48 lines
1.8 KiB
Java
48 lines
1.8 KiB
Java
package org.gcube.common.iam;
|
|
|
|
import java.util.List;
|
|
|
|
import org.gcube.common.keycloak.KeycloakClientException;
|
|
import org.gcube.common.keycloak.model.TokenResponse;
|
|
|
|
public class D4ScienceIAMClientAuthn extends AbstractIAMResponse implements IAMResponse {
|
|
|
|
protected D4ScienceIAMClientAuthn(D4ScienceIAMClient iamClient, String clientId, String clientSecret)
|
|
throws D4ScienceIAMClientException {
|
|
|
|
this(iamClient, clientId, clientSecret, null);
|
|
}
|
|
|
|
protected D4ScienceIAMClientAuthn(D4ScienceIAMClient iamClient, String clientId, String clientSecret,
|
|
String audience)
|
|
throws D4ScienceIAMClientException {
|
|
|
|
super(iamClient, performAuthn(iamClient, clientId, clientSecret, audience));
|
|
}
|
|
|
|
protected static final TokenResponse performAuthn(D4ScienceIAMClient iamClient, String clientId, String clientSecret,
|
|
String audience) throws D4ScienceIAMClientException {
|
|
|
|
try {
|
|
return iamClient.getKeycloakClient().queryOIDCTokenWithContext(iamClient.getTokenEndpointURL(), clientId,
|
|
clientSecret, audience);
|
|
|
|
} catch (KeycloakClientException e) {
|
|
throw new D4ScienceIAMClientException(e);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Authorizes the client by using the authn already obtained, for the specific audience and with optional permissions.
|
|
* @param audience the requested audience (e.g. a specific context)
|
|
* @param permissions the optional permissions
|
|
* @return the authz object
|
|
* @throws D4ScienceIAMClientException if an error occurs during authz process
|
|
*/
|
|
public D4ScienceIAMClientAuthz authorize(String audience, List<String> permissions)
|
|
throws D4ScienceIAMClientException {
|
|
|
|
return new D4ScienceIAMClientAuthz(this, audience, permissions);
|
|
}
|
|
|
|
} |