-
Notifications
You must be signed in to change notification settings - Fork 130
Expand file tree
/
Copy pathXSUserInfo.java
More file actions
383 lines (354 loc) · 12.9 KB
/
XSUserInfo.java
File metadata and controls
383 lines (354 loc) · 12.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
/**
* SPDX-FileCopyrightText: 2018-2022 SAP SE or an SAP affiliate company and Cloud Security Client Java contributors
*
* SPDX-License-Identifier: Apache-2.0
*/
package com.sap.xsa.security.container;
/**
* API for OAuth resource servers to extract authentication and authorization
* information from the OAuth token.
*
* deprecated with version 2.4.0 in favor of the new SAP Java Client library.
*/
public interface XSUserInfo {
/**
* User name used for authentication, e.g. an email address or other identifier.
* A user might exist in multiple identity providers. The following information
* is required to to uniquely identify a user: - -
*
*
* - username: name of the user in an identity provider
*
* - origin: alias to an identity provider
*
* - subaccount id: identifier for the subaccount
*
* @deprecated Can be replaced with
* {@code token.getClaimAsString(TokenClaims.USER_NAME)} from the
* {@code com.sap.cloud.security.token} package or with
* {@code token.getPrincipal()}.
* @return user name
* @throws XSUserInfoException
* if attribute is not available in the authentication token
*/
String getLogonName() throws XSUserInfoException;
/**
* Given name of the user.
*
* @deprecated Can be replaced with
* {@code token.getClaimAsString(TokenClaims.GIVEN_NAME)} from the
* {@code com.sap.cloud.security.token} package. Only if it is not
* an external attribute.
* @return given name
* @throws XSUserInfoException
* if attribute is not available in the authentication token
*/
String getGivenName() throws XSUserInfoException;
/**
* Familiy name of the user.
*
* @deprecated Can be replaced with
* {@code token.getClaimAsString(TokenClaims.FAMILY_NAME)} from the
* {@code com.sap.cloud.security.token} package. Only if it is not
* an external attribute.
* @return family name
* @throws XSUserInfoException
* if attribute is not available in the authentication token
*/
String getFamilyName() throws XSUserInfoException;
/**
* Return the user origin. The origin is an alias that refers to a user store in
* which the user is persisted. For example, users that are authenticated by the
* UAA itself with a username/password combination have their origin set to the
* value uaa.
*
* @deprecated Can be replaced with
* {@code token.getClaimAsString(TokenClaims.XSUAA.ORIGIN)} from the
* {@code com.sap.cloud.security.token} package.
* @return user origin
* @throws XSUserInfoException
* if attribute is not available in the authentication token
*/
String getOrigin() throws XSUserInfoException;
/**
* Return identity zone which is in most cases same like the subaccount
* identifier.
*
* @deprecated Have to be replaced with {@link #getZoneId()} or
* {@link #getSubaccountId()}.
* @return identity zone
* @throws XSUserInfoException
* if attribute is not available in the authentication token
*/
@Deprecated
String getIdentityZone() throws XSUserInfoException;
/**
* Return subaccount identifier.
*
* DO only use this for metering purposes. DO NOT longer use this method to get
* the unique tenant id! For that use {@link #getZoneId()}.
*
* @return subaccount identifier
* @throws XSUserInfoException
* if attribute is not available in the authentication token
*/
String getSubaccountId() throws XSUserInfoException;
/**
* Return zone identifier which should be used as tenant discriminator (tenant
* id). For most of the old subaccounts this matches the id returned by
* {@link #getSubaccountId()}.
*
* @deprecated Can be replaced with {@code token.getZoneId()} from the
* {@code com.sap.cloud.security.token} package.
* @return zone identifier
* @throws XSUserInfoException
* if attribute is not available in the authentication token
*/
String getZoneId() throws XSUserInfoException;
/**
* Supported via {@code XSUserInfoAdapter} from the
* {@code com.sap.cloud.security.adapter.xs} package. Also available on tokens
* of type {@code XsuaaToken} from java-security.
*
* @return the subdomain
* @throws XSUserInfoException
* if subdomain is not available in the authentication token
*/
String getSubdomain() throws XSUserInfoException;
/**
* Return the client id of the authentication token
*
* @deprecated Can be replaced with
* {@code token.getClaimAsString(TokenClaims.XSUAA.CLIENT_ID)} from
* the {@code com.sap.cloud.security.token} package.
* @return client id
* @throws XSUserInfoException
* if attribute is not available in the authentication token
*/
String getClientId() throws XSUserInfoException;
/**
* @deprecated Can be replaced with {@code token.getClaimAsString(attribute)}
* from the {@code com.sap.cloud.security.token} package.
* @param attribute
* the name of the JSON property
* @return value of attribute
* @throws XSUserInfoException
* if attribute is not available in the authentication token
*/
@Deprecated
String getJsonValue(String attribute) throws XSUserInfoException;
/**
* Return the email of the user
*
* @deprecated Can be replaced with
* {@code token.getClaimAsString(TokenClaims.EMAIL)} from the
* {@code com.sap.cloud.security.token} package.
*
* @return email
* @throws XSUserInfoException
* if attribute is not available in the authentication token
*/
String getEmail() throws XSUserInfoException;
/**
* @deprecated use {@link #getHdbToken()} instead.
* @return the hana database token
* @throws XSUserInfoException
* if db token is not available in the authentication token
*/
@Deprecated
String getDBToken() throws XSUserInfoException;
/**
* Still Supported via {@code XSUserInfoAdapter} from the
* {@code com.sap.cloud.security.adapter.xs} package.
*
* @return the hana database token
* @throws XSUserInfoException
* if db token is not available in the authentication token
*/
String getHdbToken() throws XSUserInfoException;
/**
* Return authentication token
*
* @deprecated Can be replaced with {@code token.getAccessToken()} from the
* {@code com.sap.cloud.security.token} package.
* @return authentication token
*/
String getAppToken();
/**
* Still Supported via {@code XSUserInfoAdapter} from the
* {@code com.sap.cloud.security.adapter.xs} package.
*
* @param namespace
* the namespace
* @param name
* the name
* @return the token
* @throws XSUserInfoException
* if token is not available in the authentication token
*
* @deprecated use {@link #getHdbToken()} instead.
*/
@Deprecated
String getToken(String namespace, String name) throws XSUserInfoException;
/**
* Return user attributes.
*
* Still Supported via {@code XSUserInfoAdapter} from the
* {@code com.sap.cloud.security.adapter.xs} package.
*
* @param attributeName
* name of attribute
* @return attribute values array
* @throws XSUserInfoException
* if attribute is not available in the authentication token
*/
String[] getAttribute(String attributeName) throws XSUserInfoException;
/**
* Check if the authentication token contains user attributes. Still Supported
* via {@code XSUserInfoAdapter} from the
* {@code com.sap.cloud.security.adapter.xs} package.
*
* @return true if user attributes are available
* @throws XSUserInfoException
* if attribute is not available in the authentication token
*/
boolean hasAttributes() throws XSUserInfoException;
/**
* Still Supported via {@code XSUserInfoAdapter} from the
* {@code com.sap.cloud.security.adapter.xs} package.
*
* @param attributeName
* the name of the system attribute
* @return the system attribute
* @throws XSUserInfoException
* if system attribute is not available in the authentication token
*/
String[] getSystemAttribute(String attributeName) throws XSUserInfoException;
/**
* Check if a scope is present in the authentication token
*
* @param scope
* name of fully qualified scope
* @deprecated can be replaced with {@code xsuaaToken.hasScope(scope)} from the
* {@code com.sap.cloud.security.token} package.
* @return true if scope is available
* @throws XSUserInfoException
* if attribute is not available in the authentication token
*/
boolean checkScope(String scope) throws XSUserInfoException;
/**
* Check if a "local" scope is available in the authentication token according
* to the {@code ScopeConverter}.
*
* @param scope
* name of local scope (the {@code XsuaaScopeConverter} omits the
* xsappid)
* @deprecated can be replaced with {@code xsuaaToken.hasLocalScope(scope)} from
* the {@code com.sap.cloud.security.token} package.
* @return true if local scope is available
* @throws XSUserInfoException
* if attribute is not available in the authentication token
*/
boolean checkLocalScope(String scope) throws XSUserInfoException;
/**
* Return additional authentication attributes included by the OAuth client
* component. Note: this is data controlled by the requester of a token. Might
* be not trustworthy.
*
* Still Supported via {@code XSUserInfoAdapter}
*
* @param attributeName
* name of the authentication attribute
* @return addition authentication attributes
* @throws XSUserInfoException
* if attribute is not available in the authentication token
*/
String getAdditionalAuthAttribute(String attributeName) throws XSUserInfoException;
/**
* In case of xsuaa broker plan tokens, it contains the service instance id
*
* Still Supported via {@code XSUserInfoAdapter} from the
* {@code com.sap.cloud.security.adapter.xs} package.
*
* @return service instance id
* @throws XSUserInfoException
* if attribute is not available in the authentication token
*/
String getCloneServiceInstanceId() throws XSUserInfoException;
/**
* OAuth Grant Type used for this token
*
* @deprecated can be replaced with {@code token.getGrantType()} from the
* {@code com.sap.cloud.security.token} package. This will give you
* a {@code GrantType} enum entry on which you can call
* {@code toString} to obtain the grant type as string, e.g.
* "client_credentials".
* @return grant type
* @throws XSUserInfoException
* if attribute is not available in the authentication token
*/
String getGrantType() throws XSUserInfoException;
/**
* Check if a token issued for another OAuth client has been forwarded to a
* different client,
*
*
* @return true if token was forwarded
* @throws XSUserInfoException
* if attribute is not available in the authentication token
*/
boolean isInForeignMode() throws XSUserInfoException;
/**
* Performs a client credentials token flow.
*
* @param clientId
* client id
* @param clientSecret
* client secret
* @param uaaUrl
* the uaa url
* @return the token
*
* @deprecated can be replaced with token flows from the token-client library.
* Does not support mtls-based communication to XSUAA identity
* provider and will be removed with version 3.0.0.
*
* @throws XSUserInfoException
* if an error occurs during token request
*/
@Deprecated
String requestTokenForClient(String clientId, String clientSecret, String uaaUrl) throws XSUserInfoException;
/**
* Performs a user token flow.
*
* @param clientId
* client id
* @param clientSecret
* client secret
* @param uaaUrl
* the uaa url
* @return the token
* @deprecated can be replaced with token flows from the token-client library.
* Does not support mtls-based communication to XSUAA identity
* provider and will be removed with version 3.0.0.
*
* @throws XSUserInfoException
* if an error occurs during token request
*/
@Deprecated
String requestTokenForUser(String clientId, String clientSecret, String uaaUrl) throws XSUserInfoException;
/**
* Exchange a token into a token from another service instance
*
* @param tokenRequest
* request data
* @deprecated can be replaced with token flows from the token-client library.
* Does not support mtls-based communication to XSUAA identity
* provider and will be removed with version 3.0.0.
* @return requested token
* @throws XSUserInfoException
* if an error occurs during token exchange
*/
@Deprecated
String requestToken(XSTokenRequest tokenRequest) throws XSUserInfoException;
}