Interface ImpersonationService
- All Known Implementing Classes:
DefaultImpersonationService
public interface ImpersonationService
Service providing various methods related to the impersonation flow. Includes generating and
validating impersonation tokens used during redirects, as well as session tokens. Implementations
of this class should support cross domain impersonation.
- Author:
- Nick Crum (ncrum)
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionconsumeImpersonationToken(String token) Validates tokens generated bygenerateImpersonationToken(ImpersonationRequest, Authentication)and converts them into the originalImpersonationRequestsupplied before redirect.generateImpersonationRedirectUrl(String redirectUrl, com.nimbusds.jwt.SignedJWT signedJWT, String contextPath, String clientId) Generates a URL String containing a serialized signed JWT that should be redirected to in order to consume an impersonation token.com.nimbusds.jwt.SignedJWTgenerateImpersonationToken(ImpersonationRequest request, org.springframework.security.core.Authentication authentication) Generates a JWT to be used during redirects when impersonating a user.getImpersonationSessionToken(ImpersonationRequestToken impersonationRequest, OAuth2UserDetails impersonatedUser) Creates anOAuth2SessionTokenfor the validatedImpersonationRequest.
-
Method Details
-
getImpersonationSessionToken
OAuth2SessionToken getImpersonationSessionToken(ImpersonationRequestToken impersonationRequest, OAuth2UserDetails impersonatedUser) Creates anOAuth2SessionTokenfor the validatedImpersonationRequest.- Parameters:
impersonatedUser- The user to be impersonatedimpersonationRequest- The impersonation request- Returns:
- A valid
OAuth2SessionTokenfor the impersonated user with additional CSR claims.
-
generateImpersonationToken
com.nimbusds.jwt.SignedJWT generateImpersonationToken(ImpersonationRequest request, org.springframework.security.core.Authentication authentication) Generates a JWT to be used during redirects when impersonating a user. This allows impersonation across domains.- Parameters:
request- The impersonation request.authentication- The current user's authentication- Returns:
- A signed JWT to be used during a redirect to the targeted domain.
-
consumeImpersonationToken
Validates tokens generated bygenerateImpersonationToken(ImpersonationRequest, Authentication)and converts them into the originalImpersonationRequestsupplied before redirect.- Parameters:
token- The serialized signed JWT.- Returns:
- An impersonation request.
-
generateImpersonationRedirectUrl
String generateImpersonationRedirectUrl(String redirectUrl, com.nimbusds.jwt.SignedJWT signedJWT, String contextPath, String clientId) Generates a URL String containing a serialized signed JWT that should be redirected to in order to consume an impersonation token.- Parameters:
redirectUrl- The redirect URL, typicallyImpersonationRequest.getRedirect_uri()signedJWT- The signed JWT, generated fromgenerateImpersonationToken(ImpersonationRequest, Authentication)contextPath- The context path of the impersonation requestclientId- Id of theAuthorizedClientto redirect to.- Returns:
- A URL to consume the impersonation token.
-