All Classes and Interfaces

Class
Description
An abstract connection whose synchronous methods are implemented in terms of asynchronous methods.
Abstract AuditEvents base class providing audit events lookup support.
Abstract Filter base class providing policy condition advice support.
An abstract base class from which connection wrappers may be easily implemented.
A base implementation of the Context interface.
This class provides a logger for decorators, according to the pattern: <decoratorClassname>.<decoratorName>.<decoratedObjectName>.
Deprecated.
Use ContentEncryptionHandler instead.
Deprecated.
in 7.1, use AbstractDecorator as a replacement along with the class service/factory.
A base implementation for all JwtBuilders that provides the basis of the JWT builder methods.
Deprecated.
RequestHandler now has default methods which implement the not-supported behavior.
An abstract base class for implementing routers.
The base class for both the filter and handler heaplet implementations.
A scriptable heap object acts as a simple wrapper around the scripting engine.
Creates and initializes a scriptable heap object in a heap environment.
Base TypeDefinitionProvider for any scriptable components.
An abstract SetCookieHeader class for SetCookieHeader and SetCookie2Header.
Processes the Accept-API-Version message header.
A header class representing the Accept-Language HTTP header.
Builder for audit access events.
The status of the access request.
Represents an exception whilst retrieving an OAuth2 access token.
Represents an OAuth2 Access Token.
Resolves a given token against a dedicated OAuth2 Identity Provider (OpenAM, Google, Facebook, ...).
A secret store that can obtain access tokens from an OAuth 2 provider.
Builder object for the access token secret store.
Action<E extends Exception>
An Runnable functional interface which can throw a checked Exception.
An implementation specific action, or operation, upon a JSON resource.
Response object for JSON responses.
Builder for audit activity events.
Configuration class for the Identity Gateway Administration.
A Context containing information which should be returned to the user in some appropriate form to the user.
WarningHeader implements RFC 2616 section 14.46 - Warning.
Provides JWE key encapsulation using the AES KeyWrap algorithm.
The interface for each possible algorithm that can be used to sign and/or encrypt a JWT.
This filter authorizes a request to continue processing if any of the declared rules is satisfied (logical or).
Creates an AllowOnlyFilter in a Heap environment.
Represents a link to AM notification service.
A supplier of AM Link.
A supplier of Resilient AM Link.
Represent a listener willing to be notified upon AmLink events.
Represent a listener capable of handling reopening signals.
Creates a configuration class for AM.
Builder of AmService.
A pre-builder class used to discover AM details such as its version and expected cookie name.
This heaplet represents an instance of an AmService that can shared amongst AM related filters such as the SingleSignOnFilter and the PolicyEnforcementFilter.
Provide AmServiceHeaplet's TypeDefinition.
This filter will track the AM sessions (stateless or stateful) and will revoke them if their idle timeout goes over a defined limit.
This class is responsible of creating the AmSessionIdleTimeoutFilter heap object.
Provide AmSessionIdleTimeoutFilter's TypeDefinition.
Normalized AM version.
A producer of API Descriptions.
This filter overrides the protocol version in Accept-Api-Version header.
A Context which is created when a request is and has been routed based on resource API version.
Utility methods to work with CHF Applications.
A utility class for dealing with CrestApplication instances.
Resolves native arrays of objects.
Register all the aliases supported by the openig-identity-assertion module.
Conditionally assigns values to expressions before and after the request is handled.
Creates and initializes an assignment filter in a heap environment.
An asynchronous Function which returns a result at some point in the future.
Collection of AsyncFunction utilities.
A Text Writer which writes log records asynchronously to character-based stream.
This utility class supports a lock-downgrading strategy to make sure that 2 concurrent calls to compute the "cached" value will result in a single computation.
A session manager is responsible to create/save a new type of Session.
An AttributesContext is a mechanism for transferring transient state between components when processing a single request.
Denotes audit dependencies.
Represents an audit event.
Root builder for all audit events.
The interface for an AuditEventHandler.
Abstract AuditEventHandler class.
Factory interface for creating instances of AuditEventHandler.
Helper methods for AuditEvents.
Audit events interface.
Stores the state of the details sent to AuditEventHandler.publishEvent(Context, String, JsonValue).
Root class of all exceptions in the Commons Audit Framework.
A Context used when auditing over the router.
Utility class to facilitate creation and configuration of audit service and audit event handlers through JSON.
CREST RequestHandler responsible for storing and retrieving audit events.
Builder for AuditService.
Configuration of the audit service.
Creates and initializes an AuditService in a heap environment.
AuditService proxy that allows products to implement threadsafe hot-swappable configuration updates.
General utilities for commons audit.
Builder for audit authentication events.
Defines a fixed set of authentication statuses that can be logged.
Represents an authentication error or failure.
Asynchronous AM authentication service delivering SsoToken.
Provides an implementation of the AuthenticationService using a Authenticator plugin.
A handler that can send an authorization code and optional PKCE verifier to the token endpoint to receive an access token.
A header class representing the Authorization HTTP header.
A factory for creating AuthorizationHeader instances.
Used by the FragmentFilter and the DataPreservationFilter to know if a filter has attempted an impending IG redirection.
Restart an AmLink automatically upon disconnection.
A helper class to ease readability.
An exception that is thrown during a operation on a resource when the requested operation is malformed.
Provides RFC 4648 / RFC 2045 compatible Base64 encoding and decoding.
A Base64EncodedSecretStore stores secret values (such as password or simple shared secrets) in a base64-encoded form in memory.
Creates and initializes a Base64EncodedSecretStore in a heap environment.
Provide the Base64EncodedSecretStore's TypeDefinition.
A SecretPropertyFormat for a BASE64 format.
Makes use of the Base64 class to encode and decode to and from URL-safe Base64.
Configuration class for the Identity Gateway Administration.
A base implementation of QueryFilterVisitor where all methods throw an UnsupportedOperationException by default - override just the methods you need.
The baseURI decorator can decorate both Filter and Handler instances.
Creates and initializes a baseUri in a heap environment.
A factory for the BaseUriDecorator.
Utility to help with baseUri expressions.
A rich representation of basic credentials.
Implementation is responsible for being able to build up a batch payload and to publish that payload.
Indicates failure during a batch operation.
Implementations of BatchPublisher are able to consume multiple audit events and build batches out of them.
Batch publisher factory provides new instances of BatchPublisher.
Basic batch publisher factory implementation.
Resolves Java Beans objects.
A rich representation of bearer credentials.
A BiFunction functional interface which can throw a checked Exception.
Utils to complement bit operations not covered by the BigInteger functions.
Bindings represents the Expression bindings used during evaluation and assignation.
This class can be used for filtering string elements by using blacklists and/or whitelists.
An input stream that can branch into separate input streams to perform divergent reads.
A dynamically growing data buffer.
Buffers audit events to a bounded queue, periodically flushing the queue to a provided BatchConsumer.
Builder used to construct a new BufferedBatchPublisher.
Provide a TypeDefinitionProvider for CacheAccessTokenResolver.
A CREST Filter that caches policy decisions.
Create a CacheSessionService which is responsible to manage the cache for the SessionInfo.
Create a CacheUserProfileService which is responsible for managing the UserProfile cache.
A CachingAccessTokenResolver is a delegating AccessTokenResolver that uses a write-through cache to enable fast AccessTokenInfo resolution.
A CaffeineCacheAccessTokenResolver is a delegating AccessTokenResolver that uses a write-through Caffeine cache to enable fast AccessTokenInfo resolution.
Creates and initializes an CaffeineCacheAccessTokenResolver in the heap environment.
Utility class for Caffeine-related workarounds.
The capture decorator can decorates both Filter and Handler instances.
Creates and initializes a CaptureDecorator in a heap environment.
A CapturedUserPasswordContext to store the user's decrypted password.
The CapturedUserPasswordFilter is responsible for retrieving the user password from AM and to decrypt it.
Creates and initializes the filter in a heap environment.
A factory for the CaptureDecorator.
Specify where the message capture takes place.
An implementation of a map whose keys are case-insensitive strings.
An implementation of a set whose values are case-insensitive strings.
This filter handles any condition advices returned from AM during a policy evaluation, which one will depend on the policy.
Context implementation to maintain cross-domain SSO properties.
Context implementation to hold error details, should an error occur during cross-domain SSO authentication.
A filter that evaluates a required EL expression to establish the client certificate from both context and request, then calculates the thumbprint for that certificate (sha-256 hash and base64 url encoding) before storing it in the attributes context for later retrieval in downstream components.
Creates and initializes a certificate thumbprint filter in a heap environment.
A key used for verifying certificate signatures.
Allow to build a chain of filters as one filter.
A chain of zero or more filters and one handler.
Provide the HTTP Filter's Chain TypeDefinition.
Transforms a Flowable of CharBuffer into a Flowable of String, by splitting on EOL chars ('\r' and '\n').
A CharsetDecoderFlowableTransformer decodes bytes from a stream of ByteBuffer into a stream of CharBuffer using the given Charset.
Just enough of a HttpServletRequest wrapper around a CHF Request to keep the AM SAML2 components happy.
Just enough of a HttpServletResponse wrapper around a CHF Response to keep the AM SAML2 components happy.
Filter implementing the Circuit Breaker pattern to avoid cascading failures.
The Heaplet used to create a CircuitBreakerFilter heap object.
The TypeDefinitionProvider of the CircuitBreakerFilter.
This interface has to be implemented by each Identity Gateway module that wants to register new class aliases.
An HTTP client which forwards requests to a wrapped Handler.
Represents a ClientAuthenticationException when the client fails to authenticate.
Client context gives easy access to client-related information that are available into the request.
Builder for creating ClientContext instances.
Verifies a certificate thumbprint by computing a digest of the client certificate (found in ClientContext) and comparing the result with the base64-url-encoded value provided within the confirmation key node.
A grant type handler that can retrieve an access token using the client_credentials grant type.
Creates and initializes a Filter supporting the transformation of client credentials to an access_token.
The TypeDefinitionProvider of the ClientCredentialsOAuth2ClientFilterHeaplet.
Creates and initializes a ClientHandler in a heap environment.
Provide ClientHandler's TypeDefinition.
A configuration for an OpenID Connect Provider.
Creates and initializes a Client Registration object in a heap environment.
The client registration filter is the way to dynamically register an OpenID Connect Relying Party with the End-User's OpenID Provider.
Strategy supporting different client registration mechanisms.
Deprecated.
since 26.2.
Heaplet supporting creation of a client-secret-basic authentication Filter.
A Filter implementation to add the credentials to request body for authenticating as per the OAuth 2.0 Authorization Framework specification.
Heaplet supporting creation of a client-secret-post authentication Filter.
Extension to TlsOptions to support changing the behaviour of how hostname verification is enforced.
Creates and initializes client-side TLS options in a heap environment.
Provide ClientTlsOptionsHeaplet's TypeDefinition.
Common utility methods for Closeables.
AsyncFunction that silently closes an input-parameter after a delegate-function's AsyncFunction.apply(Object) is completed.
Function that silently closes an input-parameter after a delegate-function's Function.apply(Object) is invoked.
An implementation interface for resource providers which exposes a collection of resource instances.
This class stores the common audit logging batch process configurations.
Expose Caffeine's StatsCounter in our own MeterRegistry.
An Enum of the possible compression algorithms that can be applied to the JWE payload plaintext.
The interface for CompressionHandlers for all the different compression algorithms.
A service to get the appropriate CompressionHandler for a specified Compression algorithm.
This filter conditionally executes a delegate Filter given the result of a 'condition' function.
Creates a ConditionalFilter into a Heap environment.
An ConditionEnforcementFilter makes sure that the handled Request verifies a condition.
Creates and initializes an ConditionEnforcementFilter in a heap environment.
Builder for audit config events.
A ConfirmationKeyVerifier is responsible to verify a confirmation key node.
A ConfirmationKeyVerifierAccessTokenResolver is responsible of validating confirmation keys bound to the access_token (such as certificate thumbprint).
Creates and initializes a Confirmation Key Verifier access_token resolver in the heap environment.
An exception that is thrown during a operation on a resource when such an operation would result in a conflict.
A client connection to a JSON resource provider over which read and update requests may be performed.
Describes if the event is a connection event or a disconnection event.
A connection factory provides an interface for obtaining a connection to a JSON resource provider.
Processes the Connection message header.
Constraints defined for JWT validation.
A Consumer functional interface which can throw a checked Exception.
Processes the Content-API-Version message header.
Processes the Content-Encoding message header.
Processes the Content-Length message header.
Processes the Content-Type message header.
A decoration Context is a way to provide the decorator(s) all of the available information about the instance to decorate.
Type-safe contextual information associated with the processing of a request in an application.
This a value class to hold a Context and a Request during the processing of a request.
An HTTP cookie.
Indicates the SameSite value of the cookie.
An implementation of AsyncSessionManager storing sessions in memory.
Suppresses, relays and manages cookies.
Action to be performed for a cookie.
Creates and initializes a cookie filter in a heap environment.
Processes the Cookie request message header.
Register all the aliases supported by the openig-core module.
Core default declarations to add in Heap.
This filters implements the resource processing of the CORS protocol.
A CorsFilterHeaplet configures a CorsFilter in a heap environment.
The CORS policy is responsible to handle both actual and preflight CORS requests and set the appropriate set of response headers based on its own configuration.
Builder for CorsPolicy instances.
A CorsPolicyProvider allows the CorsFilter to lookup its configuration at runtime, also based on contextual information.
An enum of count policy types.
A specific exception for when Create is not supported, but Upsert might be being attempted so distinguish from other BadRequestExceptions.
A request to create a new JSON resource.
Credential pair implementation.
This interface is used to parse the credentials component of an Authorization HTTP header.
Declare a CREST Application.
A CREST HTTP utility class which creates instances of the HttpAdapter to handle CREST HTTP requests.
The CrestSessionService is responsible for performing interactions with the AM sessions endpoint.
Builder of the CrestSessionService.
The CrestUserProfileService is responsible for interactions with AM users endpoint using resource version 3.0; since AM v13.
CREST utility class.
This filter verifies the presence of a JWT authentication token in the configured cookie name: If the JWT is present then its validity is checked and the request is forwarded to the next handler. If the JWT is not present, then the user-agent is redirected to Access Management via its OAuth2 authorization endpoint, to obtain user authentication.
Creates and initialises an authentication filter in a heap environment.
Constants for Crypto Algorithms and Json Crypto Json pointer keys.
Base class for all secrets that are used as keys for cryptographic operations.
A generic filter for preventing cross-site request forgery (CSRF) attacks when using cookie-based authentication.
Builder class for the CSRF filter.
Creates and initializes a CsrfFilter supporting the injection and validation of an anti-CSRF token in the request header.
Handles AuditEvents by writing them to a CSV file.
A configuration for CSV audit event handler.
Contains the csv writer configuration parameters.
Contains the configuration parameters to configure tamper evident logging.
Configuration of event buffering.
Command line interface for verifying an archived set of tamper evident CSV audit log files for a particular topic.
A ProxyOptions representing custom proxy settings.
Creates and initializes a CustomProxyOptions in a heap environment.
Provide the CustomProxyOptions's TypeDefinition.
A key that is used for decrypting confidential data.
A key that is used for encrypting confidential data.
The DataPreservationFilter supports preserving POSTed data from a request that triggers a login redirect.
Create a DataPreservationFilter heap object.
A TypeDefinitionProvider for DataPreservationFilter.
This filter inserts a Date header into the response if it is not present.
Creates and initializes a DateHeaderFilter in a heap environment.
Decodes an HTTP message entity input stream.
A DecorationHandle is handle to get the decorated object and being able to notify the decoration to stop.
A Decorator is responsible for decorating existing object's instances.
A base class for decorator heaplets.
Marker interface for all key types that can be used for decryption.
This interface has to be implemented by each Identity Gateway module that wants to register new default heaplet declaration to put in the Gateway heap.
A Heaplet declaration definition.
Reify the normal environment structure with pre-configured shortcuts.
Default implementation of KeyStoreHandlerProvider.
Default implementation of LocalHostNameProvider using InetAddress to lookup host name of local host.
A DefaultRateThrottlingPolicy is a delegating ThrottlingPolicy that ensures the returned ThrottlingRate is never null.
Creates and initializes a DefaultRateThrottlingPolicy in a heap environment.
Default implementation of ScriptFactoryManager supporting dynamic registration and un-registration of ScriptFactory.
Default implementation of SecureStorageProvider.
The default routing behaviour to use when no Accept-API-Version is set on the request.
An implementation of the CompressionHandler for DEFLATE Compressed Data Format Specification.
This heaplet aims to be be a placeholder so you can decorate the delegate object with any decorators.
Provide the Delegate's TypeDefinition.
A route matcher that delegates to a provided route matcher.
A request to delete a JSON resource.
Configuration wrapper for JMS DeliveryMode persistence constants.
An interface for a simple dependency provider.
AuditEventFactory capable of performing construction injection by resolving dependencies using a DependencyProvider.
Base DependencyProvider that has provides no dependencies.
Utility methods for reading and writing DER-encoded values.
A routing component (a CHF Handler or CREST RequestHandler) can describe its API by implementing this interface.
Interface for listener instances.
A handler that both handles Requests, and also supports querying for API Descriptors.
An HttpApplication that produces OpenAPI API Descriptors.
Version of SynchronousRequestHandlerAdapter that exposes a described handler.
Manage the WebSocketAdapter and run subscribe and unsubscribe operations on it.
Supports direct encryption using a shared symmetric key.
Represents the name/value pair of a HTTP header directives.
High-level interface to the WatchService API for detecting filesystem change events.
A Collection decorator that notifies the provided DirtyListener when one ore more elements are removed.
An Iterator decorator that notifies the provided DirtyListener when one element is removed.
Enable observers to be notified when one or more element are removed from a Map.
A Set decorator that notifies the provided DirtyListener when one ore more elements are removed.
The different behaviours that can be applied in case of notifications disconnections.
Represents an exception whilst performing OpenID discovery.
In order for an OpenID Connect Relying Party to utilize OpenID Connect services for an End-User, the RP needs to know where the OpenID Provider is.
A RetentionPolicy that will retain/delete log files based off the total disk space used.
Dispatches to one of a list of handlers.
Creates and initializes a dispatch handler in a heap environment.
Provide DispatchHandler's TypeDefinition.
Represents a duration in english.
Implements Elliptic Curve Diffie-Hellman (ECDH) key agreement in ephemeral-static (ECDH-ES) mode.
Deprecated.
This class implements an Elliptical Curve Json Web Key storage and manipulation class.
EC JWK builder.
Deprecated.
AuditEventHandler for Elasticsearch.
A configuration for Elasticsearch audit event handler.
Configuration of connection to Elasticsearch.
Configuration of event buffering.
Configuration of index mapping.
Utilities for working with Elasticsearch.
Encapsulates common functionality for JWKs that represent elliptic curve keys: EcJWK and OkpJWK.
A JWE implementation of the Jwt interface.
An implementation of a JwtBuilder that can build a JWT and encrypt it, resulting in an EncryptedJwt object.
Support for JWT encryption, both asymmetric and symmetric (authenticated encryption) are supported.
A Filter implementation to add the client credentials to request as signed then encrypted private key jwt as per the OpenID Connect Client Authentication specification.
Builder class for creating the Encrypted PrivateKey Jwt ClientAuthentication Filter.
Heaplet supporting creation of an encrypted private-key-jwt authentication Filter.
An implementation of a JWS with a nested JWE as its payload.
An implementation of a JwtBuilder that can build a JWT and encrypt it and nest it within another signed JWT, resulting in an SignedEncryptedJwt object.
An implementation of a JWS Header builder that provides a fluent builder pattern to create JWS headers for signed encrypted JWTs.
The interface for EncryptionHandlers for all the different encryption algorithms.
Marker interface for all key types that can be used for encryption.
A service to get the appropriate EncryptionHandler for a specified Java Cryptographic encryption algorithm.
An Enum of the possible encryption methods that can be used when encrypting a JWT.
Registry for Identity Gateway REST API endpoints.
Handle for un-registering an endpoint.
Message content.
Extracts regular expression patterns from a message entity.
Creates and initializes an entity extract handler in a heap environment.
Utility class for accessing Java enum types.
Provides a EnumValueOfHelper.valueOf(String) method as a replacement for the implicitly declared enum function valueOf(String), which has the advantage of not throwing exceptions when the name argument is null or cannot be found in the enum's values.
Encapsulate logic to access configuration files and other directories of the IG base directory.
The root Heap that includes access to the environment additional information.
An ELContext node plugin that provides read-only access to environment variables.
Base class for audit event handler configuration.
Encapsulates meta-data for event topics.
Builder for EventTopicsMetaData.
A completion handler for consuming exceptions which occur during the execution of asynchronous tasks.
This Filter executes all CREST operations in an executor, effectively running the rest of the chain in another thread.
Responsible for generating ExecutorService instances which are automatically wired up to shutdown when the ShutdownListener event triggers.
An exception generated by a TokenHandler on extraction when the token is expired.
An Unified Expression Language expression.
An exception that is thrown during expression operations.
A wrapper of the Instant plus/minus functions for use in expressions.
A plugin that contributes a node to the Expression context tree.
Resolves Bindings-based tokens using COMMONS Config PropertyResolver.
This is an implementation of the AsyncFunction based on the evaluation of an Expression.
Utility class for evaluating expression in some collections.
Defines the standard Syslog message facilities.
A factory interface.
Wraps an existing InputStream, supporting a failed state that is checked before and after each operation.
Unable to load the JWK/x5u location points.
Context implementation to hold error information regarding failures.
A FapiInteractionIdFilter is responsible to manage the FapiInteractionIdFilter.FAPI_INTERACTION_ID header value.
Creates and initializes a fapi interaction-id filter in a heap environment.
Retrieves and exposes a record from a delimiter-separated file.
Creates and initializes a separated values file attribute provider in a heap environment.
Configures time based or size based log file rotation.
Groups the file retention config parameters.
Groups the file rotation config parameters.
A BranchingInputStream for reading from files.
Utility class for filename related methods.
An interface to declare the names of audit log files.
A FileResourceSet is able to give access to file-based content within the scope of the root directory.
A SecretStore that reads secrets from a directory with the expectation that each file contains a separate secret.
A builder for more fluently creating a FileSystemSecretStore.
This heaplet represents an instance of a PropertyResolverSecretStore resolving properties from files in a directory.
Provide the FileSystemSecretStoreHeaplet's TypeDefinition.
Interface that represents an audit filter.
Filters the request and/or response of an HTTP exchange.
An interface for implementing request handler filters.
Builds a Filter for a given set of FilterPolicy.
A chain of filters terminated by a target request handler.
A condition which controls whether or not a filter will be invoked or not.
Represents a FilterPolicy which contains the includeIf and excludeIf values for the filter.
Utility methods for creating common types of filters.
This class contains methods for creating various kinds of Filter and FilterConditions.
An implementation of the ThrottlingPolicy that always returns the same throtlling rate.
Rotates audit files at fixed times throughout the day.
Decodes an HTTP message entity flow.
An exception that is thrown when access to a resource is forbidden during an operation on an resource.
Form fields, a case-sensitive multi-string-valued map.
A Header representation of the Forwarded HTTP header.
This class represents a request's hop detail.
Rebase the UriRouterContext's Original URI with a computed scheme, host name and port.
Creates and initializes an ForwardedRequestFilter in a heap environment.
The FragmentFilter supports URIs that contain fragments, keeping track of the fragment part when a request triggers a login redirect.
Creates and initialises a FragmentFilter in a heap environment.
A RetentionPolicy that will retain/delete log files given a minimum amount of disk space the file system must contain.
A synchronous function which returns a result immediately.
Methods exposed for EL usage.
Utility class for Futures and Promises.
Configuration class for configuring the Identity Gateway.
An undecoded HTTP message header.
A generic base class for heaplets with automatically injected fields.
A generic secret represented as an opaque blob of bytes, such as a password or API key.
A SecretStore that maps GenericSecrets from an underlying SecretsProvider to CryptoKeys.
A GlobalDecorator stores decorators configuration in order to re-apply them when requested to decorate a given heap object instance.
Unsubscribe from every subscribed topics on closure.
Creates and initializes a Filter supporting the transformation of a request - e.g.
Creates and initialises an GrantSwapJwtAssertionOAuth2ClientFilter in a heap environment.
Abstract base class for OAuth 2 grant type handlers for calling the token endpoint.
Provide support for scripts written in the Groovy language.
Asynchronously handles an HTTP Request by producing an associated Response.
Utility methods for creating common types of handlers.
Provides commonly used handler implementations.
An HTTP message header.
Creates instances of Header classes from String representation.
Removes headers from and adds headers to a message.
Creates and initializes a header filter in a heap environment.
Provide HeaderFilter's TypeDefinition.
Message headers, a case-insensitive multiple-value map.
Resolves Headers objects.
Utility class for processing values in HTTP header fields.
Provides an OpenAM SSO Token in the given header name for downstream components.
Manages a collection of associated objects created and initialized by Heaplet objects.
An exception that is thrown during heap operations.
The concrete implementation of a heap.
Creates and initializes an object that is stored in a Heap.
Builds Heaplet instances.
Loads Heaplet classes based on the class of object they create.
Resolves Heap objects.
Routines for encoding and decoding binary data in hexadecimal format.
For every key that starts with the keyToHide, return an empty value.
Implements the HKDF key deriviation function to allow a single input key to be expanded into multiple component keys.
A secret key designed to be used as the master key for HKDF key generation.
Deprecated.
A loader for the KeyStoreSecretStore that knows how to load standard PKCS#11 Hardware Security Module (HSM) providers on our supported platforms.
This heaplet represents an instance of a HsmSecretStoreHeaplet.
This filter aims to send some access audit events to the AuditService managed as a CREST handler.
Configuration class to configure the HttpApplication instance.
An exception that is thrown during a Http Application start up when the start up of the application fails.
Creates and initializes a Filter supporting the injection of a Basic Authorization header in the request for the configured credentials.
Performs authentication through the HTTP Basic authentication scheme.
Creates and initializes an HTTP basic authentication filter in a heap environment.
An SPI interface for HTTP Client implementations.
An HTTP client for sending requests to remote servers.
SSL host name verification policies.
Encapsulates the details of the proxy if one is required when making outgoing requests.
Abstract Heaplet to create HTTP clients with different behaviors.
A provider interface for obtaining HttpClient instances.
A Context containing information relating to the originating HTTP request.
A factory which is responsible for creating new request Contexts for each JSON request.
HTTP utility methods and constants.
HTTP WebSocket client interface.
QueryResourceHandler that searches for a specific identifier value.
An exception specific to issues within the assertion package.
Provides support to locally process a user and generate a JWT assertion that represents the user back to the calling party.
Creates and initializes a IdentityAssertionHandler in a heap environment.
Provides support to locally process a user and generate a JWT assertion that represents the user back to the calling party.
Creates and initializes a LocalAuthenticationHandler in a heap environment.
Provide IdentityAssertionHandler's TypeDefinition.
Implementations of this interface carry out some user processing and returns the claims that should be included in the Identity Assertion JWT in the IdentityAssertionClaims.
An exception specific to issues within the plugin package.
Implementations of this interface carry out some user processing and returns the claims that should be included in the Assertion JWT in the IdentityAssertionClaims.
An IdentityRequestJwtContext is used to store the key details of the Identity Request JWT.
Enums that represent the version of the Identity Request JWT.
Defines the contract to generate global unique identifiers.
Default implementation of the IdGenerator that will output some ids based on the following pattern : <uuid> + '-' + an incrementing sequence.
An IdTokenValidationFilterHeaplet creates a filter that can be used to validate the given idToken according to the provided configuration by leveraging the JwtValidationFilter.
This class is responsible for locating the IG instance directory.
A time source; returns a time value representing the number of nanoseconds elapsed since some fixed but arbitrary point in time.
An exception which is thrown when two incompatible RouteMatch instances are attempted to be compared.
Interface of an object that can be indexed with a unique key.
Matches IPs (v4 or v6) with a CIDR pattern RFC4632.
Subscribe to a set of initial topics while starting.
This filter is responsible to check that an @InternalSsoTokenContext was defined in the context's chain and to propagate the SSO token (potentially not valid) into the request as a header.
This class provides utility methods for converting Java Date objects into and from IntDates.
An exception that is thrown during an operation on a resource when the server encountered an unexpected condition which prevented it from fulfilling the request.
An InternalSsoTokenContext used to store an SSO token.
An InvalidCallerTokenDetectionFilter provides a mechanism that allows IG to detect an incorrect response and trigger a token refresh before making the request again with the updated token.
Represents an exception that occurs when a JWT is determined as invalid.
An exception generated by a TokenHandler on validation or extraction when the token is invalid.
Utility class that can stream to and from streams.
Metadata of an OAuth2 issuer.
A configuration for an OAuth2 or an OpenID Connect Issuer.
A repository to store and create all the OAuth2 issuers.
Creates and initializes an IssuerRepository in a heap environment.
Default implementation of a Keystore handler.
Implements a AuditEventHandler to write AuditEvents to a JDBC repository.
Configures the JDBC mapping and connection pool.
Configuration for a connection pool.
Configuration of event buffering.
Creates and initializes a JDBC data source in a heap environment.
Publishes Audit events on a JMS Topic.
Configuration object for the JmsAuditEventHandler.
This class holds the configuration properties that are used by the {#link BatchPublisher} to control the batch queue and worker threads that process the items in the queue.
Stores the JNDI context properties and lookup names.
Interface for retrieving a JMS topic and a JMS connection factory.
Set of SecretConstraints for filtering Secrets.
Provides read and write JSON capabilities.
Jackson Module that uses a mixin to make sure that a JsonValue instance is serialized using its #getObject() value only.
Jackson Module that adds a serializer for LocalizableString.
AuditEventHandler for persisting raw JSON events to a file.
Configuration for JsonAuditEventHandler.
Configuration of event buffering.
An exception that is thrown during JSON operations.
Processes partial modifications to JSON values.
RFC6902 expects the patch value to be a predetermined, static value to be used in the patch operation's execution.
Identifies a specific value within a JSON structure.
Contains Utility methods for dealing with JsonSchema data.
AuditEventHandler for persisting raw JSON events to stdout.
Configuration for JsonStdoutAuditEventHandler.
Represents a value in a JSON object model structure.
An exception that is thrown during JSON value operations.
A QueryFilterVisitor that returns true if the provide JsonValue meets the criteria of the QueryFilter assertions and false if it does not.
This class contains the utility functions to convert a JsonValue to another type.
This class contains the utility functions to convert a JsonValue to CREST (json-resource) types.
Provides additional functionality to JsonValue.
An implementation of Function that recursively traverses the JsonValue and applies some transformation if needed.
Contains some JsonValue Utility methods.
An Enum of the possible encryption algorithms that can be used to encrypt a JWT.
An Enum of the possible types of JWE algorithms that can be used to encrypt a JWT.
Represents an exception for when compression/decompression of the plaintext fails.
This exception entirely duplicates JweDecryptionException except that it is a checked exception so that it can be used with a Promise.
Class supporting EncryptedJwt encryption verification with a verification Purpose and a SecretsProvider responsible for getting the decryption key.
Represents an exception for when decryption of the JWE fails.
This class represents the result from the encryption process of the JWT plaintext.
Represents an exception for when encryption of the JWE fails.
Represents a generic exception for JWE operations.
An implementation for the JWE Header parameters.
An implementation of a JWE Header builder that provides a fluent builder pattern to create JWE headers.
An Enum for the additional JWE Header parameter names.
The abstract base class for the 3 implementations of JWK.
JWK builder.
Exports keys in JSON Web Key (JWK) format.
Helper class to look up and return the keys from specific JWK implementation algorithm types.
Decodes a JSON Web Key (JWK) as a secret.
Builds a JwkPropertyFormat used to decode JSON Web Key formatted keys that can be used with SecretStore mappings configuration.
Provide the JwkPropertyFormatHeaplet's TypeDefinition.
Holds a Set of JWKs.
Creates a JwkSetHandler to store the cryptographic keys.
Creates and initializes a JwkSetHandler in a heap environment.
Provides methods to gather a JWKSet from a URL and return a map of key ids to keys as dictated by that JWKS.
A secret store that loads cryptographic keys from a local or remote JWKSet.
This heaplet represents an instance of a JwkSetSecretStore resolving secrets from an URL of a JSON Web Key Set(JWKSet).
Store JWKs into a jwkSet from a JWKs_URI and refresh the jwkSet when necessary.
Manage the jwks store, to avoid having more than one jwks store for the same JWKs_URI unnecessary.
A base implementation class for a JSON Web object.
An Enum of the possible signing algorithms that can be used to sign a JWT.
An Enum of the possible types of JWS algorithms that can be used to sign a JWT.
Represents a generic exception for JWS operations.
An implementation for the JWS Header parameters.
An implementation of a JWS Header builder that provides a fluent builder pattern to create JWS headers.
An Enum for the JWS Header parameter names.
Class supporting Jwt signature verification with a verification Purpose and a SigningManager responsible for the verification.
Represents an exception for when signing of the JWS fails.
Represents an exception for when verification of the JWS signature fails.
The interface for all types of JSON Web Tokens (JWTs).
The base interface for all JwtBuilders for each type of JWT (plaintext, signed or encrypted).
Used by the JwtBuilderFilter to make the JWT available in the context.
Represents an exception that occurs when creating/rebuilding JWTs.
A factory for getting builders for plaintext, signed and encrypted JWTs and reconstructing JWT strings back into their relevant JWT objects.
The JwtBuilderFilter collects data from template and puts the name-value pairs into a JWT structure.
Creates and initializes a JwtBuilderFilter in a heap environment.
A JwtClaimConstraint represents an individual check that can applied to test a claim from a JWT.
An implementation that holds a JWT's Claims Set.
An implementation of a JWT Claims Set builder that provides a fluent builder pattern to creating JWT Claims Sets.
An Enum for the JWT Claims Set names.
A JwtConstraint represents an individual check that can applied to test a JWT.
A JwtFactory encapsulates JWT production strategy into a re-usable and testable design.
The JwtFactory supports securing of JWTs.
A base implementation class for JWT Headers.
A base implementation of a JWT header builder that provides a fluent builder pattern to creating JWT headers.
An Enum for the JWT Header parameter names.
A service that provides a method for reconstruct a JWT string back into its relevant JWT object, (SignedJwt, EncryptedJwt, SignedThenEncryptedJwt, EncryptedThenSignedJwt).
Represents an exception that occurs when reconstructing JWTs.
Represents a generic exception for JWT operations.
A base implementation for the common security header parameters shared by the JWS and JWE headers.
A base implementation of a JWT header builder, for the common security header parameters shared by the JWS and JWE headers, that provides a fluent builder pattern to creating JWT headers.
This Heaplet is responsible for configuring and creating a JwtSession.
Deprecated.
Prefer SecretsJwtTokenHandler instead.
A type that stores the media/jwt types for JWTs.
Utility methods supporting JWTs.
A JwtValidationContext used to store the JWT and claims.
A JwtValidationErrorContext used to store the JWT and the list of violations for this JWT.
A JwtValidationFilter validates the given JWT according to the provided configuration.
Creates and initializes a JwtValidationFilter in a heap environment.
The JwtValidator is responsible for the JWT validation.
Builder for the JwtValidator.
This interface provides a generic way to enrich a JwtValidator.Builder.
A class that handles the results for the JWT validation.
A SecretPropertyFormat that wraps another format, extracting the secret value from a JWT before delegating to the wrapped format.
Provides support for validating a user's Kerberos token, works as an IdentityAssertionPlugin for the IdentityAssertionHandler.
Creates and initializes a KerberosIdentityAssertionPlugin in a heap environment.
Provide the KerberosIdentityAssertionPlugin's TypeDefinition.
A key that is used in a key-agreement protocol (such as Diffie-Hellman) to agree another key.
A key that is used to decrypt (or "unwrap") other keys that have been encrypted with a KeyEncryptionKey.
A key that is used to encrypt ("wrap") other keys.
A format that can be used for exporting key material.
Exports a key in the PEM (Privacy Enhanced Mail) format.
Exports the raw key.
Deprecated.
Represents the Possible key operations values.
Define here the constants that can be used as Heap's keys.
Handles the access to a KeyStore.
Decorate a KeyStoreHandler in order to add some commons utility methods to read or write keystore's entries.
Strategy for obtaining a keystore handler.
Deprecated.
A secret store for cryptographic keys based on a standard Java KeyStore.
Specifies an alias with its validity for use in the store.
Permits to retrieve the list of usable AliasSpecs of a specific KeyStore.
Aggregates multiple AliasSpecProviders results to serve the list of AliasSpec for a KeyStore.
Serves a matching subset of the aliases present in a KeyStore based on a predicate.
An interface to allow the consuming application to provide the stable ID for the secret.
Serves a static list of AliasSpecs, without looking at the real content of a KeyStore.
This heaplet represents an instance of a KeyStoreSecretStore.
Provide the KeyStoreSecretStoreHeaplet's TypeDefinition.
Implementation of a secure storage using a keystore.
Utility class to retrieve private keys from KeyStore.
Provides support for a service login using a Keytab file.
Creates and initializes a KeytabServiceLogin in a heap environment.
Provide the KeytabServiceLogin's TypeDefinition.
Enum representing the possible KeyTypes.
Indicates the type of key.
Indicates the allowed usages for a particular key.
Represents the supported KeyUse values.
For a given key/value pair, return the processed value as an Optional.
Class representing a value to be processed.
Utility methods for interacting with lambdas that throw exceptions.
A list with lazy initialization.
A map with lazy initialization.
Lazily resolve a JsonValue reference node against a provided Heap instance.
A Supplier that lazily computes a value the first time it is accessed and then caches the result to return on subsequent requests.
A LeftValueExpression is a specialized Expression to which we can assign a value.
Manages Lifecycle on an object.
Wraps another map.
Resolves List objects.
Provides helper methods for List.
An SPI interface for implementing alternative service loading strategies.
Provides methods for dynamically loading classes.
Strategy for obtaining the server's local hostname.
Represents a String which could be localizable.
An implementation of an in-memory session store.
Processes the Location message header.
Rewrites Location headers on responses that generate a redirect that would take the user directly to the application being proxied rather than taking the user through the Identity Gateway.
Creates and initializes a LocationHeaderFilter in a heap environment.
A LogAttachedExceptionFilter prints attached exceptions to filtered responses.
Thrown when a header string cannot be parsed to a rich Header implementation.
Wraps another map.
A QueryFilterVisitor that produces a Map representation of the filter tree.
Implementation of ThrottlingPolicy backed by a Map.
Creates and initializes a MappedThrottlingPolicy in a heap environment.
Resolves Map objects.
An implementation of Action that will preserve the SLF4J MDC.
An implementation of Consumer that will preserve the SLF4J MDC.
A SingleObserver wrapper that manages the MDC.
An implementation of Subscriber that will preserve the SLF4J MDC.
Store SLF4J Mapped Diagnosed Context (aka MDC) when tasks are submitted, and re-inject it when tasks are executed.
A MdcRouteIdFilter aims to prepare the current thread with SLF4J MDC information about the current route.
Store SLF4J Mapped Diagnosed Context (aka MDC) when tasks are submitted, and re-inject it when tasks are executed.
A simple in-memory collection resource provider which uses a Map to store resources.
Message<M extends Message<M>>
Elements common to requests and responses.
Abstract message base class.
Indicates a type of HTTP message.
A metered stream is a subclass of OutputStream that (a) forwards all its output to a target stream (b) keeps track of how many bytes have been written.
Collect request processing metrics.
Wraps a map for which the values are lists, providing a set of convenience methods for handling list values.
A MutableUri is a modifiable URI substitute.
A Name uniquely identify an object within a hierarchy.
The NeverThrowsException class is an uninstantiable placeholder exception which should be used for indicating that a Function or AsyncFunction never throws an exception (i.e.
Allows the Caching of an object.
An event handler that does nothing.
Used as a no-op placeholder for an AuditService which can be overridden via config.
Creates a NoOpAuditService in a heap environment.
A Decorator which does nothing but act as if it had decorated the object.
A NOP implementation of the Compression Handler, which will be used when no compression is to be applied.
A ProxyOptions to use when no proxy must be used.
Creates and initializes a NoProxyOptions in a heap environment.
Provide the NoProxyOptions's TypeDefinition.
Deprecated.
This algorithm is inherently insecure and shouldn't be used.
Indicates that no secret was configured for the given purpose, or the named secret is not available.
An exception that is thrown when a specified resource cannot be found.
A Notification is a special message that AM send to its "agents" to notify the occurrence of an event.
Listen to topic notification.
The configuration object used to set up the NotificationService.
Builder to ease the creation of a NotificationsConfig.
Class providing constants used in AM notifications support.
Represents a source of notifications.
Represents the connection event listener registration.
NotificationService implementation.
An exception that is thrown during an operation on a resource when the resource does not implement/support the feature to fulfill the request.
A convenient implementation of a CREST Filter that just returns a NotSupportedException for all the methods implementations.
This class is used to filter null responses.
OAuth2 utility class.
Processes the OAuth 2.0 Bearer WWW-Authenticate message header.
Register all the aliases supported by the openig-oauth2 module.
A filter which is responsible for authenticating the end-user using OAuth 2.0 delegated authorization.
Creates and initializes the filter in a heap environment.
An OAuth2Context could be used to store and retrieve an AccessTokenInfo.
Declares the Heap objects needed by this module in the main IG heap.
Describes an error which occurred during an OAuth 2.0 authorization request or when performing an authorized request.
An exception that is thrown when OAuth 2.0 request fails.
Context implementation to hold OAuth2 error details, should a failure occur during OAuth2 scenarios.
Validates a Request that contains an OAuth 2.0 access token.
Provide a TypeDefinitionProvider for OAuth2ResourceServer.
This context helps to manage the OAuth2Session when used with OAuth2ClientFilter.
Context supporting OAuth2 token exchange scenarios, this manages the resulting exchange token.
Filter supporting OAuth2 token exchange scenarios.
Creates and initialises an OAuth2TokenExchangeFilter in a heap environment.
Attempt to deserialize the Object into its String representation.
Common utility methods for Objects.
Creates an Octet JWK.
The Octet JWK builder.
An Octet Key-Pair (OKP) JWK as defined in RFC 8037.
Builder object for Octet Key-Pair (OKP) JWKs.
Deprecated.
The “/oauth2/tokeninfo” endpoint was deprecated in AM 6.5.
Register all the aliases supported by the openig-openam module.
This filter looks for the query parameter {code _api} : if present then it returns the API description of the downstream handlers, otherwise the request is processed as expected.
A configuration option whose value can be stored in a set of Options.
A set of options which can be used for customizing the behavior of HTTP clients and servers.
Filter which handles OPTION HTTP requests to CREST resources.
A StableIdResolver that uses a version suffix and a subsequent number to determine the stableId of a Secret.
An exception that is thrown if a buffer would overflow as a result of a write operation.
Ordered pair of arbitrary objects.
Supports password replay feature in a composite filter.
An individual patch operation which is to be performed against a field within a resource.
A request to update a JSON resource by applying a set of changes to its existing content.
Utilities for manipulating paths.
If the key matches the expression, return a masked value otherwise return the original value.
Expresses a transformation to be applied to a regular expression pattern match.
The interface represents the body of a JWT.
Supports decoding keys and certificates in PEM format.
Builds a PemPropertyFormat used to decode keys and certificates in a PEM format that can be used with SecretStore mappings configuration.
Provide the PemPropertyFormatHeaplet's TypeDefinition.
A simple reference to an object that is periodically refreshed.
Renew the AmLink periodically without causing any disconnection.
A type helper to supply an AmLink.AmLinkSupplier from a set of topics.
PerItemEvictionStrategyCache is a thread-safe write-through cache.
An exception that indicates that a failure is permanent, i.e.
Register all the aliases supported by the openig-ping module.
This filter permits to evaluate the HTTP request and response against Ping One API Access Management (P1 AAM).
Context supporting risk analysis with PingOne Protect, capturing the evaluation result.
The PingOneProtectEvaluationFilter supports integration with PingOne Protect.
Creates and initialises a PingOneProtectEvaluationFilter in a heap environment.
The PingOneProtectFeedbackFilter provides a feedback mechanism to capture the outcome of actions completed as a result of the risk evaluation.
Creates and initialises a PingOneProtectFeedbackFilter in a heap environment.
The PingOneProtectThreatLevelRoutingHandler routes the request to one of the configured handlers, based on the PingOneProtectEvaluationContext's level, captured during evaluation.
Creates and initialises a PingOneProtectThreatLevelRoutingHandler in a heap environment.
Represents a pipe for transferring bytes from an OutputStream to a InputStream.
A PolicyDecisionContext convey policy decision information to downstream filters and handlers.
This filter requests policy decisions from Access Management which evaluates the original URI based on the context and the policies configured, and according to the decisions, allows or denies the current request.
Creates and initializes a policy enforcement filter in a heap environment.
An exception that is thrown to indicate that a resource's current version does not match the version provided.
An exception that is thrown to indicate that a resource requires a version, but no version was supplied in the request.
A Predicate functional interface which can thrown a checked Exception.
Utility class for Predicate.
This class encapsulates an ordered list of preferred locales, and the logic to use those to retrieve i18n ResourceBundles.
Container for a principal and secret.
Resolves Principal objects.
A Filter implementation for adding the client credentials to request as signed private key jwt as per the OpenID Connect Client Authentication specification.
Builder class for creating the PrivateKey Jwt ClientAuthentication Filter.
Heaplet supporting creation of a private-key-jwt authentication Filter.
Utility class to retrieve product information.
Strategy for obtaining the information relating to the product in which the AuditService is deployed.
Promise<V,E extends Exception>
A Promise represents the result of an asynchronous task.
An implementation of Promise which can be used as is, or as the basis for more complex asynchronous behavior.
Utility methods for creating and composing Promises.
Ordered list of joined asynchronous results.
Utility class for promises management.
Decodes secrets in raw base64 format.
A SecretStore implementation that resolves secrets as base64-encoded strings from an underlying PropertyResolver.
Configure proxy settings.
Purpose<T extends Secret>
A purpose encapsulates both a name for a function that requires access to secrets, together with a hint as to the intended usage of those secrets.
A filter which can be used to select resources, which is compatible with the CREST query filters.
QueryFilter constants.
A query string has the following string representation:
Convenience methods to create QueryFilter that specify fields in terms of JsonPointer instances.
A visitor of QueryFilters, in the style of the visitor design pattern.
A request to search for all JSON resources matching a user specified set of criteria.
A completion handler for consuming the results of a query request.
The final result of a query request returned after all resources matching the request have been returned.
The Randoms utility class offers methods to generate random values.
Generates a random value (cryptographically secure) that can be used in a query parameter value.
Exposes a range of integer values as a set.
Utility class for ReactiveX operations.
A request to read a single identified JSON resource.
This class defines a Realm as it is used in OpenAM.
A RealmNormalizer computes the path segment that includes the AM realm information as it should be used in REST API call.
CREST collection service dedicated to persist JSON objects (other types are not supported: arrays, primitives, and null).
File-based Record storage service.
A Header representation of the Referrer HTTP header.
A grant type handler that can obtain an access token using a previously obtained refresh token.
Represents an exception whilst performing OpenID registration.
A input parameter-validating utility class using fluent invocation:
A request message.
Common attributes of all JSON resource requests.
A context for audit information for an incoming request.
Exposes incoming request cookies.
Provide the RequestFormResourceAccess's TypeDefinition.
Represents the contract with a set of resources.
Resolves Request objects.
The RequestResourceUriProvider has the following configuration:
Creates and initializes a RequestResourceUriProvider in a heap environment.
A utility class containing various factory methods for creating and manipulating requests.
An enumeration whose values represent the different types of request.
A visitor of Requests, in the style of the visitor design pattern.
Exposes an object's elements for access through dynamic expressions and scripts.
Performs object resolution by object type.
A Resource represents any content that can be served through the ResourceHandler.
A ResourceAccess encapsulates the logic of required scope selection.
Utility class providing ResourceAccess configuration support.
Class aggregating ResourceAccess TypeDefinitions.
Implementations of this interface will be responsible for maintaining the behaviour of API Version routing.
API Version routing filter which creates a ApiVersionRouterContext which contains the default routing behaviour when the Accept-API-Version header is set on the request.
API Version routing filter which creates a ApiVersionRouterContext which contains the default routing behaviour when the Accept-API-Version header is set on the request.
A Filter supporting the specification of resource API version configuration to be used when a request on a specific endpoint does not contain an Accept-API-Version header.
Handler allowing products to extend behaviour when a request has no resource API version supplied.
Class representing a mapping between a ResourcePath and a Version.
ResourceApiVersionSpecificationFilter.VersionSpecification supporting specification of a request's resource version based on its resource path.
Mechanism supporting specification of a version on the request.
An exception that is thrown during the processing of a JSON resource request.
Utility class to use on ResourceExceptions.
A ResourceHandler is a handler that serves static content (content of a directory, or a zip).
Creates and initializes a ResourceHandler in a heap environment.
Creates and initializes a Filter supporting the transformation of client and user credentials to an access_token, using the grant type "password".
The TypeDefinitionProvider of the ResourceOwnerOAuth2ClientFilterHeaplet.
A grant type handler that can obtain an access token using the Resource Owner Password Credentials (ROPC) grant.
A relative path, or URL, to a resource.
A resource, comprising of a resource ID, a revision (etag), and its JSON content.
This class contains methods for creating and manipulating connection factories and connections.
Validates a Request that contains an OAuth 2.0 access token.
A ResourceSet abstracts Resource lookup mechanism.
Used to obtain the resource URI to include in policy requests.
A response message.
Common response object of all resource responses.
Indicates whether a response can be cached and under what conditions.
An HTTP Framework Exception that can be used by filters/handlers to simplify control-flow inside async call-backs.
Provide out-of-the-box, pre-configured Response objects.
A utility class containing various factory methods for creating and manipulating responses.
A Result represents the result of a validation operation: either a success or a failure (with an associated description).
A Result of a JWT validation.
A completion handler for consuming the results of asynchronous tasks.
Hook into the retention checking operations for a file.
RetentionHooks that do nothing.
Defines the retention conditions and the files that need to be deleted.
Retry the AmLink start according to criterion.
A type helper to supply an AmLink.AmLinkSupplier from an SSO Token.
An exception that indicates that a failure may be temporary, and that retrying the same request may be able to succeed in the future.
A RetryFilter is responsible for re-executing the incoming request should it fail with a runtime exception or if an optional condition expression evaluates to true.
A RetryFilter builder.
Creates a reverse proxy Handler in a heap environment.
Provide ReverseProxyHandler's TypeDefinition.
A Context which has an a globally unique ID but no parent.
Interface defining methods a rotatable file needs.
Supports file rotation and retention.
Callback hooks to allow custom action to be taken before and after the checks for rotation and retention is performed.
This class holds some information while a file is being rotated.
Callback hooks to allow custom action to be taken before and after file rotation occurs.
RotationHooks that do nothing.
Interface to decide if a file should be rotated or not.
A RouteImporter is responsible for creating a RouteInstance from a given JsonValue that represents an IG route.
A RouteInstance describes a route with all of its internal components, all linked together.
Contains the result of routing to a particular route.
A matcher for evaluating whether a route matches the incoming request.
A utility class that contains methods for creating route matchers.
A utility class that contains methods for creating route matchers.
A router which routes requests based on route matchers.
A router which routes requests based on route predicates.
Represents a URI template string that will be used to match and route incoming requests.
Auto-configured DispatchHandler.
Creates and initializes a routing handler in a heap environment.
Represents an exception whilst managing the routes in a @RouterHandler.
Provide RouterHandler's TypeDefinition.
Context implementation to maintain a record of the route that accepted the request.
The algorithm which should be used when matching URI templates against request resource names.
Deprecated.
Use RSAEncryptionHandler and AESCBCHMACSHA2ContentEncryptionHandler instead.
Deprecated.
Use RSAEncryptionHandler and AESCBCHMACSHA2ContentEncryptionHandler instead.
Abstract base class for implementations of the RSAES-PKCS1-v1_5 and RSA-OAEP encryption schemes.
Implements a RsaJWK.
The RSA JWK builder.
Holds the other prime factors.
Deprecated.
Supported runtime modes.
A completion handler for consuming runtime exceptions which occur during the execution of asynchronous tasks.
Register all the aliases supported by the openig-saml module.
A simple container for the key SAML configuration items.
Context implementation to hold error details, should an error occur during SAML processing.
The SAML federation filter works like other SSO type filters, a request that passes through the SAML federation filter, that does not trigger the logout expression or matches one of the SAML endpoints, will be checked for a valid session.
Provide SamlFederationFilterHeaplet's TypeDefinition.
Deprecated.
in 2023.4.0, use SamlFederationFilterHeaplet as a replacement
Provide SamlFederationHandlerHeaplet's TypeDefinition.
Heaplet for building ScheduledExecutorService instances.
Encapsulate an executable script.
A Scriptable access token resolver.
Creates and initializes a scriptable access token resolver in a heap environment.
A scriptable filter.
Creates and initializes a scriptable filter in a heap environment.
A scriptable handler.
Creates and initializes a scriptable handler in a heap environment.
Creates and initializes a ScriptableIdentityAssertionPlugin in a heap environment.
Creates and initializes a ScriptableIdentityAssertionPlugin in a heap environment.
Provide ScriptableIdentityAssertionPlugin's TypeDefinition.
A Scriptable JWT Validator customizer.
Creates and initializes a scriptable Jwt Validator customizer in a heap environment.
A scriptable resource access.
Creates and initializes a scriptable object in a heap environment.
A scriptable resource URI provider.
Creates and initializes a scriptable resource url provider in a heap environment.
A scriptable throttling datasource.
Creates and initializes a scriptable object in a heap environment.
A factory for Scripts.
A ScriptFactoryManager is the plug-in point where ScriptFactory implementations need to be registered in order to be available to the runtime.
A secret is any piece of data that should be kept confidential.
Provides a uniform way for secrets providers to construct secrets and keys.
A Handle to expire a secret.
A simple holder of a secret and its expirer.
Interface for constraints on a secret that must be satisfied for a given Purpose.
Specifies how data retrieved from a SecretStore should be decoded into a secret object.
Elliptic Curve Digital Signature Algorithm (ECDSA) signing and verification.
Signing handler for Edwards Curve DSA (EdDSA) as defined in RFC 8037.
An implementation of the SigningHandler which can sign and verify using algorithms from the HMAC family.
Wraps a property format that decodes raw bytes and converts it into a property format for extracting secret keys using some algorithm.
It builds a SecretPropertyFormat that can be use with SecretStore mappings configuration.
Provide the SecretKeyPropertyFormatHeaplet's TypeDefinition.
Defines the format of secrets loaded from configuration properties.
Class aggregating basic TypeDefinitions for simple subtypes of SecretPropertyFormat.
A long-lived reference to an active or named secret.
The secret resource used for creating a Secret.
An Secret-based implementation of the SigningHandler which can sign and verify using algorithms from the RSA family.
Provides Secret-based signing and verification code base.
Token handler for creating tokens using a JWT as the store.
Builder pattern object for configuring a SecretsJwtTokenHandler.
An X509ExtendedKeyManager implementation that gets keys and certificates from a SecretsProvider.
A SecretsKeyManagerHeaplet acts as a factory of SecretsKeyManager.
A Java security provider that exposes a KeyStore view of a secret store.
Class used to initialise the keystore when it is initialised via the standard Java interfaces.
The secrets provider is used to get hold of active, named or valid secret objects.
Creates and initializes a SecretsProvider in a heap environment.
Provide the SecretsProviderHeaplet's TypeDefinition.
An implementation of Saml2CredentialResolver that provides support for resolving secrets configured in an IG route/heap.
Interface for the SecretsService.
A backend storage mechanism for certain kinds of secrets.
Provides an implementation of a standard Java TLS X509ExtendedTrustManager that will retrieve trusted certificates from the Secrets API.
A SecretsTrustManagerHeaplet acts as a factory of SecretsTrustManager.
Utility class to use the Commons Secret API.
Represents a storage for secure keys, to be used for signing files.
Exception that can be thrown by a SecureStorage implementation.
Strategy for obtaining a secure storage, used by handlers providing tamper-evident feature.
A Context containing information about the client performing the request which may be used when performing authorization decisions.
Deprecated.
This class will be removed once CAF has been migrated fully to CHF, at which point components should create SecurityContexts directly rather than via request attributes.
Allows records to be retrieved from a delimiter-separated file using key and value.
Reads records with delimiter-separated values from a character stream.
A field separator specification, used to parse delimiter-separated values.
Commonly used field separator specifications.
Processes a request through a sequence of handlers.
Creates and initializes a sequence handler in a heap environment.
Provide SequenceHandler's TypeDefinition.
Provides server info (build-time defined values only at the moment) in a read-only fashion.
Extension to TlsOptions supporting client authentication configuration used to drive the authentication negotiation between the client and IG.
Enum representing the client authentication configuration options driving authentication negotiations between IG and the client.
A SNI (Server Name Indication) configuration holder.
Creates and initializes server-side TLS options in a heap environment.
Used to implement different Kerberos based service logins.
An exception that is thrown during an operation on a resource when the server is temporarily unable to handle the request.
An interface for managing attributes across multiple requests from the same user agent.
A SessionContext is a mechanism for maintaining state between components when processing a successive requests from the same logical client or end-user.
Represents an exception whilst performing Session Service.
The SessionInfo class is responsible to store session info for a given SSO Token.
Context to store Access Management session info and properties.
This filter requests user session info from Access Management and stores it on the context for later use.
Creates and initialises a session info filter in a heap environment.
Deprecated.
Configuration wrapper for JMS Session.getAcknowledgeMode() SessionMode setting.
The SessionService is responsible to perform interactions with AM sessions endpoint, such as session info or logout, etc.
Deprecated, for removal: This API element is subject to removal in a future version.
This header is no longer supported by browsers.
Processes the Set-Cookie request message header.
This filter allows modification of response cookie attribute values for cookies found in the Set-Cookies header.
Creates and initializes a SetCookieUpdateFilter in a heap environment.
Contains another set, which is uses as its basic source of data, possibly transforming the data along the way.
Defines the standard Syslog message severities.
Verifies a certificate thumbprint against a previously calculated thumbprint, stored in a specially named attribute stored in the context's attributes.
Any component which needs to be shut down should implement this interface and use the function to shut down the component.
Interface used by shutdown managers to allow for thread safe adding and removing of shutdown listeners.
This class defines the shutdown priorities that are consumed by com.sun.identity.common.ShutdownManager.
Sends the requests and responses to the Ping Sideband API, then process its decisions and accept/reject/rewrite requests and responses.
Utility class for signing and verifying signatures.
Deprecated.
Deprecated.
Deprecated.
A JWS implementation of the Jwt interface.
A base interface for both SignedJwtBuilder and SignedEncryptedJwtBuilder to create Signed JWTs and Signed and Encrypted JWTs.
An implementation of a JwtBuilder that can build a JWT and sign it, resulting in a SignedJwt object.
A nested signed-then-encrypted JWT.
Builder for nested signed-then-encrypted JWT.
The interface for SigningHandlers for all the different signing algorithms.
A key that is used for signing digital signatures.
A service to get the appropriate SigningHandler for a specific Java Cryptographic signing algorithm.
This filter verifies the presence of a SSOToken in the given cookie name.
Creates and initialises an authentication filter in a heap environment.
Provide SingleSignOnFilter's TypeDefinition.
An implementation interface for resource providers which exposes a single permanent resource instance.
A StableIdResolver that matches a stableId exactly to the purpose for returning only one Secret.
Created a size based file retention policy.
Creates a file size based rotation policy.
An implementation of a ResultRecorder to count the number of failed requests in the last size requests.
A sort key which can be used to specify the order in which JSON resources should be included in the results of a query request.
This comparator iterates through the provided sortKeys and finds the first comparative difference between the left and right side JsonValues.
Defines possible positions for JsonValue that wraps a null object.
Split a target cookie when it is bigger than 4Kb (see RFC 6265) in smaller cookies.
Audit event handler that writes out to Splunk's HTTP event collector RAW endpoint.
Configuration for the splunk audit event handler.
Configuration of event buffering.
Configuration of connection to Splunk.
Executes a SQL query through a prepared statement and exposes its first result.
Creates and initializes a static attribute provider in a heap environment.
Represents the successful result of an authentication against the AM server.
The SsoTokenContext provides access to the token and user information related to this session.
Permits to use a AmLink even if not started or between disconnection and reconnection events.
Interface for resolving stable ids in a SecretStore.
A utility class to capture startup metrics.
A StatelessAccessTokenResolver that locally resolves and validates stateless access_tokens issued by AM.
Creates and initializes a stateless access token resolver in the heap environment.
Creates a new request and send it down the next handler (effectively replacing the previous request).
Creates and initializes a request filter in a heap environment.
Creates a static HTTP response.
Creates and initializes a static response handler in a heap environment.
Provide StaticResponseHandler's TypeDefinition.
The status-code element is a three-digit integer code giving the result of the attempt to understand and satisfy the request.
The first digit of the status-code defines the class of response.
Utility methods for operating on IO streams.
This class provides an utility method for validating that a String is either an arbitrary string without any ":" characters or if the String does contain a ":" character then the String is a valid URI.
Common utility methods for Strings.
Miscellaneous string utility methods.
A StsContext convey the token transformation results to downstream filters and handlers.
Represents a managed subscription to a given topic.
A SubscriptionAck is a response message to a SubscriptionRequest.
Represents a subscription (or un-subscription) failure.
A SubscriptionRequest is a message send to the notification server when subscribing to a topic.
The different kind of subscription requests.
A Supplier functional interface which can throw a checked Exception.
Enumerates all supported elliptic curve parameters for ESXXX signature formats.
An API Producer for APIs that use the Swagger model implementation of the OpenAPI specification.
Extension of Swagger to override some of its behaviors.
Swagger utility.
Conditionally diverts the request to another handler.
Creates and initializes a switch filter in a heap environment.
An interface for implementing synchronous RequestHandlers.
The handler publishes audit events formatted using SyslogFormatter to a syslog daemon using the configured SyslogPublisher.
Configuration object for the SyslogAuditEventHandler.
Configuration of event buffering.
Encapsulates configuration for mapping audit event field values to Syslog severity values.
This heaplet represents an instance of a PropertyResolverSecretStore resolving properties in system then in environment variables.
An ELContext node plugin that provides read-only access to system properties.
A ProxyOptions to use when the system defined proxy must be used.
Creates and initializes a SystemProxyOptions in a heap environment.
Provide the SystemProxyOptions's TypeDefinition.
Contains the necessary information to map an event to a database table, and the event fields to the columns in that database table.
A Heaplet to call IO.newTemporaryStorage() within a heaplet environment.
A TextWriter provides a character-based stream which can be queried for number of bytes written.
A TextWriter implementation which writes to a given output stream.
Wraps a TextWriter in a Writer.
A secret store that wraps another secret store and performs all query operations in a background thread using a thread pool.
Common utility methods for Threads.
This filter applies a rate limitation to incoming requests : over the limit requests will be rejected with a 429 (Too Many Requests) response, others will pass through.
Creates and initializes a throttling filter in a heap environment.
This interface defines the contract to lookup a ThrottlingRate that will be applied to the given Request.
A value object to represent a throttling rate.
This interface defines the contract for any throttling strategy.
Throwable utilities class.
Creates a rotation policy based on a time duration.
The timer decorator can decorate both Filter and Handler instances.
Creates and initializes a TimerDecorator in a heap environment.
Provide TimerDecorator's TypeDefinition.
A factory for the TimerDecorator.
A FilenameFilter that matches historical log files.
Creates a time stamp based file naming policy.
Key TLS Options used by both the ClientTlsOptions and the ServerTlsOptions.
The rate limiting is implemented as a token bucket strategy that gives us the ability to handle rate limits through a sliding window.
Responsible for the validation, generation and parsing of tokens used for keying a JsonValue representative of some state.
An exception generated by a TokenHandler on either creation, validation, or state extraction.
An AccessTokenResolver which is RFC 7662 compliant.
Creates and initializes an TokenIntrospectionAccessTokenResolver in a heap environment.
Deprecated, for removal: This API element is subject to removal in a future version.
A TokenTransformationFilter is responsible for transforming a token issued by Access Management into a token of another type.
Creates and initializes a token transformation filter in a heap environment.
Multiplex topic registration on top of a AmLink.
A Header representation of the Trailer HTTP response header.
TransactionId value should be unique per request coming from an external agent so that all events occurring in response to the same external stimulus can be tied together.
This context aims to hold the TransactionId.
Processes the transactionId header used mainly for audit purpose.
This filter is responsible to create the TransactionIdContext in the context's chain.
This filter aims to create a sub-transaction's id and inserts that value as a header of the request.
Transport protocol over which Syslog messages should be published.
Trust all certificates that this class is asked to check.
Creates and initializes a trust-all manager in a heap environment.
Deprecated.
Type definitions helpers for generic types.
Register all the aliases supported by the openig-uma module.
UMA Resource Server specific exception thrown when unrecoverable errors are happening.
An UmaResourceServerFilter implements a PEP (Policy Enforcement Point) and is responsible to ensure the incoming requests (from requesting parties) all have a valid RPT (Request Party Token) with the required set of scopes.
Creates and initializes an UMA resource server filter in a heap environment.
An UmaSharingService provides core UMA features to the Identity Gateway when acting as an UMA Resource Server.
Creates and initializes an UMA service in a heap environment.
An exception that indicates that a failure is not directly known to the system, and hence requires out-of-band knowledge or enhancements to determine if a failure should be categorized as temporary or permanent.
An marker interface for tagging collection implementations as read-only.
Indicates that the JWT had critical headers that were not recognized by the JWT library and not implemented by the application.
Represents an unrecoverable authentication error or failure such as a missing authentication Tree or Service.
Indicates a 415 Unsupported Media Type response that the Content-Type of the request was not acceptable.
A request to update a JSON resource by replacing its existing content with new content.
Filter supporting URL path rewriting.
Create a UriPathRewriteFilter in a heap environment.
A Context which is created when a request has been routed.
Ease UriRouterContext construction.
Utility class for performing operations on universal resource identifiers.
Computes AM endpoint URIs, based on path normalizer, realm and a base Uri.
Provides support for a service login using a username/password.
Creates and initializes a UsernamePasswordServiceLogin in a heap environment.
Provide the UsernamePasswordServiceLogin's TypeDefinition.
Class containing user profile information.
Used by the UserProfileFilter to make the user's profile attributes available in the context.
Represents an exception thrown whilst performing UserProfileService operations.
This filter requests user profile attributes from Access Management and stores them in the context for later use.
Creates and initialises a UserProfileFilter in a heap environment.
The UserProfileService is responsible for requesting user profile attributes.
Creates and initializes a UserProfileService in a heap environment.
This class provides utility methods to share common behaviour.
Utility class.
Deprecated.
Use Strings, Closeables, Objects or Threads instead.
The validation context that will be passed among the different JWT constraints validations.
A set of credential pairs built from a ValidSecretsReference.
A long-lived reference to a number of secrets.
Utility methods to create Value instances related to IG.
A key used for verifying digital signatures.
Represents some version in the form majorNumber.minorNumber, for instance 2.4.
Supports version with the following format: major[.minor[.micro]].
Describe a Violation, used for the JWT validation.
This annotation doesn't actually do anything, other than provide documentation of the fact that a function has either been marked public, or package private in order for a test (somewhere physically distant in the system) to compile.
Processes the Warning message header.
Basic websocket application interface facilitating different provider implementations.
A configuration holder to instantiate WebSocketAdapter.
Provider of a WebSocket clients.
A provider capable of providing a Filter to manage WebSocket upgrade requests and subsequently manage the bi-directional communication from the client to the remote application.
A provider capable of providing a Filter to manage WebSocket upgrade requests and subsequently manage the bi-directional communication from the client to the remote application.
Creates a static response containing a simple HTML welcome page.
Creates and initializes a static response handler in a heap environment.
A Header representation of the WWW-Authenticate HTTP header.
A single WWW-Authenticate challenge.
Utilities for handling XEC keys for X25519 and X448 ECDH key agreement.
Processes the X-Forwarded-For message header.
This is a custom XML handler to load the dtds from the classpath This should be used by all the xml parsing document builders to set the default entity resolvers.
Utility classes for handling XML.