Package org.yamcs.http.auth

Class TokenStore

java.lang.Object
com.google.common.util.concurrent.AbstractService
org.yamcs.http.AbstractHttpService
org.yamcs.http.auth.TokenStore
All Implemented Interfaces:
com.google.common.util.concurrent.Service, SessionListener
public class TokenStore extends AbstractHttpService implements SessionListener
Store capable of generating a chain of refresh tokens. When a token is exchanged for a new token, the old token remains valid for a limited lifetime. This property is useful do deal with a burst of identical refresh requests.

This class maintains a cache from a JWT bearer token to the original authentication info. This allows skipping the login process as long as the bearer is valid.

  • Constructor Details

    • TokenStore

      public TokenStore()

  • Method Details

    • init

      public void init(HttpServer httpServer) throws InitException
      Specified by:
      init in class AbstractHttpService
      Throws:
      InitException

    • doStart

      protected void doStart()
      Specified by:
      doStart in class com.google.common.util.concurrent.AbstractService

    • doStop

      protected void doStop()
      Specified by:
      doStop in class com.google.common.util.concurrent.AbstractService

    • registerAccessToken

      public void registerAccessToken(String accessToken, AuthenticationInfo authenticationInfo)

    • revokeAccessToken

      public void revokeAccessToken(String accessToken)

    • verifyAccessToken

      public AuthenticationInfo verifyAccessToken(String accessToken) throws UnauthorizedException
      Throws:
      UnauthorizedException

    • forgetUser

      public void forgetUser(String username)

    • generateRefreshToken

      public String generateRefreshToken(UserSession session)

    • verifyRefreshToken

      public org.yamcs.http.auth.TokenStore.RefreshResult verifyRefreshToken(String refreshToken)
      Validate the provided refresh token, and exchange it for a new one. The provided refresh token is invalidated, and will stop working after a certain time.

      Attempts to exchange a previously exchanged token will always return the same result, as long as it has not expired yet.

      Returns:
      a new refresh token, or null if the token could not be exchanged.

    • revokeRefreshToken

      public void revokeRefreshToken(String refreshToken)

    • onCreated

      public void onCreated(UserSession session)
      Specified by:
      onCreated in interface SessionListener

    • onExpired

      public void onExpired(UserSession session)
      Specified by:
      onExpired in interface SessionListener

    • onInvalidated

      public void onInvalidated(UserSession session)
      Specified by:
      onInvalidated in interface SessionListener