Interface OAuthStore
-
public interface OAuthStoreInterface for storing and accessing OAuth artifacts, such as clients, tokens, and consents, that are necessary for an OAuth flow. The implementation is responsible for securing the data at motion and rest. Implementing classes are required to define a zero-argument constructor so that they can be instantiated during loading. To make a OAuthStore implementation available to Liberty as an OSGi service there are two options.- Basic Extensions using Liberty Libraries (BELL) The BELL feature uses the Java ServiceLoader facility to load an OSGi service from a library. Your JAR file must contain both the OAuthStore implementation class and the provider-configuration file. The following list shows the files that might go into a JAR file:
- Registering with a user feature You can create a new OSGi service that implements the OAuthStore in a user feature. The service *must* define the property 'oauth.store.id' with a unique ID that can be used to reference the implementation from a OAuth provider in the server.xml. An example component XML file defining the component service might look like this:
myLibrary.jar ------------- -- com/acme/CustomOAuthStore1.class -- com/acme/CustomOAuthStore2.class -- META-INF/services/com.ibm.websphere.security.oauth20.store.OAuthStore
The provider-configuration file lists all the OAuthStore implementations to be provided as an OSGi service. For example, for myLibrary.jar, the META-INF/services/com.ibm.websphere.security.oauth20.store.OAuthStore provider-configuration file has a list of services, with each service on its own line. It *must* also specify the ID for each instance by inserting a comment line prior to each implementing class that contains a key value pair where the key is 'oauth.store.id' and the value is a unique ID that can be used to reference the instance from a OAuth provider in the server.xml.# oauth.store.id=customOAuthStore1 com.acme.CustomOAuthStore1 # oauth.store.id=customOAuthStore2 com.acme.CustomOAuthStore2
Once the JAR has been packaged, update the server.xml configuration to include the "bells-1.0" feature, the library that points to the JAR and the BELL configuration that points to the library. Finally, associate the OAuth provider to an OAuthStore implementation by adding a 'customStore' element to the 'oauthProvider' element and setting the 'storeId' attribute to the value of the 'oauth.store.id' of the implementation of the OAuthStore to use. Below is an example of associating 'customOAuthStore1' to an OAuth provider using the BELL feature.<server> <featureManager> <feature>oauth-2.0</feature> <feature>bells-1.0</feature> </featureManager> <!-- Create a library for the JAR file that contains the OAuthStore implementation. --> <library id="mylibrary"> <file name="${shared.resource.dir}/libs/myLibrary.jar"> </library> <!-- Load the library in a BELL. --> <bell libraryRef="mylibrary" /> <!-- Configure the OAuth provider with the custom OAuthStore implementation. --> <oauthProvider ...> <customStore storeId="customOAuthStore1" /> </oauthProvider> </server>OSGI-INF/com.acme.CustomOAuthStore1.xml --------------------------------------- <component name="CustomOAuthStore1"> <implementation class="com.acme.CustomOAuthStore1"/> <service> <provide interface="com.ibm.websphere.security.oauth20.store.OAuthStore"/> </service> <property name="service.vendor" type="String" value="ACME"/> <property name="oauth.store.id" type="String" value="customOAuthStore1"/> </component>When the user feature has been installed in Liberty, add the user feature to the feature list in the server.xml configuration file. Finally, associate the OAuth provider to an OAuthStore implementation by adding a 'customStore' element to the 'oauthProvider' element and setting the 'storeId' attribute to the value of the 'oauth.store.id' of the implementation of the OAuthStore to use. Below is an example of associating 'customOAuthStore1' to an OAuth provider using a user feature.<server> <featureManager> <feature>oauth-2.0</feature> <feature>user:myFeature-1.0</feature> </featureManager> <!-- Configure the OAuth provider with the custom OAuthStore. --> <oauthProvider ...> <customStore storeId="customOAuthStore1" /> </oauthProvider> </server>
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description intcountTokens(java.lang.String providerId, java.lang.String username, java.lang.String clientId)Counts theOAuthTokenentries matching the given providerId, username, and clientId arguments in the store.voidcreate(OAuthClient oauthClient)Creates anOAuthCliententry in the store.voidcreate(OAuthConsent oauthConsent)Creates anOAuthConsententry in the store.voidcreate(OAuthToken oauthToken)Creates anOAuthTokenentry in the store.voiddeleteClient(java.lang.String providerId, java.lang.String clientId)Deletes anOAuthCliententry matching the providerId and clientId arguments from the store.voiddeleteConsent(java.lang.String providerId, java.lang.String username, java.lang.String clientId, java.lang.String resource)Deletes anOAuthConsententry matching the providerId, username, and clientId arguments from the store.voiddeleteConsents(java.lang.String providerId, long timestamp)Deletes theOAuthConsententries for the providerId from the store whose expiration fields are less than the given timestamp argument.voiddeleteToken(java.lang.String providerId, java.lang.String lookupKey)Deletes anOAuthTokenentry matching the providerId and lookupKey arguments from the store.voiddeleteTokens(java.lang.String providerId, long timestamp)Deletes theOAuthTokenentries for the providerId from the store whose expiration fields are less than the given timestamp argument.java.util.Collection<OAuthClient>readAllClients(java.lang.String providerId, java.lang.String attribute)Reads all theOAuthCliententries matching the given providerId and attribute arguments from the store.java.util.Collection<OAuthToken>readAllTokens(java.lang.String providerId, java.lang.String username)Reads all theOAuthTokenentries matching the given providerId and username arguments from the store.OAuthClientreadClient(java.lang.String providerId, java.lang.String clientId)Reads theOAuthCliententry matching the given providerId and clientId arguments from the store.OAuthConsentreadConsent(java.lang.String providerId, java.lang.String username, java.lang.String clientId, java.lang.String resource)Reads theOAuthConsententry matching the given providerId, username, clientId, and resource arguments from the store.OAuthTokenreadToken(java.lang.String providerId, java.lang.String lookupKey)Reads theOAuthTokenentry matching the given the providerId and lookupKey arguments from the store.voidupdate(OAuthClient oauthClient)Updates anOAuthCliententry in the store.voidupdate(OAuthConsent oauthConsent)Updates anOAuthConsententry in the store.voidupdate(OAuthToken oauthToken)Updates anOAuthTokenentry in the store.
-
-
-
Method Detail
-
create
void create(OAuthClient oauthClient) throws OAuthStoreException
Creates anOAuthCliententry in the store.- Parameters:
oauthClient- theOAuthClientobject representing the client to create in the store- Throws:
OAuthStoreException- if the store is not able to create theOAuthCliententry
-
create
void create(OAuthToken oauthToken) throws OAuthStoreException
Creates anOAuthTokenentry in the store.- Parameters:
oauthToken- theOAuthTokenobject representing the token to create in the store- Throws:
OAuthStoreException- if the store is not able to create theOAuthTokenentry
-
create
void create(OAuthConsent oauthConsent) throws OAuthStoreException
Creates anOAuthConsententry in the store.- Parameters:
oauthConsent- theOAuthConsentobject representing the consent to create in the store- Throws:
OAuthStoreException- if the store is not able to create theOAuthConsententry
-
readClient
OAuthClient readClient(java.lang.String providerId, java.lang.String clientId) throws OAuthStoreException
Reads theOAuthCliententry matching the given providerId and clientId arguments from the store.- Parameters:
providerId- the id of the OAuth provider the client is registered withclientId- the id of the client entry to find in the store- Returns:
- the
OAuthCliententry ornullif no matching entry exists - Throws:
OAuthStoreException- if the store is not able to read anOAuthCliententry
-
readAllClients
java.util.Collection<OAuthClient> readAllClients(java.lang.String providerId, java.lang.String attribute) throws OAuthStoreException
Reads all theOAuthCliententries matching the given providerId and attribute arguments from the store.- Parameters:
providerId- the id of the OAuth provider the client is registered withattribute- an attribute of the client to match when reading the entry from the underlying store. If null, the method should return all clients for the specified provider.- Returns:
- the collection of
OAuthCliententries ornullif no matching entries exist - Throws:
OAuthStoreException- if the store is not able to read theOAuthCliententries
-
readToken
OAuthToken readToken(java.lang.String providerId, java.lang.String lookupKey) throws OAuthStoreException
Reads theOAuthTokenentry matching the given the providerId and lookupKey arguments from the store.- Parameters:
providerId- the id of the OAuth provider that issued the tokenlookupKey- the lookup key of the token entry to find in the store- Returns:
- the
OAuthTokenentry ornullif no matching entry exists - Throws:
OAuthStoreException- if the store is not able to read anOAuthTokenentry
-
readAllTokens
java.util.Collection<OAuthToken> readAllTokens(java.lang.String providerId, java.lang.String username) throws OAuthStoreException
Reads all theOAuthTokenentries matching the given providerId and username arguments from the store.- Parameters:
providerId- the id of the OAuth provider that issued the tokensusername- the user the tokens were issued for- Returns:
- the
OAuthTokenentries ornullif no matching entries exist - Throws:
OAuthStoreException- if the store is not able to read theOAuthTokenentries
-
countTokens
int countTokens(java.lang.String providerId, java.lang.String username, java.lang.String clientId) throws OAuthStoreExceptionCounts theOAuthTokenentries matching the given providerId, username, and clientId arguments in the store.- Parameters:
providerId- the id of the OAuth provider that issued the tokensusername- the user the tokens were issued forclientId- the id of the client the tokens were issued to- Returns:
- the number of tokens the user was issued for the client with the given clientId from the provider with the given providerId
- Throws:
OAuthStoreException- if the store is not able to count theOAuthTokenentries
-
readConsent
OAuthConsent readConsent(java.lang.String providerId, java.lang.String username, java.lang.String clientId, java.lang.String resource) throws OAuthStoreException
Reads theOAuthConsententry matching the given providerId, username, clientId, and resource arguments from the store.- Parameters:
providerId- the id of the OAuth provider from which consent was givenuserame- the user that gave consentclientId- the id of the client granted consent to access the resourceresource- the resource the client was granted consent to- Returns:
- the
OAuthConsententries ornullif no matching entry exists - Throws:
OAuthStoreException- if the store is not able to read anOAuthConsententry
-
update
void update(OAuthClient oauthClient) throws OAuthStoreException
Updates anOAuthCliententry in the store. If the entry does not exist, this operation will no-op.- Parameters:
oauthClient- theOAuthClientobject representing the client to update in the store- Throws:
OAuthStoreException- if the store is not able to update theOAuthCliententry
-
update
void update(OAuthToken oauthToken) throws OAuthStoreException
Updates anOAuthTokenentry in the store. If the entry does not exist, this operation will no-op.- Parameters:
oauthToken- theOAuthTokenobject representing the token to update in the store- Throws:
OAuthStoreException- if the store is not able to update theOAuthTokenentry
-
update
void update(OAuthConsent oauthConsent) throws OAuthStoreException
Updates anOAuthConsententry in the store. If the entry does not exist, this operation will no-op.- Parameters:
oauthConsent- theOAuthConsentobject representing the consent to update in the store- Throws:
OAuthStoreException- if the store is not able to update theOAuthConsententry
-
deleteClient
void deleteClient(java.lang.String providerId, java.lang.String clientId) throws OAuthStoreExceptionDeletes anOAuthCliententry matching the providerId and clientId arguments from the store.- Parameters:
providerId- the id of the OAuth provider the client is registered withclientId- the id of the client entry to delete from the store- Throws:
OAuthStoreException- if the store is not able to delete theOAuthCliententry
-
deleteToken
void deleteToken(java.lang.String providerId, java.lang.String lookupKey) throws OAuthStoreExceptionDeletes anOAuthTokenentry matching the providerId and lookupKey arguments from the store.- Parameters:
providerId- the id of the OAuth provider that issued the tokenlookupKey- the lookup key of the token entry to delete from the store- Throws:
OAuthStoreException- if the store is not able to delete theOAuthTokenentry
-
deleteTokens
void deleteTokens(java.lang.String providerId, long timestamp) throws OAuthStoreExceptionDeletes theOAuthTokenentries for the providerId from the store whose expiration fields are less than the given timestamp argument.- Parameters:
providerId- the id of the OAuth provider that issued the tokentimestamp- the time in milliseconds since the epoch to compare the token entry expiration with to delete the entry from the store- Throws:
OAuthStoreException- if the store is not able to delete theOAuthTokenentries
-
deleteConsent
void deleteConsent(java.lang.String providerId, java.lang.String username, java.lang.String clientId, java.lang.String resource) throws OAuthStoreExceptionDeletes anOAuthConsententry matching the providerId, username, and clientId arguments from the store.- Parameters:
providerId- the id of the OAuth provider from which consent was givenusername- the user that gave consentclientId- the id of the client for which to delete the user consent entry from the storeresource- the resource the client was granted consent to- Throws:
OAuthStoreException- if the store is not able to delete theOAuthConsententry
-
deleteConsents
void deleteConsents(java.lang.String providerId, long timestamp) throws OAuthStoreExceptionDeletes theOAuthConsententries for the providerId from the store whose expiration fields are less than the given timestamp argument.- Parameters:
providerId- the id of the OAuth provider from which consent was giventimestamp- the time in milliseconds since the epoch to compare the consent entry expiration with to delete the entry from the store- Throws:
OAuthStoreException- if the store is not able to delete theOAuthConsententries
-
-