org.picketlink.idm.credential.Token Maven / Gradle / Ivy
package org.picketlink.idm.credential;
import org.picketlink.idm.IdentityManagementException;
import org.picketlink.idm.model.Account;
import org.picketlink.idm.model.IdentityType;
import org.picketlink.idm.model.annotation.StereotypeProperty;
import java.lang.reflect.Constructor;
import static org.picketlink.common.reflection.Reflections.classForName;
import static org.picketlink.common.reflection.Reflections.findDeclaredConstructor;
/**
* Represents a token credential.
*
* Basically, a token is a self-contained repository for identities and claims for a particular subject.
*
*
Each token type has its own {@link org.picketlink.idm.credential.Token.Provider} and {@link org.picketlink.idm.credential.Token.Consumer}.
* The first is responsible for manage a specific token type (eg.: issue, renew, invalidate, etc). The latter is responsible for
* consume a specific token type, providing to clients all the necessary code to properly handle a specific token type.
*
* @author Pedro Igor
*
* @see org.picketlink.idm.credential.Token.Provider
* @see org.picketlink.idm.credential.Token.Consumer
* @see org.picketlink.idm.credential.TokenCredential
* @see org.picketlink.idm.credential.handler.TokenCredentialHandler
*/
public interface Token {
/**
* Returns the type of the token.
*
* @return
*/
String getType();
/**
* Returns the subject identifier. The identifier usually represents a unique and never reassigned identifier within the
* Issuer for the End-User. Which is intended to be consumed by the Client.
*
* @return
*/
String getSubject();
/**
* Returns the string representation of a token.
*
* @return
*/
String getToken();
/**
*
* Token providers are responsible to provide some importantant management operations for a specific {@link Token} type.
*
*
* @author Pedor Igor
*/
public interface Provider {
/**
* Issues a new token for the given {@link org.picketlink.idm.model.Account}.
*
* @param account
* @return
*/
T issue(Account account);
/**
*
* Renew a token based on the current token in use.
*
*
* @param renewToken
* @return
*/
T renew(Account account, T renewToken);
/**
* Invalidates the current token for the given {@link org.picketlink.idm.model.Account}.
*
* @param account
*/
void invalidate(Account account);
/**
* Returns the {@link org.picketlink.idm.credential.Token} type supported by this provider.
*
* @return
*/
Class getTokenType();
}
/**
*
* Token consumers are responsible to provide all the necessary support to consume information from a specific {@link org.picketlink.idm.credential.Token}.
*
*
* @author Pedor Igor
*/
public interface Consumer {
/**
* Extracts a certain {@link org.picketlink.idm.model.IdentityType} considering the information from the given {@link Token}.
*
* Usually, a token contains a set of claims which can be mapped to the identity types supported by PicketLink {@link org.picketlink.idm.model.annotation.IdentityStereotype.Stereotype}.
* Each stereotype has a set of common properties that can be used to identify them. In this case, the {@link org.picketlink.idm.model.annotation.StereotypeProperty.Property} should be
* used to tell which property of the given identity type should be populated with the identifier value if there is any claim in the token representing it.
*
* @param token The token.
* @param identityType The type of the identity type that should be created based on the claims of a token.
* @param stereotypeProperty The stereotype property used to identify and populate the identity type instance from the token claims.
* @param identifier The value of the identifier used to match the existence of a identity type based on the token claims set.
* @return An identity type instance of there is any claim from the token referencing it. Otherwise this method returns null.
*/
I extractIdentity(T token, Class identityType, StereotypeProperty.Property stereotypeProperty, Object identifier);
/**
*
* Validates a token.
*
*
* @param token
* @return
*/
boolean validate(T token);
/**
* Returns the {@link org.picketlink.idm.credential.Token} type supported by this consumer.
*
* @return
*/
Class getTokenType();
}
public static class Builder {
/**
* Creates a {@link org.picketlink.idm.credential.Token} instance from the given {@link org.picketlink.idm.credential.storage.TokenCredentialStorage}.
*
* @return
* @throws org.picketlink.idm.IdentityManagementException
*/
public static Token create(String tokenType, String tokenValue) throws IdentityManagementException {
try {
Class tokenClazz = classForName(tokenType);
Constructor expectedConstructor = (Constructor) findDeclaredConstructor(tokenClazz, String.class);
if (expectedConstructor == null) {
throw new IdentityManagementException("Token type [" + tokenClazz.getName() + "] must provide a constructor that accepts a String.");
}
return expectedConstructor.newInstance(tokenValue);
} catch (ClassCastException cce) {
throw new IdentityManagementException("Wrong Token type [" + tokenType + "]. It must be a subclass of [" + Token.class.getName() + "].", cce);
} catch (ClassNotFoundException cnfe) {
throw new IdentityManagementException("Token type not found [" + tokenType + "].", cnfe);
} catch (Exception e) {
throw new IdentityManagementException("Could not create Token type [" + tokenType + "].", e);
}
}
}
}