SignedSecurityToken (AristaFlow Business Process Platform API)

java.lang.Object
- de.aristaflow.adept2.base.sessionmanagement.SignedSecurityToken

All Implemented Interfaces:

java.io.Serializable
```
public final class SignedSecurityToken
extends java.lang.Object
implements java.io.Serializable
```
A security token provides all security-relevant data. This includes the user information as well as the rights of the user. These are checked before the user may call any method. All data is kept in an inner SecurityToken and signed with the private key of the security manager by this class. This ensures integrity of the session token.
Before any method is called, the integrity of the security token will be checked with the designated public key of the security manager. If this fails, a SecurityTokenIntegrityException will be thrown. This way every component having the public key of the security manager can validate the security token.
To improve performance, the verification for a specific public key is cached for some time. Calls arriving with the same key within the valid time since the last verification will be accepted without re-verification.

Author:

Ulrich Kreher

See Also:

Serialized Form

Constructor Summary

Constructors
Constructor and Description
`SignedSecurityToken(QualifiedAgent agent, java.util.Collection<java.lang.String> capabilities, java.security.PrivateKey privateKey)` Creates a new security token for the qualified agent providing the designated capabilities and signs it with the designated private key.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`equals(java.lang.Object obj)`
`java.util.UUID`	`getID(java.security.PublicKey publicKey)` Verifies the token and gets the unique ID of this security token which can be used like a revision to invalidate a security token.
`QualifiedAgent`	`getQualifiedAgent(java.security.PublicKey publicKey)` Verifies the token and returns the object representing the agent who is identified by this security token.
`boolean`	`hasCapability(java.security.PublicKey publicKey, java.lang.String objectAccess)` Verifies the token and returns whether the owner of this token is allowed to access the designated object in the designated way, for instance, "ReadInstance".
`int`	`hashCode()`
`void`	`verify(java.security.PublicKey publicKey)` Verifies the signature of the security token against the designated public key.

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - SignedSecurityToken
```
public SignedSecurityToken(QualifiedAgent agent,
                           java.util.Collection<java.lang.String> capabilities,
                           java.security.PrivateKey privateKey)
                    throws SecurityTokenIntegrityException
```
    Creates a new security token for the qualified agent providing the designated capabilities and signs it with the designated private key.
    
    Parameters:
    
    agent - The agent the security token is created for; the "owner" of the security token.
    
    capabilities - The capabilities as strings that the created security token should provide.
    
    privateKey - The private key of the security manager to sign this security token with.
    
    Throws:
    
    SecurityTokenIntegrityException - If the security token cannot be signed due to problems with the keys or algorithms, a SecurityTokenIntegrityException will be thrown.
- Method Detail
  - getID
```
public java.util.UUID getID(java.security.PublicKey publicKey)
                     throws SecurityTokenIntegrityException
```
    Verifies the token and gets the unique ID of this security token which can be used like a revision to invalidate a security token.
    
    Parameters:
    
    publicKey - The public key of the security manager to ensure that the token is valid.
    
    Returns:
    
    The unique ID of this security token.
    
    Throws:
    
    SecurityTokenIntegrityException - If the designated public key does not verify the signature of this session token, a SecurityTokenIntegrityException will be thrown.
  - getQualifiedAgent
```
public QualifiedAgent getQualifiedAgent(java.security.PublicKey publicKey)
                                 throws SecurityTokenIntegrityException
```
    Verifies the token and returns the object representing the agent who is identified by this security token. This is used security reasons but also, for instance, for locking purpose to allow for long-lasting transactions when editing templates.
    
    Parameters:
    
    publicKey - The public key of the security manager to ensure that the token is valid.
    
    Returns:
    
    The object representing the agent who is identified by this security token.
    
    Throws:
    
    SecurityTokenIntegrityException - If the designated public key does not verify the signature of this session token, a SecurityTokenIntegrityException will be thrown.
  - hasCapability
```
public boolean hasCapability(java.security.PublicKey publicKey,
                             java.lang.String objectAccess)
                      throws SecurityTokenIntegrityException
```
    Verifies the token and returns whether the owner of this token is allowed to access the designated object in the designated way, for instance, "ReadInstance".
    
    Parameters:
    
    publicKey - The public key of the security manager to ensure that the token is valid.
    
    objectAccess - A string representing the object and the function the owner of this token wants to perform.
    
    Returns:
    
    Whether the owner is allowed to perform the designated function on the designated object.
    
    Throws:
    
    SecurityTokenIntegrityException - If the designated public key does not verify the signature of this session token, a SecurityTokenIntegrityException will be thrown.
    
    See Also:
    
    Capabilities
  - verify
```
public final void verify(java.security.PublicKey publicKey)
                  throws SecurityTokenIntegrityException
```
    Verifies the signature of the security token against the designated public key. If the verification succeeds, the method will just return, otherwise a SecurityTokenIntegrityException will be thrown.
    
    Parameters:
    
    publicKey - The public key to verify the signature against.
    
    Throws:
    
    SecurityTokenIntegrityException - If the signature can not be verified against the designated key and the inner security token, a SecurityTokenIntegrityException will be thrown.
  - equals
```
public boolean equals(java.lang.Object obj)
```
    Overrides:
    
    equals in class java.lang.Object
  - hashCode
```
public int hashCode()
```
    Overrides:
    
    hashCode in class java.lang.Object

Class SignedSecurityToken

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

SignedSecurityToken

Method Detail

getID

getQualifiedAgent

hasCapability

verify

equals

hashCode