Package org.forgerock.openam.sts.soap.token.config

Interface TokenOperationFactory

  • All Known Implementing Classes:
    TokenOperationFactoryImpl
    public interface TokenOperationFactory
    Interface consumed by the Token*OperationProvider classes to obtain instances of the TokenValidator, TokenProvider, or TokenCanceller classes for the various token types validated or generated by the sts.

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      org.apache.cxf.sts.token.validator.TokenValidator getSimpleTokenValidator​(TokenType validatedTokenType)
      Returns a TokenValidator which will validate tokens issued by the STS.
      org.apache.cxf.sts.token.canceller.TokenCanceller getTokenCanceller​(TokenType cancelledTokenType)
      Returns a TokenCanceller instance which will cancel an STS-issued token.
      org.apache.cxf.sts.token.provider.TokenProvider getTokenProvider​(TokenType issuedTokenType)
      Called to obtain the set of of TokenProvider instances to satisfy the issue operation.
      org.apache.cxf.sts.token.validator.TokenValidator getTokenValidator​(TokenType validatedTokenType, ValidationInvocationContext validationInvocationContext, boolean invalidateAMSession)
      Called to obtain the set of TokenValidator instances to perform pure token validation in the context of enforcing SecurityPolicy bindings and validating delegated tokens (ActAs/OnBehalfOf case).

    • Method Detail

      • getTokenValidator

        org.apache.cxf.sts.token.validator.TokenValidator getTokenValidator​(TokenType validatedTokenType,
                                                                    ValidationInvocationContext validationInvocationContext,
                                                                    boolean invalidateAMSession)
                                                             throws STSInitializationException
        Called to obtain the set of TokenValidator instances to perform pure token validation in the context of enforcing SecurityPolicy bindings and validating delegated tokens (ActAs/OnBehalfOf case).
        Parameters:
        validatedTokenType - the type of token to be validated
        validationInvocationContext - the context of this validation (SecurityPolicy binding enforcement, delegated token context).
        invalidateAMSession - whether the OpenAM session resulting from successful token validation should be invalidated at the completion of the operation
        Returns:
        A TokenValidator implementation which can validate the specified token type
        Throws:
        STSInitializationException - if the TokenValidator cannot be created

      • getTokenProvider

        org.apache.cxf.sts.token.provider.TokenProvider getTokenProvider​(TokenType issuedTokenType)
                                                          throws STSInitializationException
        Called to obtain the set of of TokenProvider instances to satisfy the issue operation.
        Parameters:
        issuedTokenType - The type of token to be issued
        Returns:
        the TokenProvider which can issue the specified type
        Throws:
        STSInitializationException - if the TokenProvider cannot be created.

      • getSimpleTokenValidator

        org.apache.cxf.sts.token.validator.TokenValidator getSimpleTokenValidator​(TokenType validatedTokenType)
                                                                   throws STSInitializationException
        Returns a TokenValidator which will validate tokens issued by the STS. Note that in the 13 release, this will only involve checking whether the token has been persisted in the CTS. It will not involve the consumption of an authN module. Only TokenValidators will be created for the TokenTypes corresponding to STS-issued tokens - i.e. OIDC and SAML2 tokens.
        Parameters:
        validatedTokenType - the type of token to be validated.
        Returns:
        a TokenValidator implementation which simply consults the TokenService to determine whether the token has been persisted in the CTS.
        Throws:
        STSInitializationException - if the TokenValidator cannot be created.

      • getTokenCanceller

        org.apache.cxf.sts.token.canceller.TokenCanceller getTokenCanceller​(TokenType cancelledTokenType)
                                                             throws STSInitializationException
        Returns a TokenCanceller instance which will cancel an STS-issued token. This will simply involve invoking the TokenService to remove the token from the CTS. Only TokenCancellers will be created for the TokenTypes corresponding to STS-issued tokens - i.e. OIDC and SAML2 tokens.
        Parameters:
        cancelledTokenType - the type of to-be-cancelled token
        Returns:
        A TokenCanceller instance which can handle the cancellation of the specified TokenType
        Throws:
        STSInitializationException - if the TokenCanceller cannot be created