Package com.oracle.bmc.auth.internal

Class ResourcePrincipalsV3FederationClient

java.lang.Object

com.oracle.bmc.auth.internal.AbstractFederationClient

com.oracle.bmc.auth.internal.ResourcePrincipalsV3FederationClient

All Implemented Interfaces:

FederationClient, ProvidesConfigurableRefresh

public class ResourcePrincipalsV3FederationClient
extends AbstractFederationClient

This class gets a security token from the auth service by fetching the RPST1 and then passing along the RPST1 to get RPT2 and further get security token RPST2 from the auth service, this nested fetching of security token continues for 10 levels or when the opc-parent-url header in the rpt response is the same as the rpt endpoint

Field Summary

Fields inherited from class com.oracle.bmc.auth.internal.AbstractFederationClient

additionalClientConfigurator, circuitBreaker, federationClient, resourcePrincipalTokenClient, securityTokenAdapter, sessionKeySupplier

Constructor Summary

Constructors

Constructor	Description
ResourcePrincipalsV3FederationClient(String resourcePrincipalTokenUrl, String resourcePrincipalSessionTokenEndpoint, SessionKeySupplier sessionKeySupplier, ResourcePrincipalAuthenticationDetailsProvider leafAuthDetailsProvider, ClientConfigurator clientConfigurator, CircuitBreakerConfiguration circuitBreakerConfiguration)	Constructor of ResourcePrincipalsFederationClient.

Method Summary

Modifier and Type	Method	Description
String	getSecurityToken()	Gets a security token from the federation endpoint.
protected SecurityTokenAdapter	getSecurityTokenFromServer()	Gets a security token from the federation server
protected SecurityTokenAdapter	getSecurityTokenFromServerInner(RSAPublicKey publicKey, int depth, String lastResourcePrincipalTokenUrl, com.oracle.bmc.http.client.HttpClient resourcePrincipalTokenClient, com.oracle.bmc.http.client.HttpClient federationClient)
protected ClientCall<?,com.oracle.bmc.auth.internal.GetResourcePrincipalTokenResponse.ResponseWrapper,?>	prepareRptCall(com.oracle.bmc.http.client.HttpClient resourcePrincipalTokenClient)
String	refreshAndGetSecurityTokenIfExpiringWithin(Duration time)	Gets a security token from the federation endpoint if the security token expires within the provided duration.
String	refreshAndGetSecurityTokenIfExpiringWithin(Duration time, boolean refreshKeys)	Gets a security token from the federation endpoint if the security token expires within the provided duration and allows to enable/disable refresh of keys.
protected SecurityTokenAdapter	requestSessionToken(com.oracle.bmc.http.client.HttpClient federationClient, GetResourcePrincipalSessionTokenRequest getResourcePrincipalSessionTokenRequest)

Methods inherited from class com.oracle.bmc.auth.internal.AbstractFederationClient

getSecurityTokenAdapter, getStringClaim, makeClient, prepareRptCall, refreshAndGetSecurityToken, refreshAndGetSecurityTokenInner, requestSessionToken

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ResourcePrincipalsV3FederationClient

public ResourcePrincipalsV3FederationClient(String resourcePrincipalTokenUrl,
                                            String resourcePrincipalSessionTokenEndpoint,
                                            SessionKeySupplier sessionKeySupplier,
                                            ResourcePrincipalAuthenticationDetailsProvider leafAuthDetailsProvider,
                                            ClientConfigurator clientConfigurator,
                                            CircuitBreakerConfiguration circuitBreakerConfiguration)

Constructor of ResourcePrincipalsFederationClient.

Parameters:

resourcePrincipalTokenUrl - the direct url that can provide the resource principal token.

resourcePrincipalSessionTokenEndpoint - the endpoint that can provide the resource principal session token.

sessionKeySupplier - the session key supplier.

leafAuthDetailsProvider - the auth provider for leaf resource

clientConfigurator - the rest client configurator.

circuitBreakerConfiguration - the rest client circuit breaker configuration.

Method Detail

getSecurityToken

public String getSecurityToken()

Gets a security token from the federation endpoint.

May use a cached token if it judged to still be valid.

Specified by:

getSecurityToken in interface FederationClient

Overrides:

getSecurityToken in class AbstractFederationClient

Returns:

A security token that can be used to authenticate requests.

refreshAndGetSecurityTokenIfExpiringWithin

public String refreshAndGetSecurityTokenIfExpiringWithin(Duration time,
                                                         boolean refreshKeys)

Gets a security token from the federation endpoint if the security token expires within the provided duration and allows to enable/disable refresh of keys.

This will always retrieve a new token from the federation endpoint and does not use a cached token.

Specified by:

refreshAndGetSecurityTokenIfExpiringWithin in interface ProvidesConfigurableRefresh

Overrides:

refreshAndGetSecurityTokenIfExpiringWithin in class AbstractFederationClient

Parameters:

time - the duration to check

refreshKeys - boolean value to enable/disable refresh of keys

Returns:

A security token that can be used to authenticate requests.

refreshAndGetSecurityTokenIfExpiringWithin

public String refreshAndGetSecurityTokenIfExpiringWithin(Duration time)

Gets a security token from the federation endpoint if the security token expires within the provided duration.

This will always retrieve a new token from the federation endpoint and does not use a cached token.

Specified by:

refreshAndGetSecurityTokenIfExpiringWithin in interface ProvidesConfigurableRefresh

Overrides:

refreshAndGetSecurityTokenIfExpiringWithin in class AbstractFederationClient

Parameters:

time - the duration to check

Returns:

A security token that can be used to authenticate requests.

getSecurityTokenFromServer

protected SecurityTokenAdapter getSecurityTokenFromServer()

Gets a security token from the federation server

Specified by:

getSecurityTokenFromServer in class AbstractFederationClient

Returns:

the security token, which is basically a JWT token string

getSecurityTokenFromServerInner

protected SecurityTokenAdapter getSecurityTokenFromServerInner(RSAPublicKey publicKey,
                                                               int depth,
                                                               String lastResourcePrincipalTokenUrl,
                                                               com.oracle.bmc.http.client.HttpClient resourcePrincipalTokenClient,
                                                               com.oracle.bmc.http.client.HttpClient federationClient)

prepareRptCall

protected ClientCall<?,com.oracle.bmc.auth.internal.GetResourcePrincipalTokenResponse.ResponseWrapper,?> prepareRptCall(com.oracle.bmc.http.client.HttpClient resourcePrincipalTokenClient)

requestSessionToken

protected SecurityTokenAdapter requestSessionToken(com.oracle.bmc.http.client.HttpClient federationClient,
                                                   GetResourcePrincipalSessionTokenRequest getResourcePrincipalSessionTokenRequest)