AccessToken.java revision a093731116a8c24d49b903df7602cf586e499b45
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk/*
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * The contents of this file are subject to the terms of the Common Development and
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * Distribution License (the License). You may not use this file except in compliance with the
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * License.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk *
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * specific language governing permission and limitations under the License.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk *
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * When distributing Covered Software, include this CDDL Header Notice in each file and include
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * Header, with the fields enclosed by brackets [] replaced by your own identifying
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * information: "Portions copyright [year] [name of copyright owner]".
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk *
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * Copyright 2014-2015 ForgeRock AS.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk */
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenkpackage org.forgerock.oauth2.core;
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenkimport org.forgerock.json.fluent.JsonValue;
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenkimport org.forgerock.oauth2.core.OAuth2Constants;
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenkimport org.forgerock.oauth2.core.exceptions.InvalidGrantException;
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenkimport java.util.Collections;
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenkimport java.util.HashMap;
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenkimport java.util.Map;
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenkimport java.util.Set;
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenkimport static org.forgerock.oauth2.core.Utils.isEmpty;
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk/**
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * Models a OAuth2 access token.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk *
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * @since 12.0.0
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk */
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenkpublic class AccessToken extends JsonValue implements IntrospectableToken, Token {
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk private Map<String, Object> extraData = new HashMap<String, Object>();
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk /**
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * Constructs a new AccessToken backed with the data in the specified JsonValue.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk *
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * @param token The JsonValue of the token.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * @throws InvalidGrantException If the given token is not an Access Token.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk */
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk public AccessToken(JsonValue token) throws InvalidGrantException {
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk super(token);
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk validateTokenName(getTokenName(), getTokenId());
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk }
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk /**
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * Constructs a new AccessToken backed with the data in the specified JsonValue.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk *
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * @param token The JsonValue of the token.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * @param tokenName The token name.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * @param tokenId The token identifier.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * @throws InvalidGrantException If the given token is not an Access Token.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk */
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk public AccessToken(JsonValue token, String tokenName, String tokenId) throws InvalidGrantException {
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk super(token);
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk validateTokenName(tokenName, tokenId);
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk }
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk /**
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * Constructs a new AccessToken.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk *
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * @param id The token id.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * @param authorizationCode The authorization code.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * @param resourceOwnerId The resource owner's id.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * @param clientId The client's id.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * @param redirectUri The redirect uri.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * @param scope The scope.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * @param expiryTime The expiry time.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * @param refreshTokenId The refresh token id.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * @param tokenName The token name.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * @param grantType The grant type.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * @param nonce The nonce.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk */
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk public AccessToken(String id, String authorizationCode, String resourceOwnerId, String clientId, String redirectUri,
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk Set<String> scope, long expiryTime, String refreshTokenId, String tokenName, String grantType,
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk String nonce) {
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk super(new HashMap<String, Object>());
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk setId(id);
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk setAuthorizationCode(authorizationCode);
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk setResourceOwnerId(resourceOwnerId);
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk setClientId(clientId);
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk setRedirectUri(redirectUri);
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk setScope(scope);
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk setExpiryTime(expiryTime);
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk if (!Utils.isEmpty(refreshTokenId)) {
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk setRefreshTokenId(refreshTokenId);
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk }
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk setTokenType("Bearer");
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk setTokenName(tokenName);
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk setGrantType(grantType);
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk setNonce(nonce);
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk }
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk /**
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * Sets the token id.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk *
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * @param id The token id.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk */
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk protected void setId(String id) {
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk put(OAuth2Constants.CoreTokenParams.ID, id);
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk }
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk /**
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * Sets the authorization code.
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk *
4b8d88eb610aa1e0bb6ec632f792744b3d6b5f22jeff.schenk * @param authorizationCode The authorization code.
*/
protected void setAuthorizationCode(String authorizationCode) {
put(OAuth2Constants.CoreTokenParams.PARENT, authorizationCode);
}
/**
* Sets the resource owner's id.
*
* @param resourceOwnerId The resource owner's id.
*/
protected void setResourceOwnerId(String resourceOwnerId) {
put(OAuth2Constants.CoreTokenParams.USERNAME, resourceOwnerId);
}
/**
* Sets the client's id.
*
* @param clientId The client's id.
*/
protected void setClientId(String clientId) {
put(OAuth2Constants.CoreTokenParams.CLIENT_ID, clientId);
}
/**
* Sets the redirect uri.
*
* @param redirectUri The redirect uri.
*/
protected void setRedirectUri(String redirectUri) {
put(OAuth2Constants.CoreTokenParams.REDIRECT_URI, redirectUri);
}
/**
* Sets the scope.
*
* @param scope The scope.
*/
protected void setScope(Set<String> scope) {
put(OAuth2Constants.CoreTokenParams.SCOPE, scope);
}
/**
* Sets the expiry time.
*
* @param expiryTime The expiry time.
*/
protected void setExpiryTime(long expiryTime) {
put(OAuth2Constants.CoreTokenParams.EXPIRE_TIME, expiryTime);
}
/**
* Sets the refresh token id.
*
* @param refreshTokenId The refresh token id.
*/
protected void setRefreshTokenId(String refreshTokenId) {
put(OAuth2Constants.CoreTokenParams.REFRESH_TOKEN, refreshTokenId);
}
/**
* Sets the token type.
*
* @param tokenType The token type.
*/
protected void setTokenType(String tokenType) {
put(OAuth2Constants.CoreTokenParams.TOKEN_TYPE, tokenType);
}
/**
* Sets the token name.
*
* @param tokenName The token name.
*/
protected void setTokenName(String tokenName) {
put(OAuth2Constants.CoreTokenParams.TOKEN_NAME, tokenName);
}
/**
* Sets the grant type.
*
* @param grantType The grant type.
*/
protected void setGrantType(String grantType) {
put(OAuth2Constants.Params.GRANT_TYPE, grantType);
}
/**
* Sets the nonce.
*
* @param nonce The nonce.
*/
protected void setNonce(String nonce) {
put(OAuth2Constants.Custom.NONCE, nonce);
}
/**
* Gets the scope.
*
* @return The scope.
*/
public Set<String> getScope() {
final Set<String> scope = (Set<String>) get(OAuth2Constants.CoreTokenParams.SCOPE).getObject();
if (!Utils.isEmpty(scope)) {
return scope;
}
return Collections.emptySet();
}
/**
* Gets the client's id.
*
* @return The client's id.
*/
public String getClientId() {
if (isDefined(OAuth2Constants.CoreTokenParams.CLIENT_ID)) {
return get(OAuth2Constants.CoreTokenParams.CLIENT_ID).asString();
}
return null;
}
/**
* Gets the nonce.
*
* @return The nonce.
*/
public String getNonce() {
if (isDefined(OAuth2Constants.Custom.NONCE)) {
return get(OAuth2Constants.Custom.NONCE).asString();
}
return null;
}
/**
* Gets the session id used to create the authorisation code
*
* @return The session id.
*/
public String getSessionId() {
return (String) extraData.get(OAuth2Constants.Custom.SSO_TOKEN_ID);
}
/**
* Gets the resource owner's id.
*
* @return The resource owner's id.
*/
public String getResourceOwnerId() {
if (isDefined(OAuth2Constants.CoreTokenParams.USERNAME)) {
return get(OAuth2Constants.CoreTokenParams.USERNAME).asString();
}
return null;
}
/**
* {@inheritDoc}
*/
public String getTokenId() {
if (isDefined(OAuth2Constants.Params.ID)) {
return get(OAuth2Constants.Params.ID).asString();
}
return null;
}
/**
* {@inheritDoc}
*/
public String getTokenName() {
if (isDefined(OAuth2Constants.CoreTokenParams.TOKEN_NAME)) {
return get(OAuth2Constants.CoreTokenParams.TOKEN_NAME).asString();
}
return null;
}
/**
* Determines if the Access Token is expired.
*
* @return {@code true} if current time is greater than the expiry time.
*/
public boolean isExpired() {
return System.currentTimeMillis() > getExpiryTime();
}
/**
* {@inheritDoc}
*/
@Override
public String getRealm() {
return getStringProperty(OAuth2Constants.Params.REALM);
}
/**
* Gets the expiry time.
*
* @return The Expiry time.
*/
public long getExpiryTime() {
if (isDefined(OAuth2Constants.CoreTokenParams.EXPIRE_TIME)) {
return get(OAuth2Constants.CoreTokenParams.EXPIRE_TIME).asLong();
}
return 0;
}
/**
* Gets the token type.
*
* @return The token type.
*/
public String getTokenType() {
if (isDefined(OAuth2Constants.CoreTokenParams.TOKEN_TYPE)) {
return get(OAuth2Constants.CoreTokenParams.TOKEN_TYPE).asString();
}
return null;
}
/**
* Gets the grant type.
*
* @return The grant type.
*/
public String getGrantType() {
if (isDefined(OAuth2Constants.Params.GRANT_TYPE)) {
return get(OAuth2Constants.Params.GRANT_TYPE).asString();
}
return null;
}
/**
* Get a string property from the store.
* @param key The property key.
* @return The value.
*/
protected String getStringProperty(String key) {
if (isDefined(key)) {
return get(key).asString();
}
return null;
}
/**
* Gets the display String for the given String.
*
* @param s The String.
* @return The display String.
*/
protected String getResourceString(String s) {
return s;
}
/**
* {@inheritDoc}
*/
public Map<String, Object> toMap() {
final Map<String, Object> tokenMap = new HashMap<String, Object>();
tokenMap.put(getResourceString(OAuth2Constants.Params.ACCESS_TOKEN), getTokenId());
tokenMap.put(getResourceString(OAuth2Constants.CoreTokenParams.TOKEN_TYPE), getTokenType());
tokenMap.put(getResourceString(OAuth2Constants.CoreTokenParams.EXPIRE_TIME),
(getExpiryTime() - System.currentTimeMillis()) / 1000);
tokenMap.putAll(extraData);
return tokenMap;
}
/**
* {@inheritDoc}
*/
public Map<String, Object> getTokenInfo() {
Map<String, Object> tokenInfo = new HashMap<String, Object>();
tokenInfo.put(getResourceString(OAuth2Constants.CoreTokenParams.ID), getTokenId());
tokenInfo.put(getResourceString(OAuth2Constants.CoreTokenParams.TOKEN_TYPE), getTokenType());
tokenInfo.put(getResourceString(OAuth2Constants.CoreTokenParams.EXPIRE_TIME),
(getExpiryTime() - System.currentTimeMillis())/1000);
tokenInfo.put(getResourceString(OAuth2Constants.CoreTokenParams.SCOPE), getScope());
tokenInfo.put(getResourceString(OAuth2Constants.Params.GRANT_TYPE), getGrantType());
return tokenInfo;
}
/**
* <p>Adds additional data to the Access Token.</p>
*
* <p>If the value is {@code null} then this method will ensure that the key is not present in the map.</p>
*
* @param key The key.
* @param value The value.
*/
public void addExtraData(String key, String value) {
if (value != null) {
extraData.put(key, value);
} else {
extraData.remove(key);
}
}
private void validateTokenName(String tokenName, String tokenId) throws InvalidGrantException {
if (!OAuth2Constants.Token.OAUTH_ACCESS_TOKEN.equals(tokenName)) {
throw new InvalidGrantException("Token is not an access token: " + tokenId);
}
}
}