org.mitre.oauth2.introspectingfilter.IntrospectingTokenService の継承関係図

org.mitre.oauth2.introspectingfilter.IntrospectingTokenService 連携図

クラス
class	TokenCacheObject

公開メンバ関数
	IntrospectingTokenService ()

	IntrospectingTokenService (HttpClient httpClient)

IntrospectionConfigurationService	getIntrospectionConfigurationService ()

void	setIntrospectionConfigurationService (IntrospectionConfigurationService introspectionUrlProvider)

void	setIntrospectionAuthorityGranter (IntrospectionAuthorityGranter introspectionAuthorityGranter)

IntrospectionAuthorityGranter	getIntrospectionAuthorityGranter ()

int	getDefaultExpireTime ()

void	setDefaultExpireTime (int defaultExpireTime)

boolean	isForceCacheExpireTime ()

void	setForceCacheExpireTime (boolean forceCacheExpireTime)

boolean	isCacheNonExpiringTokens ()

void	setCacheNonExpiringTokens (boolean cacheNonExpiringTokens)

boolean	isCacheTokens ()

void	setCacheTokens (boolean cacheTokens)

OAuth2Authentication	loadAuthentication (String accessToken) throws AuthenticationException

OAuth2AccessToken	readAccessToken (String accessToken)

非公開メンバ関数
TokenCacheObject	checkCache (String key)

OAuth2Request	createStoredRequest (final JsonObject token)

Authentication	createUserAuthentication (JsonObject token)

OAuth2AccessToken	createAccessToken (final JsonObject token, final String tokenString)

TokenCacheObject	parseToken (String accessToken)

非公開変数類
IntrospectionConfigurationService	introspectionConfigurationService

IntrospectionAuthorityGranter	introspectionAuthorityGranter = new SimpleIntrospectionAuthorityGranter()

int	defaultExpireTime = 300000

boolean	forceCacheExpireTime = false

boolean	cacheNonExpiringTokens = false

boolean	cacheTokens = true

HttpComponentsClientHttpRequestFactory	factory

Map< String, TokenCacheObject >	authCache = new HashMap<>()

静的非公開変数類
static final Logger	logger = LoggerFactory.getLogger(IntrospectingTokenService.class)

詳解

This ResourceServerTokenServices implementation introspects incoming tokens at a server's introspection endpoint URL and passes an Authentication object along based on the response from the introspection endpoint.

著者: jricher

構築子と解体子

◆ IntrospectingTokenService() [1/2]

org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.IntrospectingTokenService ( )

inline

                                            {
                 this(HttpClientBuilder.create().useSystemProperties().build());
         }

◆ IntrospectingTokenService() [2/2]

org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.IntrospectingTokenService ( HttpClient httpClient )

inline

                                                                 {
                 this.factory = new HttpComponentsClientHttpRequestFactory(httpClient);
         }

関数詳解

◆ checkCache()

TokenCacheObject org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.checkCache ( String key )

inlineprivate

Check to see if the introspection end point response for a token has been cached locally This call will return the token if it has been cached and is still valid according to the cache expire time on the TokenCacheObject. If a cached value has been found but is expired, either by default expire times or the token's own expire time, then the token is removed from the cache and null is returned.

引数

key	is the token to check

戻り値: the cached TokenCacheObject or null

                                                         {
                 if (cacheTokens && authCache.containsKey(key)) {
                         TokenCacheObject tco = authCache.get(key);
 
                         if (tco != null && tco.cacheExpire != null && tco.cacheExpire.after(new Date())) {
                                 return tco;
                         } else {
                                 // if the token is expired, don't keep things around.
                                 authCache.remove(key);
                         }
                 }
                 return null;
         }

◆ createAccessToken()

OAuth2AccessToken org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.createAccessToken	(	final JsonObject	token,
		final String	tokenString
	)

inlineprivate

                                                                                                       {
                 OAuth2AccessToken accessToken = new OAuth2AccessTokenImpl(token, tokenString);
                 return accessToken;
         }

◆ createStoredRequest()

OAuth2Request org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.createStoredRequest ( final JsonObject token )

inlineprivate

                                                                           {
                 String clientId = token.get("client_id").getAsString();
                 Set<String> scopes = new HashSet<>();
                 if (token.has("scope")) {
                         scopes.addAll(OAuth2Utils.parseParameterList(token.get("scope").getAsString()));
                 }
                 Map<String, String> parameters = new HashMap<>();
                 parameters.put("client_id", clientId);
                 parameters.put("scope", OAuth2Utils.formatParameterList(scopes));
                 OAuth2Request storedRequest = new OAuth2Request(parameters, clientId, null, true, scopes, null, null, null, null);
                 return storedRequest;
         }

◆ createUserAuthentication()

Authentication org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.createUserAuthentication ( JsonObject token )

inlineprivate

                                                                           {
                 JsonElement userId = token.get("user_id");
                 if(userId == null) {
                         return null;
                 }
 
                 return new PreAuthenticatedAuthenticationToken(userId.getAsString(), token, introspectionAuthorityGranter.getAuthorities(token));
         }

◆ getDefaultExpireTime()

int org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.getDefaultExpireTime ( )

inline

get the default cache expire time in milliseconds

戻り値

                                           {
                 return defaultExpireTime;
         }

◆ getIntrospectionAuthorityGranter()

IntrospectionAuthorityGranter org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.getIntrospectionAuthorityGranter ( )

inline

戻り値: the introspectionAuthorityGranter

                                                                                 {
                 return introspectionAuthorityGranter;
         }

◆ getIntrospectionConfigurationService()

IntrospectionConfigurationService org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.getIntrospectionConfigurationService ( )

inline

戻り値: the introspectionConfigurationService

                                                                                         {
                 return introspectionConfigurationService;
         }

◆ isCacheNonExpiringTokens()

boolean org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.isCacheNonExpiringTokens ( )

inline

Are non-expiring tokens cached using the default cache time

戻り値: state of cacheNonExpiringTokens

                                                   {
                 return cacheNonExpiringTokens;
         }

◆ isCacheTokens()

boolean org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.isCacheTokens ( )

inline

Is the service caching tokens, or is it hitting the introspection end point every time

戻り値: true is caching tokens locally, false hits the introspection end point every time

                                        {
                 return cacheTokens;
         }

◆ isForceCacheExpireTime()

boolean org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.isForceCacheExpireTime ( )

inline

check if forcing a cache expire time maximum value

戻り値: the forceCacheExpireTime setting

                                                 {
                 return forceCacheExpireTime;
         }

◆ loadAuthentication()

OAuth2Authentication org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.loadAuthentication ( String accessToken ) throws AuthenticationException

inline

                                                                                                           {
                 // First check if the in memory cache has an Authentication object, and
                 // that it is still valid
                 // If Valid, return it
                 TokenCacheObject cacheAuth = checkCache(accessToken);
                 if (cacheAuth != null) {
                         return cacheAuth.auth;
                 } else {
                         cacheAuth = parseToken(accessToken);
                         if (cacheAuth != null) {
                                 return cacheAuth.auth;
                         } else {
                                 return null;
                         }
                 }
         }

◆ parseToken()

TokenCacheObject org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.parseToken ( String accessToken )

inlineprivate

Validate a token string against the introspection endpoint, then parse it and store it in the local cache if caching is enabled.

引数

accessToken Token to pass to the introspection endpoint

戻り値: TokenCacheObject containing authentication and token if the token was valid, otherwise null

                                                                 {
 
                 // find out which URL to ask
                 String introspectionUrl;
                 RegisteredClient client;
                 try {
                         introspectionUrl = introspectionConfigurationService.getIntrospectionUrl(accessToken);
                         client = introspectionConfigurationService.getClientConfiguration(accessToken);
                 } catch (IllegalArgumentException e) {
                         logger.error("Unable to load introspection URL or client configuration", e);
                         return null;
                 }
                 // Use the SpringFramework RestTemplate to send the request to the
                 // endpoint
                 String validatedToken = null;
 
                 RestTemplate restTemplate;
                 MultiValueMap<String, String> form = new LinkedMultiValueMap<>();
 
                 final String clientId = client.getClientId();
                 final String clientSecret = client.getClientSecret();
 
                 if (SECRET_BASIC.equals(client.getTokenEndpointAuthMethod())){
                         // use BASIC auth if configured to do so
                         restTemplate = new RestTemplate(factory) {
 
                                 @Override
                                 protected ClientHttpRequest createRequest(URI url, HttpMethod method) throws IOException {
                                         ClientHttpRequest httpRequest = super.createRequest(url, method);
                                         httpRequest.getHeaders().add("Authorization",
                                                         String.format("Basic %s", Base64.encode(String.format("%s:%s", clientId, clientSecret)) ));
                                         return httpRequest;
                                 }
                         };
                 } else {  //Alternatively use form based auth
                         restTemplate = new RestTemplate(factory);
 
                         form.add("client_id", clientId);
                         form.add("client_secret", clientSecret);
                 }
 
                 form.add("token", accessToken);
 
                 try {
                         validatedToken = restTemplate.postForObject(introspectionUrl, form, String.class);
                 } catch (RestClientException rce) {
                         logger.error("validateToken", rce);
                         return null;
                 }
                 if (validatedToken != null) {
                         // parse the json
                         JsonElement jsonRoot = new JsonParser().parse(validatedToken);
                         if (!jsonRoot.isJsonObject()) {
                                 return null; // didn't get a proper JSON object
                         }
 
                         JsonObject tokenResponse = jsonRoot.getAsJsonObject();
 
                         if (tokenResponse.get("error") != null) {
                                 // report an error?
                                 logger.error("Got an error back: " + tokenResponse.get("error") + ", " + tokenResponse.get("error_description"));
                                 return null;
                         }
 
                         if (!tokenResponse.get("active").getAsBoolean()) {
                                 // non-valid token
                                 logger.info("Server returned non-active token");
                                 return null;
                         }
                         // create an OAuth2Authentication
                         OAuth2Authentication auth = new OAuth2Authentication(createStoredRequest(tokenResponse), createUserAuthentication(tokenResponse));
                         // create an OAuth2AccessToken
                         OAuth2AccessToken token = createAccessToken(tokenResponse, accessToken);
 
                         if (token.getExpiration() == null || token.getExpiration().after(new Date())) {
                                 // Store them in the cache
                                 TokenCacheObject tco = new TokenCacheObject(token, auth);
                                 if (cacheTokens && (cacheNonExpiringTokens || token.getExpiration() != null)) {
                                         authCache.put(accessToken, tco);
                                 }
                                 return tco;
                         }
                 }
 
                 // when the token is invalid for whatever reason
                 return null;
         }

◆ readAccessToken()

OAuth2AccessToken org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.readAccessToken ( String accessToken )

inline

                                                                      {
                 // First check if the in memory cache has a Token object, and that it is
                 // still valid
                 // If Valid, return it
                 TokenCacheObject cacheAuth = checkCache(accessToken);
                 if (cacheAuth != null) {
                         return cacheAuth.token;
                 } else {
                         cacheAuth = parseToken(accessToken);
                         if (cacheAuth != null) {
                                 return cacheAuth.token;
                         } else {
                                 return null;
                         }
                 }
         }

◆ setCacheNonExpiringTokens()

void org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.setCacheNonExpiringTokens ( boolean cacheNonExpiringTokens )

inline

should non-expiring tokens be cached using the default cache timeout

引数

cacheNonExpiringTokens

                                                                               {
                 this.cacheNonExpiringTokens = cacheNonExpiringTokens;
         }

◆ setCacheTokens()

void org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.setCacheTokens ( boolean cacheTokens )

inline

Configure if the client should cache tokens locally or not

引数

cacheTokens

                                                         {
                 this.cacheTokens = cacheTokens;
         }

◆ setDefaultExpireTime()

void org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.setDefaultExpireTime ( int defaultExpireTime )

inline

set the default cache expire time in milliseconds

引数

defaultExpireTime

                                                                 {
                 this.defaultExpireTime = defaultExpireTime;
         }

◆ setForceCacheExpireTime()

void org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.setForceCacheExpireTime ( boolean forceCacheExpireTime )

inline

set forcing a cache expire time maximum value

引数

forceCacheExpireTime

                                                                           {
                 this.forceCacheExpireTime = forceCacheExpireTime;
         }

◆ setIntrospectionAuthorityGranter()

void org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.setIntrospectionAuthorityGranter ( IntrospectionAuthorityGranter introspectionAuthorityGranter )

inline

引数

introspectionAuthorityGranter the introspectionAuthorityGranter to set

                                                                                                                   {
                 this.introspectionAuthorityGranter = introspectionAuthorityGranter;
         }

◆ setIntrospectionConfigurationService()

void org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.setIntrospectionConfigurationService ( IntrospectionConfigurationService introspectionUrlProvider )

inline

引数

introspectionConfigurationService the introspectionConfigurationService to set

                                                                                                                      {
                 this.introspectionConfigurationService = introspectionUrlProvider;
         }

メンバ詳解

◆ authCache

Map<String, TokenCacheObject> org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.authCache = new HashMap<>()

private

◆ cacheNonExpiringTokens

boolean org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.cacheNonExpiringTokens = false

private

◆ cacheTokens

boolean org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.cacheTokens = true

private

◆ defaultExpireTime

int org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.defaultExpireTime = 300000

private

◆ factory

HttpComponentsClientHttpRequestFactory org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.factory

private

◆ forceCacheExpireTime

boolean org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.forceCacheExpireTime = false

private

◆ introspectionAuthorityGranter

IntrospectionAuthorityGranter org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.introspectionAuthorityGranter = new SimpleIntrospectionAuthorityGranter()

private

◆ introspectionConfigurationService

IntrospectionConfigurationService org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.introspectionConfigurationService

private

◆ logger

final Logger org.mitre.oauth2.introspectingfilter.IntrospectingTokenService.logger = LoggerFactory.getLogger(IntrospectingTokenService.class)

staticprivate

Logger for this class

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/mitreid-connect/src/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java

クラス

公開メンバ関数

非公開メンバ関数

非公開変数類

静的非公開変数類

詳解

構築子と解体子

◆ IntrospectingTokenService() [1/2]

◆ IntrospectingTokenService() [2/2]

関数詳解

◆ checkCache()

◆ createAccessToken()

◆ createStoredRequest()

◆ createUserAuthentication()

◆ getDefaultExpireTime()

◆ getIntrospectionAuthorityGranter()

◆ getIntrospectionConfigurationService()

◆ isCacheNonExpiringTokens()

◆ isCacheTokens()

◆ isForceCacheExpireTime()

◆ loadAuthentication()

◆ parseToken()

◆ readAccessToken()

◆ setCacheNonExpiringTokens()

◆ setCacheTokens()

◆ setDefaultExpireTime()

◆ setForceCacheExpireTime()

◆ setIntrospectionAuthorityGranter()

◆ setIntrospectionConfigurationService()

メンバ詳解

◆ authCache

◆ cacheNonExpiringTokens

◆ cacheTokens

◆ defaultExpireTime

◆ factory

◆ forceCacheExpireTime

◆ introspectionAuthorityGranter

◆ introspectionConfigurationService

◆ logger