All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.sap.cloud.security.comp.XsuaaTokenComp Maven / Gradle / Ivy

There is a newer version: 3.5.4
Show newest version
/**
 * SPDX-FileCopyrightText: 2018-2023 SAP SE or an SAP affiliate company and Cloud Security Client Java contributors
 * 

* SPDX-License-Identifier: Apache-2.0 */ package com.sap.cloud.security.comp; import com.sap.cloud.security.config.Service; import com.sap.cloud.security.token.AccessToken; import com.sap.cloud.security.token.Token; import com.sap.cloud.security.token.TokenClaims; import org.springframework.security.core.GrantedAuthority; import java.time.Instant; import java.util.Collection; import java.util.Date; import java.util.List; import static com.sap.cloud.security.token.TokenClaims.XSUAA.EXTERNAL_ATTRIBUTE; import static com.sap.cloud.security.token.TokenClaims.XSUAA.EXTERNAL_ATTRIBUTE_ZDN; /** * Decorates a {@code Token} issued by xsuaa to provide compatibility methods * for spring-xsuaa's {@code Token} interface. * * @deprecated use methods exposed by the {@link Token} interface. */ @Deprecated public class XsuaaTokenComp implements com.sap.cloud.security.xsuaa.token.Token { private final AccessToken token; private XsuaaTokenComp(final Token token) { this.token = (AccessToken) token; } /** * Creates an instance. * * @param token * a token issued by xsuaa * @deprecated use methods exposed by the {@link Token} interface. */ @Deprecated public static XsuaaTokenComp createInstance(final Token token) { if (Service.XSUAA.equals(token.getService())) { return new XsuaaTokenComp(token); } throw new IllegalArgumentException("The token is not issued by xsuaa service"); } /** * Creates an instance. * * @param jwtToken * the encoded access token, e.g. from the {@code Authorization} * header. * @deprecated use methods exposed by the {@link Token} interface. */ @Deprecated public static XsuaaTokenComp createInstance(final String jwtToken) { Token aToken = Token.create(jwtToken); if (Service.XSUAA.equals(aToken.getService())) { return new XsuaaTokenComp(aToken); } throw new IllegalArgumentException("The token is not issued by xsuaa service"); } /** * Return subaccount identifier which is in most cases same like the identity * zone. DO only use this for metering purposes. DO NOT longer use this method * to get the unique tenant id! For that use {@link #getZoneId()}. * * @return the subaccount identifier. * @deprecated use {@link AccessToken#getSubaccountId()} instead. */ @Deprecated public String getSubaccountId() { return token.getSubaccountId(); } /** * Return zone identifier which should be used as tenant discriminator (tenant * id). For most of the old subaccounts this matches the id returned by * {@link #getSubaccountId()}. * * @return the zone identifier. * @deprecated use {@link Token#getZoneId()} instead. */ @Deprecated public String getZoneId() { return token.getZoneId(); } /** * Returns the subdomain of the calling tenant's subaccount. * * @return the subdomain of the tenant the JWT belongs to. * @deprecated use {@link Token#getAttributeFromClaimAsString(String, String)} * instead */ @Deprecated public String getSubdomain() { return token.getAttributeFromClaimAsString(EXTERNAL_ATTRIBUTE, EXTERNAL_ATTRIBUTE_ZDN); } /** * Returns the OAuth2 client identifier of the authentication token if present. * Following OpenID Connect 1.0 standard specifications, client identifier is * obtained from "azp" claim if present or when "azp" is not present from "aud" * claim, but only in case there is one audience. * * @return the OAuth client ID. * @deprecated use {@link Token#getClientId()} instead. */ @Deprecated public String getClientId() { return token.getClientId(); } /** * Returns the OAuth2.0 grant type used for retrieving / creating this token. * * @return the grant type * @deprecated use {@link Token#getGrantType()} instead. */ @Deprecated public String getGrantType() { return token.getGrantType().toString(); } /** * Returns a unique user name of a user ({@code user_name} claim), using * information from the JWT. For tokens that were issued as a result of a client * credentials flow, the OAuth client ID will be returned in a special format. * The following information is required to uniquely identify a user:
* *

    *
  • user login name: name of the user in an identity provider, * provided by this method. *
  • origin: alias to an identity provider, see {@link #getOrigin()}. *
  • zone id: identifier for the zone, see {@link #getZoneId()}. *
* * @return unique principal name or null if it can not be determined. * @deprecated use {@link Token#getClaimAsString(String)} instead. */ @Deprecated public String getLogonName() { return token.getClaimAsString("user_name"); } /** * Returns the given name of the user if present. Will try to find it first in * the {@code ext_attr.given_name} claim before trying to find a * {@code given_name} claim. * * @return the given name if present. * @deprecated use {@link Token#getClaimAsString(String)} instead */ @Deprecated public String getGivenName() { return token.getClaimAsString(TokenClaims.GIVEN_NAME); } /** * Returns the family name of the user if present. Will try to find it first in * the {@code ext_attr.family_name} claim before trying to find a * {@code family_name} claim. * * @return the family name if present. * @deprecated use {@link Token#getClaimAsString(String)} instead */ @Deprecated public String getFamilyName() { return token.getClaimAsString(TokenClaims.FAMILY_NAME); } /** * Returns the email address of the user, if present. * * @return The email address if present. * @deprecated use {@link Token#getClaimAsString(String)} instead */ @Deprecated public String getEmail() { return token.getClaimAsString(TokenClaims.EMAIL); } /** * Returns the user origin. The origin is an alias that refers to a user store * in which the user is persisted. For example, users that are authenticated by * the UAA itself with a username / password combination have their origin set * to the value "uaa". *

* May be null in case this JWT was not created with OAuth 2.0 client * credentials flow. * * @return the user origin if present. * @deprecated use {@link Token#getClaimAsString(String)} instead */ @Deprecated public String getOrigin() { return token.getClaimAsString(TokenClaims.XSUAA.ORIGIN); } /** * Returns the value of an attribute from the 'xs.user.attributes' claim. * * @param attributeName * name of the attribute inside 'xs.user.attributes'. * @return the attribute values array or null if there exists no such attribute. * @deprecated use * {@link Token#getAttributeFromClaimAsStringList(String, String)} * (String)} instead */ @Deprecated public String[] getXSUserAttribute(String attributeName) { List claims = token.getAttributeFromClaimAsStringList(TokenClaims.XSUAA.XS_USER_ATTRIBUTES, attributeName); return claims.isEmpty() ? null : claims.toArray(new String[0]); } /** * Additional custom authentication attributes included by the OAuth client * component. Note: this is data controlled by the requester of a token. Might * be not trustworthy. * * @param attributeName * name of the authentication attribute * @return additional attribute value if present. * @deprecated use {@link Token#getAttributeFromClaimAsString(String, String)} * instead */ @Deprecated public String getAdditionalAuthAttribute(String attributeName) { return token.getAttributeFromClaimAsString("az_attr", attributeName); } /** * Returns the XSUAA clone instance ID, if present. This will only be set for * tokens that were issued by an XSUAA with plan broker. Contains the service * instance id if present. * * @return the XSUAA clone service instance id if present. * @deprecated use {@link Token#getAttributeFromClaimAsString(String, String)} * instead */ @Deprecated public String getCloneServiceInstanceId() { return token.getAttributeFromClaimAsString(TokenClaims.XSUAA.EXTERNAL_ATTRIBUTE, "serviceinstanceid"); } /** * Get the encoded authentication token, e.g. for token forwarding to another * app. *

* Never expose this token via log or via HTTP. * * @return token * @deprecated use {@link Token#getTokenValue()} instead */ @Deprecated public String getAppToken() { return token.getTokenValue(); } /** * Returns list of scopes with appId prefix, e.g. "<my-app!t123>.Display". * * @return all scopes * @deprecated use {@link Token#getClaimAsStringList(String)} instead */ @Deprecated public Collection getScopes() { return token.getClaimAsStringList(TokenClaims.XSUAA.SCOPES); } /** * @throws UnsupportedOperationException * in any case */ @Override @Deprecated public Collection getAuthorities() { throw new UnsupportedOperationException( "does not support methods from org.springframework.security.core.userdetails.UserDetails interface"); } /** * @throws UnsupportedOperationException * in any case */ @Override @Deprecated public String getPassword() { throw new UnsupportedOperationException( "does not support methods from org.springframework.security.core.userdetails.UserDetails interface"); } /** * Returns the moment in time when the token is expired. * * @return the expiration point in time if present. * @deprecated use {@link Token#getExpiration()} instead */ @Deprecated public Instant getExpiration() { return token.getExpiration(); } /** * Returns the moment in time when the token is expired. * * @return the expiration point in time if present. * @deprecated use {@link Token#getExpiration()} instead */ @Deprecated public Date getExpirationDate() { return token.getExpiration() != null ? Date.from(token.getExpiration()) : null; } /** * Returns the username used to authenticate the user. See * {@code import org.springframework.security.core.userdetails.UserDetails#getUsername()} * * @return the username * @deprecated use {@link Token#getPrincipal()}{@code .getName()} instead */ @Deprecated public String getUsername() { return token.getPrincipal().getName(); } @Override @Deprecated public boolean isAccountNonExpired() { return true; } @Override @Deprecated public boolean isAccountNonLocked() { return true; } @Override @Deprecated public boolean isCredentialsNonExpired() { return true; } @Override @Deprecated public boolean isEnabled() { return true; } /** * Returns the user name for token. * * @return the user name. * @deprecated use {@link Token#getPrincipal()}{@code .getName()} instead */ @Deprecated public String toString() { return getUsername(); } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy