public class ResourcePrincipalsV3FederationClient extends AbstractFederationClient
This class gets a security token from the auth service by fetching the RPST1 and then passing along the RPST1 to get RPT2 and further get security token RPST2 from the auth service, this nested fetching of security token continues for 10 levels or when the opc-parent-url header in the rpt response is the same as the rpt endpoint
additionalClientConfigurator, circuitBreaker, federationClient, resourcePrincipalTokenClient, sessionKeySupplier| Constructor and Description |
|---|
ResourcePrincipalsV3FederationClient(String resourcePrincipalTokenUrl,
String resourcePrincipalSessionTokenEndpoint,
SessionKeySupplier sessionKeySupplier,
ResourcePrincipalAuthenticationDetailsProvider leafAuthDetailsProvider,
ClientConfigurator clientConfigurator,
CircuitBreakerConfiguration circuitBreakerConfiguration)
Constructor of ResourcePrincipalsFederationClient.
|
| Modifier and Type | Method and Description |
|---|---|
String |
getSecurityToken()
Gets a security token from the federation endpoint.
|
protected SecurityTokenAdapter |
getSecurityTokenFromServer()
Gets a security token from the federation server
|
protected SecurityTokenAdapter |
getSecurityTokenFromServerInner(RSAPublicKey publicKey,
int depth,
String lastResourcePrincipalTokenUrl,
com.oracle.bmc.http.client.HttpClient resourcePrincipalTokenClient,
com.oracle.bmc.http.client.HttpClient federationClient) |
protected ClientCall<?,com.oracle.bmc.auth.internal.GetResourcePrincipalTokenResponse.ResponseWrapper,?> |
prepareRptCall(com.oracle.bmc.http.client.HttpClient resourcePrincipalTokenClient) |
String |
refreshAndGetSecurityTokenIfExpiringWithin(Duration time)
Gets a security token from the federation endpoint if the security token expires within the
provided duration.
|
String |
refreshAndGetSecurityTokenIfExpiringWithin(Duration time,
boolean refreshKeys)
Gets a security token from the federation endpoint if the security token expires within the
provided duration and allows to enable/disable refresh of keys.
|
protected SecurityTokenAdapter |
requestSessionToken(com.oracle.bmc.http.client.HttpClient federationClient,
GetResourcePrincipalSessionTokenRequest getResourcePrincipalSessionTokenRequest) |
getSecurityTokenAdapter, getStringClaim, makeClient, prepareRptCall, refreshAndGetSecurityToken, refreshAndGetSecurityTokenInner, requestSessionTokenpublic ResourcePrincipalsV3FederationClient(String resourcePrincipalTokenUrl, String resourcePrincipalSessionTokenEndpoint, SessionKeySupplier sessionKeySupplier, ResourcePrincipalAuthenticationDetailsProvider leafAuthDetailsProvider, ClientConfigurator clientConfigurator, CircuitBreakerConfiguration circuitBreakerConfiguration)
Constructor of ResourcePrincipalsFederationClient.
resourcePrincipalTokenUrl - the direct url that can provide the resource principal
token.resourcePrincipalSessionTokenEndpoint - the endpoint that can provide the resource
principal session token.sessionKeySupplier - the session key supplier.leafAuthDetailsProvider - the auth provider for leaf resourceclientConfigurator - the rest client configurator.circuitBreakerConfiguration - the rest client circuit breaker configuration.public String getSecurityToken()
Gets a security token from the federation endpoint. May use a cached token if it judged to still be valid.
getSecurityToken in interface FederationClientgetSecurityToken in class AbstractFederationClientpublic String refreshAndGetSecurityTokenIfExpiringWithin(Duration time, boolean refreshKeys)
Gets a security token from the federation endpoint if the security token expires within the provided duration and allows to enable/disable refresh of keys. This will always retrieve a new token from the federation endpoint and does not use a cached token.
refreshAndGetSecurityTokenIfExpiringWithin in interface ProvidesConfigurableRefreshrefreshAndGetSecurityTokenIfExpiringWithin in class AbstractFederationClienttime - the duration to checkrefreshKeys - boolean value to enable/disable refresh of keyspublic String refreshAndGetSecurityTokenIfExpiringWithin(Duration time)
Gets a security token from the federation endpoint if the security token expires within the provided duration. This will always retrieve a new token from the federation endpoint and does not use a cached token.
refreshAndGetSecurityTokenIfExpiringWithin in interface ProvidesConfigurableRefreshrefreshAndGetSecurityTokenIfExpiringWithin in class AbstractFederationClienttime - the duration to checkprotected SecurityTokenAdapter getSecurityTokenFromServer()
Gets a security token from the federation server
getSecurityTokenFromServer in class AbstractFederationClientprotected SecurityTokenAdapter getSecurityTokenFromServerInner(RSAPublicKey publicKey, int depth, String lastResourcePrincipalTokenUrl, com.oracle.bmc.http.client.HttpClient resourcePrincipalTokenClient, com.oracle.bmc.http.client.HttpClient federationClient)
protected ClientCall<?,com.oracle.bmc.auth.internal.GetResourcePrincipalTokenResponse.ResponseWrapper,?> prepareRptCall(com.oracle.bmc.http.client.HttpClient resourcePrincipalTokenClient)
protected SecurityTokenAdapter requestSessionToken(com.oracle.bmc.http.client.HttpClient federationClient, GetResourcePrincipalSessionTokenRequest getResourcePrincipalSessionTokenRequest)
Copyright © 2016–2024. All rights reserved.