Class AccessByToken

  • All Implemented Interfaces:
    AccessPolicy

    public class AccessByToken
    extends java.lang.Object
    implements AccessPolicy
    Token access policy.

    A consuming system is granted access only if it can (1) present a certificate with at least one trusted issuer, as well as (2) present a token originating from a designated authorization system. The consuming system does not have to be a member of the same local cloud as the system using this access policy.

    The designated authorization system is identified by a PublicKey, which can either be specified directly or be resolved at a later time. Authorization system public key resolution could, for example, be performed by some suitable plugin. The authorization system key is set or replaced using the authorizationKey(PublicKey) method.

    Note that access policy instances of this type can be shared by multiple services.

    • Constructor Summary

      Constructors 
      Constructor Description
      AccessByToken()
      Creates new certificate and token access policy without an authorization system public key.
      AccessByToken​(java.security.PublicKey authorizationKey)
      Creates new certificate and token access policy with the given authorization system public key.
    • Constructor Detail

      • AccessByToken

        public AccessByToken()
        Creates new certificate and token access policy without an authorization system public key.

        The key must be set later via the authorizationKey(PublicKey) method, perhaps via a plugin. This access policy will prevent all access until a valid key has been set.

      • AccessByToken

        public AccessByToken​(java.security.PublicKey authorizationKey)
        Creates new certificate and token access policy with the given authorization system public key.

        The key can be changed later via the authorizationKey(PublicKey) method.

        Parameters:
        authorizationKey - Public key of issuer of acceptable access tokens.
    • Method Detail

      • authorizationKey

        public void authorizationKey​(java.security.PublicKey authorizationKey)
        Sets authorization system public key.

        The key is used to determine if provided access tokens were created by the system owning the corresponding private key, which in most scenarios can be expected to be an authorization system belonging to the same cloud as the service provider using this access policy.

        Parameters:
        authorizationKey - Public key of designated authorization system.
      • isAuthorized

        public boolean isAuthorized​(SystemIdentityDescription consumer,
                                    ArSystem provider,
                                    ServiceDescription service,
                                    java.lang.String token)
                             throws AccessTokenException
        Description copied from interface: AccessPolicy
        Determines whether or not the described system may consume the described service using the given access token, if any.
        Specified by:
        isAuthorized in interface AccessPolicy
        Parameters:
        consumer - Description of system attempting to consume the service in question.
        provider - The system providing the consumed service.
        service - Description of service that the consumer attempts to consume.
        token - Access token presented by the consumer, if any.
        Returns:
        true only if consumer is permitted to consume service.
        Throws:
        AccessTokenException