Package ch.k43.tools

Class SOFA

java.lang.Object

ch.k43.tools.SOFA

public class SOFA
extends Object

SOFA - Simple OAuth 2.0 Framework for Authentication

This class implements a small and easy to use framework to support Java applications with OAuth 2.0 for machine-to-machine (M2M) authentication.

Use this class only in trusted environments, since the calling application need to pass confidential data (e.g. client secret and/or user password) for authentication.

All confidential data used in this class is stored in temporary, volatile memory (RAM) protected by AES-256 encryption.

The Java Logger framework is supported by writing log entries with Level.FINE and Level.WARNING. Logging is enabled by adding a configuration file SOFA-Logging.properties which is read from the current directory

Author:

Andy Brunner andy.brunner@k43.ch

Constructor Summary

Constructors

Constructor	Description
SOFA(String parmAuthorizationServer, String parmAuthorizationScope)	Creates a SOFA object and set the authorization server and authorization scope.
SOFA(String parmAuthorizationServer, String parmAuthorizationScope, boolean parmUseLogging)	Creates a SOFA object and set the authorization server and authorization scope.

Method Summary

Modifier and Type	Method	Description
boolean	authenticateWithClientCredentials(String parmClientId, String parmClientSecret)	Calls the authorization server with the client credentials grant type to get an OAuth 2.0 access token
boolean	authenticateWithPassword(String parmClientId, String parmClientSecret, String parmUsername, String parmUserPassword)	Calls the authorization server with the password grant type to get an OAuth 2.0 access token
String	getAccessToken()	Get or refresh OAuth access token
String	getErrorMessage()	Get last error message
String	getHttpAuthorizationHeader()	Get ready-to-use HTTP authorization header, e.g.
int	getHttpResponseCode()	Get response code of last HTTP transaction
String	getHttpResponseData()	Get response data of last HTTP transaction
Properties	getHttpResponseHeaders()	Get response headers of last HTTP transaction
long	getHttpResponseTimeMs()	Get response time of last HTTP transaction
void	setHttpTimeoutSec(int parmTimeOut)	Set timeout value for HTTP transactions.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SOFA

public SOFA(String parmAuthorizationServer,
 String parmAuthorizationScope,
 boolean parmUseLogging)

Creates a SOFA object and set the authorization server and authorization scope. The status of the Java Logging framework can be set to enabled or disabled.

Parameters:

parmAuthorizationServer - is the OAuth authorization server

parmAuthorizationScope - is the OAuth authorization scope

parmUseLogging - specifies whether the Java Logger framework should be used or not

SOFA

public SOFA(String parmAuthorizationServer,
 String parmAuthorizationScope)

Creates a SOFA object and set the authorization server and authorization scope.

Parameters:

parmAuthorizationServer - is the OAuth authorization server

parmAuthorizationScope - is the OAuth authorization scope

Method Details

authenticateWithPassword

public boolean authenticateWithPassword(String parmClientId,
 String parmClientSecret,
 String parmUsername,
 String parmUserPassword)

Calls the authorization server with the password grant type to get an OAuth 2.0 access token

Parameters:

parmClientId - the client ID (Application ID) created during application registration on the authorization server

parmClientSecret - the client secret generated during during application registration on the authorization server

parmUsername - the user name

parmUserPassword - the user password in clear text

Returns:

boolean true if successful, false otherwise

See Also:

• getHttpResponseCode()
• getHttpResponseData()
• getHttpResponseHeaders()
• getAccessToken()
• getErrorMessage()

authenticateWithClientCredentials

public boolean authenticateWithClientCredentials(String parmClientId,
 String parmClientSecret)

Calls the authorization server with the client credentials grant type to get an OAuth 2.0 access token

Parameters:

parmClientId - the client ID (Application ID) created during application registration on the authorization server

parmClientSecret - the client secret generated during during application registration on the authorization server

Returns:

boolean true if successful, false otherwise

See Also:

• getHttpResponseCode()
• getHttpResponseData()
• getHttpResponseHeaders()
• getAccessToken()
• getErrorMessage()

setHttpTimeoutSec

public void setHttpTimeoutSec(int parmTimeOut)

Set timeout value for HTTP transactions. The initial timeout is 10 seconds.

Parameters:

parmTimeOut - is the timeout value in seconds for send and receive operations

getHttpResponseCode

public int getHttpResponseCode()

Get response code of last HTTP transaction

Returns:

int with the last HTTP response code

getHttpResponseHeaders

public Properties getHttpResponseHeaders()

Get response headers of last HTTP transaction

Returns:

Properties with all HTTP response headers or NULL

getHttpResponseData

public String getHttpResponseData()

Get response data of last HTTP transaction

Returns:

String with HTTP response data or NULL

getHttpResponseTimeMs

public long getHttpResponseTimeMs()

Get response time of last HTTP transaction

Returns:

long with the response time in milliseconds

getAccessToken

public String getAccessToken()

Get or refresh OAuth access token

Returns:

String with the last fetched OAuth access code

getHttpAuthorizationHeader

public String getHttpAuthorizationHeader()

Get ready-to-use HTTP authorization header, e.g. Authorization: Bearer ey...jw

Returns:

String with a ready to use HTTP authorization header

getErrorMessage

public String getErrorMessage()

Get last error message

Returns:

String with the last error message