Package org.yamcs.http.auth
Class TokenStore
java.lang.Object
com.google.common.util.concurrent.AbstractService
org.yamcs.http.AbstractHttpService
org.yamcs.http.auth.TokenStore
- All Implemented Interfaces:
com.google.common.util.concurrent.Service
,SessionListener
Store capable of generating a chain of refresh tokens. When a token is exchanged for a new token, the old token
remains valid for a limited lifetime. This property is useful do deal with a burst of identical refresh requests.
This class maintains a cache from a JWT bearer token to the original authentication info. This allows skipping the login process as long as the bearer is valid.
-
Nested Class Summary
Nested classes/interfaces inherited from interface com.google.common.util.concurrent.Service
com.google.common.util.concurrent.Service.Listener, com.google.common.util.concurrent.Service.State
-
Field Summary
Fields inherited from class org.yamcs.http.AbstractHttpService
log
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected void
doStart()
protected void
doStop()
void
forgetUser
(String username) generateRefreshToken
(UserSession session) void
init
(HttpServer httpServer) void
onCreated
(UserSession session) void
onExpired
(UserSession session) void
onInvalidated
(UserSession session) void
registerAccessToken
(String accessToken, AuthenticationInfo authenticationInfo) void
revokeAccessToken
(String accessToken) void
revokeRefreshToken
(String refreshToken) verifyAccessToken
(String accessToken) org.yamcs.http.auth.TokenStore.RefreshResult
verifyRefreshToken
(String refreshToken) Validate the provided refresh token, and exchange it for a new one.Methods inherited from class com.google.common.util.concurrent.AbstractService
addListener, awaitRunning, awaitRunning, awaitRunning, awaitTerminated, awaitTerminated, awaitTerminated, doCancelStart, failureCause, isRunning, notifyFailed, notifyStarted, notifyStopped, startAsync, state, stopAsync, toString
-
Constructor Details
-
TokenStore
public TokenStore()
-
-
Method Details
-
init
- Specified by:
init
in classAbstractHttpService
- Throws:
InitException
-
doStart
protected void doStart()- Specified by:
doStart
in classcom.google.common.util.concurrent.AbstractService
-
doStop
protected void doStop()- Specified by:
doStop
in classcom.google.common.util.concurrent.AbstractService
-
registerAccessToken
-
revokeAccessToken
-
verifyAccessToken
- Throws:
UnauthorizedException
-
forgetUser
-
generateRefreshToken
-
verifyRefreshToken
Validate the provided refresh token, and exchange it for a new one. The provided refresh token is invalidated, and will stop working after a certain time.Attempts to exchange a previously exchanged token will always return the same result, as long as it has not expired yet.
- Returns:
- a new refresh token, or null if the token could not be exchanged.
-
revokeRefreshToken
-
onCreated
- Specified by:
onCreated
in interfaceSessionListener
-
onExpired
- Specified by:
onExpired
in interfaceSessionListener
-
onInvalidated
- Specified by:
onInvalidated
in interfaceSessionListener
-