-
Notifications
You must be signed in to change notification settings - Fork 215
/
OAuthConfig.java
123 lines (104 loc) · 4.29 KB
/
OAuthConfig.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
/*
* Copyright (c) 2017 Contributors to the Eclipse Foundation
*
* See the NOTICE file(s) distributed with this work for additional
* information regarding copyright ownership.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.ditto.gateway.service.util.config.security;
import java.time.Duration;
import java.util.Collections;
import java.util.Map;
import javax.annotation.concurrent.Immutable;
import org.eclipse.ditto.internal.utils.config.KnownConfigValue;
import org.eclipse.ditto.policies.model.SubjectIssuer;
import org.eclipse.ditto.utils.jsr305.annotations.AllValuesAreNonnullByDefault;
/**
* Provides configuration settings for OAuth.
*/
@Immutable
@AllValuesAreNonnullByDefault
public interface OAuthConfig {
/**
* Returns the protocol to access all OAuth endpoints.
*
* @return the protocol with which to access all OAuth endpoints.
*/
String getProtocol();
/**
* Returns the allowed clock skew in seconds to tolerate when verifying the local time against the {@code exp}
* and {@code nbf} claims.
*
* @return the allowed clock skew in seconds.
*/
Duration getAllowedClockSkew();
/**
* Returns all supported openid connect issuers.
*
* @return the issuers.
*/
Map<SubjectIssuer, SubjectIssuerConfig> getOpenIdConnectIssuers();
/**
* Returns all additionally supported openid connect issuers. This can be useful during migration phases e.g. if
* you have multiple issuer URIs for the same subject issuer.
*
* @return the additional issuers.
*/
Map<SubjectIssuer, SubjectIssuerConfig> getOpenIdConnectIssuersExtension();
/**
* Returns the template of the subject activated via token integration. May contain placeholders.
*
* @return the token integration subject.
*/
String getTokenIntegrationSubject();
/**
* Returns the full qualified classname of the {@code org.eclipse.ditto.gateway.service.security.authentication.jwt.JwtAuthorizationSubjectsProvider}
* implementation to use for custom authorization subjects.
*
* @return the full qualified classname of the {@code JwtAuthorizationSubjectsProvider} implementation to use.
* @since 3.0.0
*/
String getJwtAuthorizationSubjectsProvider();
/**
* Returns the full qualified classname of the {@code org.eclipse.ditto.gateway.service.security.authentication.jwt.JwtAuthenticationResultProvider}
* implementation to use for custom authorizations.
*
* @return the full qualified classname of the {@code JwtAuthenticationResultProvider} implementation to use.
* @since 3.0.0
*/
String getJwtAuthenticationResultProvider();
enum OAuthConfigValue implements KnownConfigValue {
PROTOCOL("protocol", "https"),
ALLOWED_CLOCK_SKEW("allowed-clock-skew", Duration.ofSeconds(10)),
OPENID_CONNECT_ISSUERS("openid-connect-issuers", Collections.emptyMap()),
OPENID_CONNECT_ISSUERS_EXTENSION("openid-connect-issuers-extension", Collections.emptyMap()),
TOKEN_INTEGRATION_SUBJECT("token-integration-subject", "integration:{{policy-entry:label}}:{{jwt:aud}}"),
/**
* The full qualified classname of the {@code JwtAuthorizationSubjectsProvider} to instantiate.
* @since 3.0.0
*/
JWT_AUTHORIZATION_SUBJECTS_PROVIDER("jwt-authorization-subjects-provider",
"org.eclipse.ditto.gateway.service.security.authentication.jwt.DittoJwtAuthorizationSubjectsProvider"),
JWT_AUTHENTICATION_RESULT_PROVIDER("jwt-authentication-result-provider",
"org.eclipse.ditto.gateway.service.security.authentication.jwt.DefaultJwtAuthenticationResultProvider");
private final String path;
private final Object defaultValue;
OAuthConfigValue(final String thePath, final Object theDefaultValue) {
path = thePath;
defaultValue = theDefaultValue;
}
@Override
public Object getDefaultValue() {
return defaultValue;
}
@Override
public String getConfigPath() {
return path;
}
}
}