Java tutorial
/* * * Copyright 2016 Netflix, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * */ package com.netflix.genie.client.security.oauth2; import com.netflix.genie.client.apis.TokenService; import com.netflix.genie.client.exceptions.GenieClientException; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import retrofit2.Response; import retrofit2.Retrofit; import retrofit2.converter.jackson.JacksonConverterFactory; import java.net.URL; import java.util.Calendar; import java.util.Date; import java.util.HashMap; /** * Class that contains the logic to get OAuth credentials from IDP. * * @author amsharma * @since 3.0.0 */ @Slf4j public class TokenFetcher { private static final String CLIENT_ID = "client_id"; private static final String CLIENT_SECRET = "client_secret"; private static final String GRANT_TYPE = "grant_type"; private static final String SCOPE = "scope"; // A map of all the fields needed to get the credentials private final HashMap<String, String> credentialParams = new HashMap<>(); // An instance of the TokenService private final TokenService tokenService; // The url of the IDP server to get OAuth credentails private final String oauthUrl; private Date expirationTime = new Date(); private AccessToken accessToken; /** * Constructor. * * @param oauthUrl The url of the IDP from where to get the credentials. * @param clientId The clientId to use to get the credentials. * @param clientSecret The clientSecret to use to get the credentials. * @param grantType The type of the grant. * @param scope The scope of the credentials returned. * @throws GenieClientException If there is any problem. */ public TokenFetcher(final String oauthUrl, final String clientId, final String clientSecret, final String grantType, final String scope) throws GenieClientException { log.debug("Constructor called."); if (StringUtils.isBlank(oauthUrl)) { throw new IllegalArgumentException("URL cannot be null or empty"); } if (StringUtils.isBlank(clientId)) { throw new IllegalArgumentException("Client Id cannot be null or empty"); } if (StringUtils.isBlank(clientSecret)) { throw new IllegalArgumentException("Client Secret cannot be null or empty"); } if (StringUtils.isBlank(grantType)) { throw new IllegalArgumentException("Grant Type cannot be null or empty"); } if (StringUtils.isBlank(scope)) { throw new IllegalArgumentException("Scope cannot be null or empty"); } try { final URL url = new URL(oauthUrl); // Construct the Base path of the type http[s]://serverhost/ for retrofit to work. final String oAuthServerUrl = url.getProtocol() + "://" + url.getHost() + "/"; final Retrofit retrofit = new Retrofit.Builder().baseUrl(oAuthServerUrl) .addConverterFactory(JacksonConverterFactory.create()).build(); this.oauthUrl = oauthUrl; // Instantiate the token service tokenService = retrofit.create(TokenService.class); // Construct the fields map to send to the IDP url. credentialParams.put(CLIENT_ID, clientId); credentialParams.put(CLIENT_SECRET, clientSecret); credentialParams.put(GRANT_TYPE, grantType); credentialParams.put(SCOPE, scope); } catch (Exception e) { throw new GenieClientException("Could not instantiate Token Service due to exception " + e); } } /** * Method that returns the OAuth credentials. * * @return An access token object. * @throws GenieClientException If there is any problem. */ public AccessToken getToken() throws GenieClientException { try { if (new Date().after(this.expirationTime)) { final Response<AccessToken> response = tokenService.getToken(oauthUrl, credentialParams).execute(); if (response.isSuccessful()) { // Get current date, add expiresIn for the access token with a buffer of 5 minutes final Calendar cal = Calendar.getInstance(); accessToken = response.body(); cal.add(Calendar.SECOND, accessToken.getExpiresIn() - 300); this.expirationTime = cal.getTime(); return accessToken; } else { throw new GenieClientException(response.code(), "Could not fetch Token"); } } else { return accessToken; } } catch (Exception e) { throw new GenieClientException("Could not get access tokens" + e); } } }