Class SignedSecurityToken
java.lang.Object
de.aristaflow.adept2.base.sessionmanagement.SignedSecurityToken
- All Implemented Interfaces:
Serializable
A security token provides all security-relevant data. This includes the user information as well
as the rights of the user. These are checked before the user may call any method. All data is
kept in an inner
SecurityToken and signed with the private key of the security
manager by this class. This ensures integrity of the session token.
Before any method is called, the integrity of the security token will be checked with the
designated public key of the security manager. If this fails, a
SecurityTokenIntegrityException will be thrown. This way every component having the
public key of the security manager can validate the security token.
To improve performance, the verification for a specific public key is cached for some time. Calls arriving with the same key within the valid time since the last verification will be accepted without re-verification.
- See Also:
-
Constructor Summary
ConstructorsConstructorDescriptionSignedSecurityToken(QualifiedAgent agent, Collection<String> capabilities, PrivateKey privateKey) Creates a new security token for the qualified agent providing the designated capabilities and signs it with the designated private key. -
Method Summary
Modifier and TypeMethodDescriptionbooleanVerifies the token and gets the unique ID of this security token which can be used like a revision to invalidate a security token.getQualifiedAgent(PublicKey publicKey) Verifies the token and returns the object representing the agent who is identified by this security token.booleanhasAllCapabilities(PublicKey publicKey, String... objectAccess) Verifies the token and returns whether the owner of this token is allowed to access all of the designated objects in the designated way, for instance, "ReadInstance".inthashCode()booleanhasOneCapability(PublicKey publicKey, String... objectAccess) Verifies the token and returns whether the owner of this token is allowed to access at least one of the designated objects in the designated way, for instance, "ReadInstance".final voidVerifies the signature of the security token against the designated public key.
-
Constructor Details
-
SignedSecurityToken
public SignedSecurityToken(QualifiedAgent agent, Collection<String> capabilities, PrivateKey privateKey) throws SecurityTokenIntegrityException Creates a new security token for the qualified agent providing the designated capabilities and signs it with the designated private key.- Parameters:
agent- The agent the security token is created for; the "owner" of the security token.capabilities- The capabilities as strings that the created security token should provide.privateKey- The private key of the security manager to sign this security token with.- Throws:
SecurityTokenIntegrityException- If the security token cannot be signed due to problems with the keys or algorithms, aSecurityTokenIntegrityExceptionwill be thrown.
-
-
Method Details
-
getID
Verifies the token and gets the unique ID of this security token which can be used like a revision to invalidate a security token.- Parameters:
publicKey- The public key of the security manager to ensure that the token is valid.- Returns:
- The unique ID of this security token.
- Throws:
SecurityTokenIntegrityException- If the designated public key does not verify the signature of this session token, aSecurityTokenIntegrityExceptionwill be thrown.
-
getQualifiedAgent
Verifies the token and returns the object representing the agent who is identified by this security token. This is used security reasons but also, for instance, for locking purpose to allow for long-lasting transactions when editing templates.- Parameters:
publicKey- The public key of the security manager to ensure that the token is valid.- Returns:
- The object representing the agent who is identified by this security token.
- Throws:
SecurityTokenIntegrityException- If the designated public key does not verify the signature of this session token, aSecurityTokenIntegrityExceptionwill be thrown.
-
hasOneCapability
public boolean hasOneCapability(PublicKey publicKey, String... objectAccess) throws SecurityTokenIntegrityException Verifies the token and returns whether the owner of this token is allowed to access at least one of the designated objects in the designated way, for instance, "ReadInstance".- Parameters:
publicKey- The public key of the security manager to ensure that the token is valid.objectAccess- A string representing the objects and the functions the owner of this token wants to perform.- Returns:
- Whether the owner is allowed to perform at least one of the designated functions on the designated objects.
- Throws:
SecurityTokenIntegrityException- If the designated public key does not verify the signature of this session token, aSecurityTokenIntegrityExceptionwill be thrown.- See Also:
-
hasAllCapabilities
public boolean hasAllCapabilities(PublicKey publicKey, String... objectAccess) throws SecurityTokenIntegrityException Verifies the token and returns whether the owner of this token is allowed to access all of the designated objects in the designated way, for instance, "ReadInstance".- Parameters:
publicKey- The public key of the security manager to ensure that the token is valid.objectAccess- A string representing the objects and the functions the owner of this token wants to perform.- Returns:
- Whether the owner is allowed to perform all of the designated functions on the designated objects.
- Throws:
SecurityTokenIntegrityException- If the designated public key does not verify the signature of this session token, aSecurityTokenIntegrityExceptionwill be thrown.- See Also:
-
verify
Verifies the signature of the security token against the designated public key. If the verification succeeds, the method will just return, otherwise aSecurityTokenIntegrityExceptionwill be thrown.- Parameters:
publicKey- The public key to verify the signature against.- Throws:
SecurityTokenIntegrityException- If the signature can not be verified against the designated key and the inner security token, aSecurityTokenIntegrityExceptionwill be thrown.
-
equals
-
hashCode
public int hashCode()
-