org.forgerock.openam.sts.soap.token.config

Interface TokenOperationFactory

All Known Implementing Classes:

TokenOperationFactoryImpl

public interface TokenOperationFactory

Interface consumed by the Token*OperationProvider classes to obtain instances of the TokenValidator, TokenProvider, or TokenCanceller classes for the various token types validated or generated by the sts.

Method Summary

Modifier and Type	Method and Description
org.apache.cxf.sts.token.validator.TokenValidator	getSimpleTokenValidator(TokenType validatedTokenType) Returns a TokenValidator which will validate tokens issued by the STS.
org.apache.cxf.sts.token.canceller.TokenCanceller	getTokenCanceller(TokenType cancelledTokenType) Returns a TokenCanceller instance which will cancel an STS-issued token.
org.apache.cxf.sts.token.provider.TokenProvider	getTokenProvider(TokenType issuedTokenType) Called to obtain the set of of TokenProvider instances to satisfy the issue operation.
org.apache.cxf.sts.token.validator.TokenValidator	getTokenValidator(TokenType validatedTokenType, ValidationInvocationContext validationInvocationContext, boolean invalidateAMSession) Called to obtain the set of TokenValidator instances to perform pure token validation in the context of enforcing SecurityPolicy bindings and validating delegated tokens (ActAs/OnBehalfOf case).

Method Detail

getTokenValidator

org.apache.cxf.sts.token.validator.TokenValidator getTokenValidator(TokenType validatedTokenType,
                                                                    ValidationInvocationContext validationInvocationContext,
                                                                    boolean invalidateAMSession)
                                                             throws STSInitializationException

Called to obtain the set of TokenValidator instances to perform pure token validation in the context of enforcing SecurityPolicy bindings and validating delegated tokens (ActAs/OnBehalfOf case).

Parameters:

validatedTokenType - the type of token to be validated

validationInvocationContext - the context of this validation (SecurityPolicy binding enforcement, delegated token context).

invalidateAMSession - whether the OpenAM session resulting from successful token validation should be invalidated at the completion of the operation

Returns:

A TokenValidator implementation which can validate the specified token type

Throws:

STSInitializationException - if the TokenValidator cannot be created

getTokenProvider

org.apache.cxf.sts.token.provider.TokenProvider getTokenProvider(TokenType issuedTokenType)
                                                          throws STSInitializationException

Called to obtain the set of of TokenProvider instances to satisfy the issue operation.

Parameters:

issuedTokenType - The type of token to be issued

Returns:

the TokenProvider which can issue the specified type

Throws:

STSInitializationException - if the TokenProvider cannot be created.

getSimpleTokenValidator

org.apache.cxf.sts.token.validator.TokenValidator getSimpleTokenValidator(TokenType validatedTokenType)
                                                                   throws STSInitializationException

Returns a TokenValidator which will validate tokens issued by the STS. Note that in the 13 release, this will only involve checking whether the token has been persisted in the CTS. It will not involve the consumption of an authN module. Only TokenValidators will be created for the TokenTypes corresponding to STS-issued tokens - i.e. OIDC and SAML2 tokens.

Parameters:

validatedTokenType - the type of token to be validated.

Returns:

a TokenValidator implementation which simply consults the TokenService to determine whether the token has been persisted in the CTS.

Throws:

STSInitializationException - if the TokenValidator cannot be created.

getTokenCanceller

org.apache.cxf.sts.token.canceller.TokenCanceller getTokenCanceller(TokenType cancelledTokenType)
                                                             throws STSInitializationException

Returns a TokenCanceller instance which will cancel an STS-issued token. This will simply involve invoking the TokenService to remove the token from the CTS. Only TokenCancellers will be created for the TokenTypes corresponding to STS-issued tokens - i.e. OIDC and SAML2 tokens.

Parameters:

cancelledTokenType - the type of to-be-cancelled token

Returns:

A TokenCanceller instance which can handle the cancellation of the specified TokenType

Throws:

STSInitializationException - if the TokenCanceller cannot be created