gCubeSystem
/
keycloak-client
17
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed javadocs

This commit is contained in:
Mauro Mugnaini 2024-05-03 12:07:42 +02:00
parent ca0423cdf2
commit 49af6590f7
Signed by: mauro.mugnaini
GPG Key ID: 2440CFD0EB321EA8
6 changed files with 40 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/main/java/org/gcube/common/keycloak/DefaultKeycloakClient.java
View File

@ -737,6 +737,20 @@ public class DefaultKeycloakClient implements KeycloakClient {
OFFLINE_ACCESS_SCOPE);
}
/**
* Queries from the OIDC server an exchanged token by using provided access token, for the given audience (context),
* in URLEncoded form or not,
*
* @param tokenURL the token endpoint {@link URL} of the OIDC server
* @param oidcAccessToken the auth token (the access token URLEncoded by the "Bearer " string)
* @param clientId the client id
* @param clientSecret the client secret
* @param audience the audience (context) where to request the issuing of the ticket (URLEncoded)
* @param requestedTokenType the token type (e.g. <code>refresh</code>)
* @param scope the scope, optional can be <code>null</code>
* @return the issued exchanged token
* @throws KeycloakClientException if an error occurs, inspect the exception for details
*/
protected TokenResponse exchangeToken(URL tokenURL, String oidcAccessToken, String clientId, String clientSecret,
String audience, String requestedTokenType, String scope) throws KeycloakClientException {
@ -768,18 +782,6 @@ public class DefaultKeycloakClient implements KeycloakClient {
return performRequest(tokenURL, null, params);
}
/**
* Queries from the OIDC server an exchanged token by using provided access token, for the given audience (context),
* in URLEncoded form or not, and optionally a list of permissions.
*
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param authorization the auth token (the access token URLEncoded by the "Bearer " string)
* @param audience the audience (context) where to request the issuing of the ticket (URLEncoded)
* @param permissions a list of permissions, can be <code>null</code>
* @return the issued token
* @throws OpenIdConnectRESTHelperException if an error occurs (also an unauthorized call), inspect the exception for details
*/
@Override
public TokenIntrospectionResponse introspectAccessToken(String context, String clientId, String clientSecret,
String accessTokenJWTString) throws KeycloakClientException {

36
src/main/java/org/gcube/common/keycloak/KeycloakClient.java
View File

@ -92,7 +92,7 @@ public interface KeycloakClient {
*
* @param realmURL the realm URL
* @return the configured realm info
* @throws KeycloakClientException
* @throws KeycloakClientException if something goes wrong getting realm info
*/
PublishedRealmRepresentation getRealmInfo(URL realmURL) throws KeycloakClientException;
@ -149,7 +149,6 @@ public interface KeycloakClient {
* Queries an OIDC token from the Keycloak server, by using provided authorization.
*
* @param context the context where the Keycloak's is needed (e.g. <code>/gcube</code> for DEV)
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
* @return the issued token as {@link TokenResponse} object
* @throws KeycloakClientException if something goes wrong performing the query
@ -161,7 +160,6 @@ public interface KeycloakClient {
* Optionally extra HTTP headers can be provided to be used in the call.
*
* @param context the context where the Keycloak's is needed (e.g. <code>/gcube</code> for DEV)
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
* @param extraHeaders extra HTTP headers to add to the request
* @return the issued token as {@link TokenResponse} object
@ -172,7 +170,7 @@ public interface KeycloakClient {
/**
* Queries an OIDC token from the Keycloak server, by using provided authorization.
*
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param tokenURL the token endpoint {@link URL} of the OIDC server
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
* @return the issued token as {@link TokenResponse} object
* @throws KeycloakClientException if something goes wrong performing the query
@ -183,7 +181,7 @@ public interface KeycloakClient {
* Queries an OIDC token from the Keycloak server, by using provided authorization.
* Optionally extra HTTP headers can be provided to be used in the call.
*
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param tokenURL the token endpoint {@link URL} of the OIDC server
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
* @param extraHeaders extra HTTP headers to add to the request
* @return the issued token as {@link TokenResponse} object
@ -259,7 +257,6 @@ public interface KeycloakClient {
* Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.
*
* @param context the context where the Keycloak's is needed (e.g. <code>/gcube</code> for DEV)
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
* @param audience an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
* @return the issued token as {@link TokenResponse} object
@ -273,7 +270,6 @@ public interface KeycloakClient {
* Optionally extra HTTP headers can be provided to be used in the call.
*
* @param context the context where the Keycloak's is needed (e.g. <code>/gcube</code> for DEV)
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
* @param audience an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
* @param extraHeaders extra HTTP headers to add to the request
@ -286,7 +282,7 @@ public interface KeycloakClient {
/**
* Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.
*
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param tokenURL the token endpoint {@link URL} of the OIDC server
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
* @param audience an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
* @return the issued token as {@link TokenResponse} object
@ -299,7 +295,7 @@ public interface KeycloakClient {
* Queries an OIDC token from the Keycloak server, by using provided authorization, reducing the audience to the requested one.
* Optionally extra HTTP headers can be provided to be used in the call.
*
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param tokenURL the token endpoint {@link URL} of the OIDC server
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
* @param audience an optional parameter to shrink the token's audience to the requested one (e.g. a specific context), by leveraging on the custom HTTP header and corresponding mapper on Keycloak
* @param extraHeaders extra HTTP headers to add to the request
@ -358,7 +354,7 @@ public interface KeycloakClient {
*
* The implementation uses the custom <code>X-D4Science-Context</code> HTTP header that the proper mapper on Keycloak uses to reduce the audience
*
* @param tokenURL the token endpoint {@link URL} of the Keycloak server
* @param context the context where the Keycloak's is needed (e.g. <code>/gcube</code> for DEV)
* @param clientId the client id
* @param clientSecret the client secret
* @param username the user's username
@ -376,7 +372,7 @@ public interface KeycloakClient {
*
* The implementation uses the custom <code>X-D4Science-Context</code> HTTP header that the proper mapper on Keycloak uses to reduce the audience
*
* @param tokenURL the token endpoint {@link URL} of the Keycloak server
* @param context the context where the Keycloak's is needed (e.g. <code>/gcube</code> for DEV)
* @param clientId the client id
* @param clientSecret the client secret
* @param username the user's username
@ -442,7 +438,7 @@ public interface KeycloakClient {
/**
* Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.
*
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param tokenURL the token endpoint {@link URL} of the OIDC server
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
* @param username the user's username
* @param password the user's password
@ -457,7 +453,7 @@ public interface KeycloakClient {
* Queries an OIDC token for a specific user from the context's Keycloak server, by using provided clientId and client secret and user's username and password.
* Optionally extra HTTP headers can be provided to be used in the call.
*
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param tokenURL the token endpoint {@link URL} of the OIDC server
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
* @param username the user's username
* @param password the user's password
@ -487,7 +483,7 @@ public interface KeycloakClient {
* Queries an UMA token from the Keycloak server, by using provided authorization, for the given audience (context),
* in URLEncoded form or not, and optionally a list of permissions.
*
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param tokenURL the token endpoint {@link URL} of the OIDC server
* @param authorization the authorization to be set as header (e.g. a "Basic ...." auth or an encoded JWT access token preceded by the "Bearer " string)
* @param audience the audience (context) where to request the issuing of the ticket (URLEncoded)
* @param permissions a list of permissions, can be <code>null</code>
@ -502,7 +498,7 @@ public interface KeycloakClient {
* for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
*
* @param context the context where the Keycloak's is needed (e.g. <code>/gcube</code> for DEV)
* @param tokenResponse the previously issued token as {@link TokenResponse} object
* @param oidcTokenResponse the previously issued token as {@link TokenResponse} object
* @param audience the audience (context) where to request the issuing of the ticket
* @param permissions a list of permissions, can be <code>null</code>
* @return the issued token as {@link TokenResponse} object
@ -515,8 +511,8 @@ public interface KeycloakClient {
* Queries an UMA token from the Keycloak server, by using access-token provided by the {@link TokenResponse} object
* for the given audience (context), in URLEncoded form or not, and optionally a list of permissions.
*
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param tokenResponse the previously issued token as {@link TokenResponse} object
* @param tokenURL the token endpoint {@link URL} of the OIDC server
* @param oidcTokenResponse the previously issued token as {@link TokenResponse} object
* @param audience the audience (context) where to request the issuing of the ticket
* @param permissions a list of permissions, can be <code>null</code>
* @return the issued token as {@link TokenResponse} object
@ -576,7 +572,7 @@ public interface KeycloakClient {
* Client id will be read from "issued for" access token's claim and client secret will be not sent.
* <br><b>NOTE</b>: For <code>public</code> clients types only.
*
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param tokenURL the token endpoint {@link URL} of the OIDC server
* @param tokenResponse the previously issued token as {@link TokenResponse} object
* @return the refreshed token as {@link TokenResponse} object
* @throws KeycloakClientException if something goes wrong performing the refresh query
@ -601,7 +597,7 @@ public interface KeycloakClient {
* Refreshes a previously issued token from the Keycloak server using the refresh token JWT encoded string in the
* token response object and the provided client id and secret.
*
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param tokenURL the token endpoint {@link URL} of the OIDC server
* @param clientId the requestor client id, may be <code>null</code> and in this case will be take from the access token "issued for" claim
* @param clientSecret the requestor client secret, may be <code>null</code> for non-confidential clients
* @param tokenResponse the previously issued token as {@link TokenResponse} object
@ -629,7 +625,7 @@ public interface KeycloakClient {
* Refreshes a previously issued token from the Keycloak server by using the client id and secret
* and the refresh token JWT encoded string obtained with the access token in the previous token response.
*
* @param tokenUrl the token endpoint {@link URL} of the OIDC server
* @param tokenURL the token endpoint {@link URL} of the OIDC server
* @param clientId the requestor client id
* @param clientSecret the requestor client secret, may be <code>null</code> for non-confidential clients
* @param refreshTokenJWTString the previously issued refresh token JWT string

7
src/main/java/org/gcube/common/keycloak/model/JsonWebToken.java
View File

@ -83,7 +83,7 @@ public class JsonWebToken implements Serializable {
/**
* Tests that the token is not expired and is not-before.
*
* @return
* @return <code>true</code> if is not expired and is not-before
*/
@JsonIgnore
public boolean isActive() {
@ -101,6 +101,7 @@ public class JsonWebToken implements Serializable {
/**
* Set issuedAt to the current time
* @return the token itself
*/
@JsonIgnore
public JsonWebToken issuedNow() {
@ -186,7 +187,7 @@ public class JsonWebToken implements Serializable {
/**
* OAuth client the token was issued for.
*
* @return
* @return the issued for vale
*/
public String getIssuedFor() {
return issuedFor;
@ -200,7 +201,7 @@ public class JsonWebToken implements Serializable {
/**
* This is a map of any other claims and data that might be in the IDToken. Could be custom claims set up by the auth server
*
* @return
* @return the object's other claims
*/
@JsonAnyGetter
public Map<String, Object> getOtherClaims() {

6
src/main/java/org/gcube/common/keycloak/model/ModelUtils.java
View File

@ -87,9 +87,8 @@ public class ModelUtils {
*
* @param token the base64 JWT token string
* @param publicKey the realm's public key on server
* @param keyAlgorithm the public key algorithm
* @return <code>true</code> if the token is valid, <code>false</code> otherwise
* @throws RuntimeException if an error occurs constructing the verifier
* @throws Exception if an error occurs constructing the verifier
*/
public static boolean isValid(String token, PublicKey publicKey) throws Exception {
return isValid(token, publicKey, true);
@ -99,9 +98,10 @@ public class ModelUtils {
* Verifies the token validity
*
* @param token the base64 JWT token string
* @param algorithm the algorithm to use for verification
* @param publicKey the public key to use for verification
* @param checkExpiration if <code>false</code> token expiration check is disabled
* @return <code>true</code> if the token is valid, <code>false</code> otherwise
* @throws Exception if an error occurs constructing the verifier
*/
public static boolean isValid(String token, PublicKey publicKey, boolean checkExpiration) throws Exception {
JwtParser jwtParser = Jwts.parser().verifyWith(publicKey).build();

2
src/main/java/org/gcube/common/keycloak/model/UserInfo.java
View File

@ -311,7 +311,7 @@ public class UserInfo {
/**
* This is a map of any other claims and data that might be in the UserInfo. Could be custom claims set up by the auth server
*
* @return
* @return the object's other claims
*/
@JsonAnyGetter
public Map<String, Object> getOtherClaims() {

4
src/main/java/org/gcube/common/keycloak/model/util/Time.java
View File

@ -26,7 +26,7 @@ public class Time {
private static int offset;
/**
* Returns current time in seconds adjusted by adding {@link #offset) seconds.
* Returns current time in seconds adjusted by adding {@link #offset} seconds.
* @return see description
*/
public static int currentTime() {
@ -34,7 +34,7 @@ public class Time {
}
/**
* Returns current time in milliseconds adjusted by adding {@link #offset) seconds.
* Returns current time in milliseconds adjusted by adding {@link #offset} seconds.
* @return see description
*/
public static long currentTimeMillis() {