gr.iccs.isense.circ4life.rest.resources

Class AccessControlManager.AccessTokens

java.lang.Object

gr.iccs.isense.circ4life.rest.resources.AccessControlManager.AccessTokens

Enclosing class:

AccessControlManager

public static final class AccessControlManager.AccessTokens
extends Object

Encapsulation of Access and Refresh tokens.

Constructor Summary

Constructors

Constructor and Description
AccessTokens(String accessToken, String refreshToken) Constructor.

Method Summary

Modifier and Type	Method and Description
void	clearTokens() Clear the tokens in this object.
javax.json.JsonObject	decodeToken(String token) Decode token String to a JSON object.
String	getAccessToken()
String	getRefreshToken()
boolean	isTokenExpired() This implementation is taken from the Javascript Keycloak client adapter, function isTokenExpired.
boolean	isTokenValid()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AccessTokens

public AccessTokens(String accessToken,
                    String refreshToken)
             throws NullPointerException,
                    IllegalArgumentException

Constructor.

Parameters:

accessToken - Access Control Manager access token.

refreshToken - Access Control Manager refresh token.

Throws:

NullPointerException - if the accessToken is malformed.

IllegalArgumentException - if the accessToken contains expired data.

Method Detail

decodeToken

public javax.json.JsonObject decodeToken(String token)

Decode token String to a JSON object. Taken from Keycloak Javascript adapter:

 function decodeToken(str) {
     str = str.split('.')[1];
     str = str.replace('/-/g', '+');
     str = str.replace('/_/g', '/');
     switch(str.length % 4) {
         case 0: break;
         case 2: str += '=='; break;
         case 3: str += '='; break;
         default: throw 'Invalid token';
     }
     str = (str + '===').slice(0, str.length + (str.length % 4));
     str = str.replace(/-/g, '+').replace(/_/g, '/');
     str = decodeURIComponent(escape(atob(str)));
     str = JSON.parse(str);
     return str;
 }
 

Parameters:

token - the token String to decode.

Returns:

the decoded JSON object, or null on failure.

getAccessToken

public String getAccessToken()

Returns:

the Access Control Manager access token.

getRefreshToken

public String getRefreshToken()

Returns:

the Access Control Manager refresh token.

isTokenExpired

public boolean isTokenExpired()

This implementation is taken from the Javascript Keycloak client adapter, function isTokenExpired. The main logic is the following: When the access token is received after a successful authentication, save the current local time. Calculate time difference between server and client from the local time and server's response JSON property 'iat'. To check the validity of tokens at any time, use the current time and compare it with the value of the first step. Take into consideration time difference between server and client, plus an optional small minimum validity value. From the OpenID Connect Specification: https://openid.net/specs/openid-connect-core-1_0.html 1) The current time MUST be before the time represented by the exp Claim. 2) The time skew calculated from iat Claim should be small.

Returns:

true if token has expired, false otherwise.

isTokenValid

public boolean isTokenValid()

Returns:

true if tokens can be successfully decoded, false otherwise.

clearTokens

public void clearTokens()

Clear the tokens in this object. This should be performed after an error response of the Access Control Manager or a refresh.