org.apache.shindig.auth

Class AbstractSecurityToken

java.lang.Object

org.apache.shindig.auth.AbstractSecurityToken

All Implemented Interfaces:

SecurityToken

Direct Known Subclasses:

AnonymousSecurityToken, BasicSecurityToken, BlobCrypterSecurityToken

public abstract class AbstractSecurityToken
extends Object
implements SecurityToken

A base class for SecurityToken Implementations. Currently provides an isExpired() method and getters/setters for nearly every field of the token.

Since:

2.0.0

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	AbstractSecurityToken.Keys

Field Summary

Fields

Modifier and Type	Field and Description
static int	DEFAULT_MAX_TOKEN_TTL

Constructor Summary

Constructors

Constructor and Description
AbstractSecurityToken()

Method Summary

Methods

Modifier and Type	Method and Description
AbstractSecurityToken	enforceNotExpired()
String	getActiveUrl()
String	getAppId()
String	getAppUrl()
String	getContainer()
String	getDomain()
Long	getExpiresAt()
protected abstract EnumSet<AbstractSecurityToken.Keys>	getMapKeys() This method will govern the effectiveness of the protected toMap() and #loadFromMap(SecurityToken, Map) helper methods.
protected int	getMaxTokenTTL() Returns the maximum allowable time (in seconds) for this token to live.
long	getModuleId()
String	getOwnerId()
protected TimeSource	getTimeSource()
String	getTrustedJson()
String	getViewerId()
boolean	isExpired()
protected AbstractSecurityToken	loadFromMap(Map<String,String> map) A helper to help load known supported keys from a provided map.
protected AbstractSecurityToken	setActiveUrl(String activeUrl)
protected AbstractSecurityToken	setAppId(String appId)
protected AbstractSecurityToken	setAppUrl(String appUrl)
protected AbstractSecurityToken	setContainer(String container)
protected AbstractSecurityToken	setDomain(String domain)
protected AbstractSecurityToken	setExpires() Compute and set the expiration time for this token using the default TTL.
protected AbstractSecurityToken	setExpires(int tokenTTL) Compute and set the expiration time for this token using the provided TTL.
protected AbstractSecurityToken	setExpiresAt(Long expiresAt) Set the expiration time for this token.
protected AbstractSecurityToken	setModuleId(long moduleId)
protected AbstractSecurityToken	setOwnerId(String ownerId)
protected AbstractSecurityToken	setTimeSource(TimeSource timeSource) This method is mostly used for test code to test the expire methods.
protected AbstractSecurityToken	setTrustedJson(String trustedJson)
protected AbstractSecurityToken	setViewerId(String viewerId)
Map<String,String>	toMap() A Map representation of this SecurityToken.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.shindig.auth.SecurityToken

getAuthenticationMode, getUpdatedToken, isAnonymous

Field Detail

DEFAULT_MAX_TOKEN_TTL

public static final int DEFAULT_MAX_TOKEN_TTL

See Also:

Constant Field Values

Constructor Detail

AbstractSecurityToken

public AbstractSecurityToken()

Method Detail

setTimeSource

protected AbstractSecurityToken setTimeSource(TimeSource timeSource)

This method is mostly used for test code to test the expire methods.

Parameters:

timeSource - The new TimeSource for this token to use.

Returns:

This object.

getTimeSource

protected TimeSource getTimeSource()

getOwnerId

public String getOwnerId()

Specified by:

getOwnerId in interface SecurityToken

Returns:

the owner from the token, or null if there is none.

setOwnerId

protected AbstractSecurityToken setOwnerId(String ownerId)

getViewerId

public String getViewerId()

Specified by:

getViewerId in interface SecurityToken

Returns:

the viewer from the token, or null if there is none.

setViewerId

protected AbstractSecurityToken setViewerId(String viewerId)

getAppId

public String getAppId()

Specified by:

getAppId in interface SecurityToken

Returns:

the application id from the token, or null if there is none.

setAppId

protected AbstractSecurityToken setAppId(String appId)

getDomain

public String getDomain()

Specified by:

getDomain in interface SecurityToken

Returns:

the domain from the token, or null if there is none.

setDomain

protected AbstractSecurityToken setDomain(String domain)

getContainer

public String getContainer()

Specified by:

getContainer in interface SecurityToken

Returns:

The container.

setContainer

protected AbstractSecurityToken setContainer(String container)

getAppUrl

public String getAppUrl()

Specified by:

getAppUrl in interface SecurityToken

Returns:

the URL of the application

setAppUrl

protected AbstractSecurityToken setAppUrl(String appUrl)

getModuleId

public long getModuleId()

Specified by:

getModuleId in interface SecurityToken

Returns:

the module ID of the application

setModuleId

protected AbstractSecurityToken setModuleId(long moduleId)

getExpiresAt

public Long getExpiresAt()

Specified by:

getExpiresAt in interface SecurityToken

Returns:

The time in seconds since epoc that this token expires or null if unknown or indeterminate.

setExpires

protected AbstractSecurityToken setExpires()

Compute and set the expiration time for this token using the default TTL.

Returns:

This security token.

See Also:

setExpires(int)

setExpires

protected AbstractSecurityToken setExpires(int tokenTTL)

Compute and set the expiration time for this token using the provided TTL.

Parameters:

tokenTTL - the time to live (in seconds) of the token

Returns:

This security token.

setExpiresAt

protected AbstractSecurityToken setExpiresAt(Long expiresAt)

Set the expiration time for this token.

Parameters:

expiresAt - When this token expires, in seconds since epoch.

Returns:

This security token.

getTrustedJson

public String getTrustedJson()

Specified by:

getTrustedJson in interface SecurityToken

Returns:

a string formatted JSON object from the container, or null if there is no JSON from the container.

setTrustedJson

protected AbstractSecurityToken setTrustedJson(String trustedJson)

isExpired

public boolean isExpired()

Specified by:

isExpired in interface SecurityToken

Returns:

true if the token is no longer valid.

enforceNotExpired

public AbstractSecurityToken enforceNotExpired()
                                        throws BlobExpiredException

Throws:

BlobExpiredException

getActiveUrl

public String getActiveUrl()

Specified by:

getActiveUrl in interface SecurityToken

Returns:

the URL being used by the current request and null if not specified. The returned URL must contain at least protocol, host, and port. The returned URL may contain path or query parameters.

setActiveUrl

protected AbstractSecurityToken setActiveUrl(String activeUrl)

toMap

public Map<String,String> toMap()

A Map representation of this SecurityToken. Implementors that handle additional keys not contained in AbstractSecurityToken.Keys should override and supplement the functionality of this method.

Returns:

A map of serialized token values keyed according to AbstractSecurityToken.Keys.

See Also:

getMapKeys(), loadFromMap(Map)

getMaxTokenTTL

protected int getMaxTokenTTL()

Returns the maximum allowable time (in seconds) for this token to live. Override this method only if you are internal token that doesn't get serialized via SecurityTokenCodec.encodeToken(SecurityToken), e.g., OAuth state tokens. For all other cases, the SecurityTokenCodec will handle the time to live of the token.

Returns:

Maximum allowable time in seconds for a token to live.

See Also:

SecurityTokenCodec.getTokenTimeToLive(String)

loadFromMap

protected AbstractSecurityToken loadFromMap(Map<String,String> map)

A helper to help load known supported keys from a provided map.

Parameters:

map - The map of values.

See Also:

getMapKeys(), toMap()

getMapKeys

protected abstract EnumSet<AbstractSecurityToken.Keys> getMapKeys()

This method will govern the effectiveness of the protected toMap() and #loadFromMap(SecurityToken, Map) helper methods.

If your implementation throws an exception on any of the get methods, you should not include the associated key here, and those values should be handled in an overridden implementation of toMap() if they might contain useful information.

Returns:

An EnumSet of the Enums supported by the implementation of this AbstractSecurityToken.