net.URL;
|
|
import java.util.List;
|
|
|
|
import org.gcube.common.keycloak.KeycloakClient;
|
|
import org.gcube.common.keycloak.KeycloakClientException;
|
|
import org.gcube.common.keycloak.KeycloakClientFactory;
|
|
|
|
/**
|
|
* Helper class that acts as IAM client providing authentication and authorization using the IAM hiding the underlying implementation
|
|
*
|
|
* @author Mauro Mugnaini
|
|
*/
|
|
public class D4ScienceIAMClient {
|
|
|
|
private KeycloakClient keycloakClient;
|
|
private URL tokenEndpointURL;
|
|
|
|
/**
|
|
* Creates a new client for the specific context, in the default IAM realm.
|
|
* @param context the context to be used to obtain the endpoint URL
|
|
* @return the client to be used for authn and authz requests
|
|
* @throws D4ScienceIAMClientException if an error occurs obtaining the base URL
|
|
*/
|
|
public static D4ScienceIAMClient newInstance(String context) throws D4ScienceIAMClientException {
|
|
KeycloakClient keycloakClient = KeycloakClientFactory.newInstance();
|
|
try {
|
|
return new D4ScienceIAMClient(keycloakClient,
|
|
keycloakClient.getTokenEndpointURL(keycloakClient.getRealmBaseURL(context)));
|
|
} catch (KeycloakClientException e) {
|
|
throw new D4ScienceIAMClientException(e);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Creates a new client for the specific context, in the default realm.
|
|
* @param context the context to be used to obtain the endpoint URL
|
|
* @param realm the IAM realm
|
|
* @return the client to be used for authn and authz requests
|
|
* @throws D4ScienceIAMClientException if an error occurs obtaining the base URL
|
|
*/
|
|
public static D4ScienceIAMClient newInstance(String context, String realm) throws D4ScienceIAMClientException {
|
|
KeycloakClient keycloakClient = KeycloakClientFactory.newInstance();
|
|
try {
|
|
return new D4ScienceIAMClient(keycloakClient,
|
|
keycloakClient.getTokenEndpointURL(keycloakClient.getRealmBaseURL(context, realm)));
|
|
} catch (KeycloakClientException e) {
|
|
throw new D4ScienceIAMClientException(e);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Creates a new client with the provided endpoint URL.
|
|
* @param tokenEndpointURL the endpoint URL
|
|
* @return the client to be used for authn and authz requests
|
|
*/
|
|
public static D4ScienceIAMClient newInstance(URL tokenEndpointURL) {
|
|
return new D4ScienceIAMClient(KeycloakClientFactory.newInstance(), tokenEndpointURL);
|
|
}
|
|
|
|
private D4ScienceIAMClient(KeycloakClient keycloakClient, URL tokenEndpointURL) {
|
|
this.keycloakClient = keycloakClient;
|
|
this.tokenEndpointURL = tokenEndpointURL;
|
|
}
|
|
|
|
protected KeycloakClient getKeycloakClient() {
|
|
return this.keycloakClient;
|
|
}
|
|
|
|
public URL getTokenEndpointURL() {
|
|
return this.tokenEndpointURL;
|
|
}
|
|
|
|
/**
|
|
* Authenticates the client with provided id and secret,
|
|
* @param clientId the client id
|
|
* @param clientSecret the client secret
|
|
* @return the authn object
|
|
* @throws D4ScienceIAMClientException if an error occurs during authn process
|
|
*/
|
|
public D4ScienceIAMClientAuthn authenticate(String clientId, String clientSecret)
|
|
throws D4ScienceIAMClientException {
|
|
|
|
return authenticate(clientId, clientSecret, null);
|
|
}
|
|
|
|
/**
|
|
* Authenticates the client with provided credentials, reducing the token audience to the requested.
|
|
* @param clientId the client id
|
|
* @param clientSecret the client secret
|
|
* @param audience the requested audience (e.g. a specific context)
|
|
* @return the authn object
|
|
* @throws D4ScienceIAMClientException if an error occurs during authn process
|
|
*/
|
|
public D4ScienceIAMClientAuthn authenticate(String clientId, String clientSecret, String audience)
|
|
throws D4ScienceIAMClientException {
|
|
|
|
return new D4ScienceIAMClientAuthn(this, clientId, clientSecret, audience);
|
|
}
|
|
|
|
/**
|
|
* Directly authorizes the client by using the provided credentials, for the specific audience and with optional permissions
|
|
* @param clientId the client id
|
|
* @param clientSecret the client secret
|
|
* @param audience the requested audience (e.g. a specific context)
|
|
* @param permissions the optional permissions
|
|
* @return the authz object
|
|
* @throws D4ScienceIAMClientException if an error occurs during authz process
|
|
*/
|
|
public D4ScienceIAMClientAuthz authorize(String clientId, String clientSecret, String audience,
|
|
List<String> permissions)
|
|
throws D4ScienceIAMClientException {
|
|
|
|
return new D4ScienceIAMClientAuthz(this, clientId, clientSecret, audience, permissions);
|
|
}
|
|
|
|
} |