View Javadoc

1   package com.atlassian.asap.service.core.impl;
2   
3   import com.atlassian.asap.service.api.TokenValidator;
4   import com.atlassian.asap.service.core.spi.AsapConfiguration;
5   import com.google.common.base.MoreObjects;
6   import com.google.common.collect.ImmutableSet;
7   
8   import java.util.Set;
9   
10  import static java.util.Objects.requireNonNull;
11  
12  /**
13   * Implements the builder logic for a token validator.
14   */
15  @SuppressWarnings("WeakerAccess")
16  public abstract class AbstractTokenValidator implements TokenValidator {
17      private final AsapConfiguration config;
18  
19      /**
20       * The issuers that are <strong>authorized</strong> to use this resource as 'root'.
21       */
22      private Set<String> authorizedIssuers;
23  
24      /**
25       * The issuers that are <strong>authorized</strong> to use this resource.
26       */
27      private Set<String> impersonationAuthorizedIssuers;
28  
29      /**
30       * The effective subjects that are <strong>authorized</strong> to use this resource.
31       */
32      private Set<String> authorizedSubjects;
33  
34      /**
35       * The audience values that may be specified when creating a token for this resource.
36       */
37      private Set<String> acceptableAudienceValues;
38  
39      /**
40       * True if the token's subject value is going to be interpreted as a user to impersonate.
41       *
42       * @see TokenValidator#subject(String...)
43       */
44      private boolean subjectImpersonation;
45  
46      /**
47       * The validation policy to apply when validating the token.
48       */
49      private Policy policy = Policy.REQUIRE;
50  
51  
52      @SuppressWarnings("WeakerAccess")
53      protected AbstractTokenValidator(AsapConfiguration config) {
54          this.config = requireNonNull(config, "config");
55          this.authorizedIssuers = ImmutableSet.of();
56          this.impersonationAuthorizedIssuers = ImmutableSet.of();
57          this.authorizedSubjects = ImmutableSet.of();
58          this.acceptableAudienceValues = ImmutableSet.of(config.audience());
59      }
60  
61      @Override
62      public TokenValidator issuer(Iterable<String> authorizedIssuers) {
63          this.authorizedIssuers = ImmutableSet.copyOf(authorizedIssuers);
64          return this;
65      }
66  
67      @Override
68      public TokenValidator impersonationIssuer(Iterable<String> impersonationIssuers) {
69          this.impersonationAuthorizedIssuers = ImmutableSet.copyOf(impersonationIssuers);
70          return this;
71      }
72  
73      /**
74       * @param subjectImpersonation {@code true} to use subject impersonation
75       * @return {@code this}
76       * @deprecated move/copy issuers that are allowed to impersonate users from the 'issuer' to the 'impersonationIssuer' list
77       */
78      @Override
79      @Deprecated
80      public TokenValidator subjectImpersonation(boolean subjectImpersonation) {
81          this.subjectImpersonation = subjectImpersonation;
82          return this;
83      }
84  
85      @Override
86      public TokenValidator subject(Iterable<String> authorizedSubjects) {
87          this.authorizedSubjects = ImmutableSet.copyOf(authorizedSubjects);
88          return this;
89      }
90  
91      @Override
92      public TokenValidator audience(Iterable<String> additionalAudienceValues) {
93          this.acceptableAudienceValues = ImmutableSet.<String>builder()
94                  .add(config.audience())
95                  .addAll(additionalAudienceValues)
96                  .build();
97          return this;
98      }
99  
100     @Override
101     public TokenValidator policy(Policy policy) {
102         this.policy = requireNonNull(policy, "policy");
103         return this;
104     }
105 
106     protected Set<String> authorizedIssuers() {
107         return authorizedIssuers;
108     }
109 
110     protected Set<String> impersonationAuthorizedIssuers() {
111         return impersonationAuthorizedIssuers;
112     }
113 
114     protected Set<String> authorizedSubjects() {
115         return authorizedSubjects;
116     }
117 
118     protected Set<String> acceptableAudienceValues() {
119         return acceptableAudienceValues;
120     }
121 
122     protected boolean subjectImpersonation() {
123         return subjectImpersonation;
124     }
125 
126     protected Policy policy() {
127         return policy;
128     }
129 
130     @Override
131     public String toString() {
132         return MoreObjects.toStringHelper(this)
133                 .add("config", config)
134                 .add("authorizedIssuers", authorizedIssuers)
135                 .add("impersonationAuthorizedIssuers", impersonationAuthorizedIssuers)
136                 .add("authorizedSubjects", authorizedSubjects)
137                 .add("acceptableAudienceValues", acceptableAudienceValues)
138                 .add("subjectImpersonation", subjectImpersonation)
139                 .add("policy", policy)
140                 .toString();
141     }
142 }