Interface ImpersonationService
- All Known Implementing Classes:
DefaultImpersonationService
public interface ImpersonationService
Service providing various methods related to the impersonation flow. Includes generating and
validating impersonation tokens used during redirects, as well as session tokens. Implementations
of this class should support cross domain impersonation.
- Author:
- Nick Crum (ncrum)
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionconsumeImpersonationToken
(String token) Validates tokens generated bygenerateImpersonationToken(ImpersonationRequest, Authentication)
and converts them into the originalImpersonationRequest
supplied before redirect.generateImpersonationRedirectUrl
(String redirectUrl, com.nimbusds.jwt.SignedJWT signedJWT, String contextPath, String clientId) Generates a URL String containing a serialized signed JWT that should be redirected to in order to consume an impersonation token.com.nimbusds.jwt.SignedJWT
generateImpersonationToken
(ImpersonationRequest request, org.springframework.security.core.Authentication authentication) Generates a JWT to be used during redirects when impersonating a user.getImpersonationSessionToken
(ImpersonationRequestToken impersonationRequest, OAuth2UserDetails impersonatedUser) Creates anOAuth2SessionToken
for the validatedImpersonationRequest
.
-
Method Details
-
getImpersonationSessionToken
OAuth2SessionToken getImpersonationSessionToken(ImpersonationRequestToken impersonationRequest, OAuth2UserDetails impersonatedUser) Creates anOAuth2SessionToken
for the validatedImpersonationRequest
.- Parameters:
impersonatedUser
- The user to be impersonatedimpersonationRequest
- The impersonation request- Returns:
- A valid
OAuth2SessionToken
for the impersonated user with additional CSR claims.
-
generateImpersonationToken
com.nimbusds.jwt.SignedJWT generateImpersonationToken(ImpersonationRequest request, org.springframework.security.core.Authentication authentication) Generates a JWT to be used during redirects when impersonating a user. This allows impersonation across domains.- Parameters:
request
- The impersonation request.authentication
- The current user's authentication- Returns:
- A signed JWT to be used during a redirect to the targeted domain.
-
consumeImpersonationToken
Validates tokens generated bygenerateImpersonationToken(ImpersonationRequest, Authentication)
and converts them into the originalImpersonationRequest
supplied before redirect.- Parameters:
token
- The serialized signed JWT.- Returns:
- An impersonation request.
-
generateImpersonationRedirectUrl
String generateImpersonationRedirectUrl(String redirectUrl, com.nimbusds.jwt.SignedJWT signedJWT, String contextPath, String clientId) Generates a URL String containing a serialized signed JWT that should be redirected to in order to consume an impersonation token.- Parameters:
redirectUrl
- The redirect URL, typicallyImpersonationRequest.getRedirect_uri()
signedJWT
- The signed JWT, generated fromgenerateImpersonationToken(ImpersonationRequest, Authentication)
contextPath
- The context path of the impersonation requestclientId
- Id of theAuthorizedClient
to redirect to.- Returns:
- A URL to consume the impersonation token.
-