Package de.aristaflow.adept2.base.sessionmanagement

Class SignedSecurityToken

  • All Implemented Interfaces:
    Serializable
    public final class SignedSecurityToken
extends Object
implements Serializable
    A security token provides all security-relevant data. This includes the user information as well as the rights of the user. These are checked before the user may call any method. All data is kept in an inner SecurityToken and signed with the private key of the security manager by this class. This ensures integrity of the session token.

    Before any method is called, the integrity of the security token will be checked with the designated public key of the security manager. If this fails, a SecurityTokenIntegrityException will be thrown. This way every component having the public key of the security manager can validate the security token.

    To improve performance, the verification for a specific public key is cached for some time. Calls arriving with the same key within the valid time since the last verification will be accepted without re-verification.

    See Also:
    Serialized Form

    • Constructor Detail

      • SignedSecurityToken

        public SignedSecurityToken​(QualifiedAgent agent,
                           Collection<String> capabilities,
                           PrivateKey privateKey)
                    throws SecurityTokenIntegrityException
        Creates a new security token for the qualified agent providing the designated capabilities and signs it with the designated private key.
        Parameters:
        agent - The agent the security token is created for; the "owner" of the security token.
        capabilities - The capabilities as strings that the created security token should provide.
        privateKey - The private key of the security manager to sign this security token with.
        Throws:
        SecurityTokenIntegrityException - If the security token cannot be signed due to problems with the keys or algorithms, a SecurityTokenIntegrityException will be thrown.

    • Method Detail

      • getID

        public UUID getID​(PublicKey publicKey)
           throws SecurityTokenIntegrityException
        Verifies the token and gets the unique ID of this security token which can be used like a revision to invalidate a security token.
        Parameters:
        publicKey - The public key of the security manager to ensure that the token is valid.
        Returns:
        The unique ID of this security token.
        Throws:
        SecurityTokenIntegrityException - If the designated public key does not verify the signature of this session token, a SecurityTokenIntegrityException will be thrown.

      • getQualifiedAgent

        public QualifiedAgent getQualifiedAgent​(PublicKey publicKey)
                                 throws SecurityTokenIntegrityException
        Verifies the token and returns the object representing the agent who is identified by this security token. This is used security reasons but also, for instance, for locking purpose to allow for long-lasting transactions when editing templates.
        Parameters:
        publicKey - The public key of the security manager to ensure that the token is valid.
        Returns:
        The object representing the agent who is identified by this security token.
        Throws:
        SecurityTokenIntegrityException - If the designated public key does not verify the signature of this session token, a SecurityTokenIntegrityException will be thrown.

      • hasCapability

        @Deprecated
public boolean hasCapability​(PublicKey publicKey,
                             String objectAccess)
                      throws SecurityTokenIntegrityException
        Deprecated.
        Use hasOneCapability(PublicKey, String...) instead.
        Verifies the token and returns whether the owner of this token is allowed to access the designated object in the designated way, for instance, "ReadInstance".
        Parameters:
        publicKey - The public key of the security manager to ensure that the token is valid.
        objectAccess - A string representing the object and the function the owner of this token wants to perform.
        Returns:
        Whether the owner is allowed to perform the designated function on the designated object.
        Throws:
        SecurityTokenIntegrityException - If the designated public key does not verify the signature of this session token, a SecurityTokenIntegrityException will be thrown.
        See Also:
        Capabilities

      • hasOneCapability

        public boolean hasOneCapability​(PublicKey publicKey,
                                String... objectAccess)
                         throws SecurityTokenIntegrityException
        Verifies the token and returns whether the owner of this token is allowed to access at least one of the designated objects in the designated way, for instance, "ReadInstance".
        Parameters:
        publicKey - The public key of the security manager to ensure that the token is valid.
        objectAccess - A string representing the objects and the functions the owner of this token wants to perform.
        Returns:
        Whether the owner is allowed to perform at least one of the designated functions on the designated objects.
        Throws:
        SecurityTokenIntegrityException - If the designated public key does not verify the signature of this session token, a SecurityTokenIntegrityException will be thrown.
        See Also:
        Capabilities

      • hasAllCapabilities

        public boolean hasAllCapabilities​(PublicKey publicKey,
                                  String... objectAccess)
                           throws SecurityTokenIntegrityException
        Verifies the token and returns whether the owner of this token is allowed to access all of the designated objects in the designated way, for instance, "ReadInstance".
        Parameters:
        publicKey - The public key of the security manager to ensure that the token is valid.
        objectAccess - A string representing the objects and the functions the owner of this token wants to perform.
        Returns:
        Whether the owner is allowed to perform all of the designated functions on the designated objects.
        Throws:
        SecurityTokenIntegrityException - If the designated public key does not verify the signature of this session token, a SecurityTokenIntegrityException will be thrown.
        See Also:
        Capabilities

      • verify

        public final void verify​(PublicKey publicKey)
                  throws SecurityTokenIntegrityException
        Verifies the signature of the security token against the designated public key. If the verification succeeds, the method will just return, otherwise a SecurityTokenIntegrityException will be thrown.
        Parameters:
        publicKey - The public key to verify the signature against.
        Throws:
        SecurityTokenIntegrityException - If the signature can not be verified against the designated key and the inner security token, a SecurityTokenIntegrityException will be thrown.

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object