All Classes and Interfaces
Class
Description
An abstract connection whose synchronous methods are implemented in terms of
asynchronous methods.
Abstract
AuditEvents base class providing audit events lookup support.Provide shared
client-secret-based
TypeDefinition attributes.Abstract
Filter base class providing policy condition advice support.An abstract base class from which connection wrappers may be easily
implemented.
A base implementation of the
Context interface.This class provides a logger for decorators, according to the pattern:
<decoratorClassname>.<decoratorName>.<decoratedObjectName>.
Deprecated.
A base implementation for all JwtBuilders that provides the basis of the JWT builder methods.
Deprecated.
RequestHandler now has default methods which implement the not-supported behavior.An abstract base class for implementing routers.
The base class for both the filter and handler heaplet implementations.
A scriptable heap object acts as a simple wrapper around the scripting engine.
Creates and initializes a scriptable heap object in a heap environment.
Base
TypeDefinitionProvider for any scriptable components.An abstract SetCookieHeader class for
SetCookieHeader and SetCookie2Header.Processes the
Accept-API-Version message header.A header class representing the Accept-Language HTTP header.
Builder for audit access events.
The status of the access request.
Represents an exception whilst retrieving an OAuth2 access token.
Represents an OAuth2 Access Token.
Resolves a given token against a dedicated OAuth2 Identity Provider (OpenAM, Google, Facebook, ...).
A secret store that can obtain access tokens from an OAuth 2 provider.
Builder object for the access token secret store.
An
Runnable functional interface which can throw a checked Exception.An implementation specific action, or operation, upon a JSON resource.
Response object for JSON responses.
Builder for audit activity events.
Configuration class for the Identity Gateway Administration.
Provides the Admin type definition.
A
Context containing information which should be returned to the user in some
appropriate form to the user.WarningHeader implements RFC 2616 section 14.46 - Warning.
Provides JWE key encapsulation using the AES KeyWrap algorithm.
The interface for each possible algorithm that can be used to sign and/or encrypt a JWT.
This filter authorizes a request to continue processing if any of the declared rules is satisfied (logical or).
Creates an
AllowOnlyFilter in a Heap environment.Provide
AllowOnlyFilter's TypeDefinition.Represents a link to AM notification service.
A supplier of AM Link.
A supplier of Resilient AM Link.
Represent a listener willing to be notified upon
AmLink events.Represent a listener capable of handling reopening signals.
Creates a configuration class for AM.
Builder of
AmService.A pre-builder class used to discover AM details such as its version and expected cookie name.
This heaplet represents an instance of an
AmService that can shared amongst AM
related filters such as the SingleSignOnFilter and the PolicyEnforcementFilter.Provide
AmServiceHeaplet's TypeDefinition.This filter will track the AM sessions (stateless or stateful) and will revoke them if their idle timeout goes
over a defined limit.
This class is responsible of creating the
AmSessionIdleTimeoutFilter heap object.Provide
AmSessionIdleTimeoutFilter's TypeDefinition.Normalized AM version.
A producer of API Descriptions.
This filter overrides the protocol version in Accept-Api-Version header.
A
Context which is created when a request is and has been routed
based on resource API version.Utility methods to work with CHF Applications.
A utility class for dealing with
CrestApplication instances.Register all the aliases supported by the openig-identity-assertion module.
Conditionally assigns values to expressions before and after the request is handled.
Creates and initializes an assignment filter in a heap environment.
Provide
AssignmentFilter's TypeDefinition.An asynchronous
Function which returns a result at some point in the
future.Collection of
AsyncFunction utilities.A Text Writer which writes log records asynchronously to character-based stream.
This utility class supports a lock-downgrading strategy to make sure that 2 concurrent calls to compute
the "cached" value will result in a single computation.
A session manager is responsible to create/save a new type of
Session.An asynchronous
Supplier which returns a result at some point in the future.An
AttributesContext is a mechanism for transferring transient state between components when processing a
single request.Denotes audit dependencies.
Represents an audit event.
Root builder for all audit events.
The interface for an AuditEventHandler.
Abstract AuditEventHandler class.
Factory interface for creating instances of
AuditEventHandler.Helper methods for AuditEvents.
Audit events interface.
Stores the state of the details sent to
AuditEventHandler.publishEvent(Context, String, JsonValue).Root class of all exceptions in the Commons Audit Framework.
A Context used when auditing over the router.
Utility class to facilitate creation and configuration of audit service and audit event handlers
through JSON.
CREST
RequestHandler responsible for storing and retrieving audit events.Builder for AuditService.
Configuration of the audit service.
Creates and initializes an AuditService in a heap environment.
Provide
AuditServiceObjectHeaplet's TypeDefinition.AuditService proxy that allows products to implement threadsafe hot-swappable configuration updates.
General utilities for commons audit.
Builder for audit authentication events.
Defines a fixed set of authentication statuses that can be logged.
Represents an authentication error or failure.
Asynchronous AM authentication service delivering
SsoToken.Provides an implementation of the
AuthenticationService using a Authenticator plugin.A handler that can send an authorization code and optional PKCE verifier to the token endpoint to receive an
access token.
A filter which is responsible for authenticating the end-user using OAuth 2.0
delegated authorization.
Creates and initializes the filter in a heap environment.
Provide the
AuthorizationCodeOAuth2ClientFilter's TypeDefinition.A header class representing the
Authorization HTTP header.A factory for creating
AuthorizationHeader instances.Used by the
FragmentFilter and the DataPreservationFilter to know if a filter has attempted an
impending IG redirection.Restart an
AmLink automatically upon disconnection.A helper class to ease readability.
An exception that is thrown during a operation on a resource when the
requested operation is malformed.
Provides RFC 4648 / RFC 2045 compatible Base64 encoding and decoding.
A
Base64EncodedSecretStore stores secret values (such as password or
simple shared secrets) in a base64-encoded form in memory.Creates and initializes a
Base64EncodedSecretStore in a heap environment.Provide the
Base64EncodedSecretStore's TypeDefinition.A
SecretPropertyFormat for a BASE64 format.Provide the
Base64PropertyFormat's TypeDefinition.Assocated
Base64PropertyFormat heaplet.Makes use of the
Base64 class to encode and decode to and from URL-safe Base64.Configuration class for the Identity Gateway Administration.
A base implementation of
QueryFilterVisitor where
all methods throw an UnsupportedOperationException by default -
override just the methods you need.Creates and initializes a baseUri in a heap environment.
Provide
BaseUriDecorator.Heaplet's TypeDefinition.A factory for the
BaseUriDecorator.Utility to help with baseUri expressions.
A rich representation of basic credentials.
Implementation is responsible for being able to build up a batch payload and to publish that payload.
Indicates failure during a batch operation.
Implementations of
BatchPublisher are able to consume multiple audit events
and build batches out of them.Batch publisher factory provides new instances of
BatchPublisher.Basic batch publisher factory implementation.
A rich representation of bearer credentials.
A
BiFunction functional interface which can throw a checked Exception.Utils to complement bit operations not covered by the BigInteger functions.
This class can be used for filtering string elements by using blacklists and/or whitelists.
An input stream that can branch into separate input streams to perform
divergent reads.
A dynamically growing data buffer.
Buffers audit events to a bounded queue, periodically flushing the queue to a provided
BatchConsumer.Builder used to construct a new
BufferedBatchPublisher.Provide a
TypeDefinitionProvider for
CacheAccessTokenResolver.A CREST
Filter that caches policy decisions.Create a CacheSessionService which is responsible to manage the cache for the
SessionInfo.Create a CacheUserProfileService which is responsible for managing the
UserProfile cache.A
CachingAccessTokenResolver is a delegating AccessTokenResolver that uses a write-through cache
to enable fast AccessTokenInfo resolution.A
CaffeineCacheAccessTokenResolver is a delegating AccessTokenResolver that uses a write-through
Caffeine cache to enable fast AccessTokenInfo resolution.Builder of
CaffeineCacheAccessTokenResolver.Creates and initializes an
CaffeineCacheAccessTokenResolver in the heap environment.Utility class for Caffeine-related workarounds.
Creates and initializes a CaptureDecorator in a heap environment.
Provide
CaptureDecorator.Heaplet's TypeDefinition.A
CapturedUserPasswordContext to store the user's decrypted password.The
CapturedUserPasswordFilter is responsible for retrieving the user password from
AM and to decrypt it.Creates and initializes the filter in a heap environment.
Provide
CapturedUserPasswordFilter.Heaplet's TypeDefinition.A factory for the
CaptureDecorator.Specify where the message capture takes place.
An implementation of a map whose keys are case-insensitive strings.
An implementation of a set whose values are case-insensitive strings.
This filter handles any condition advices returned from AM during a policy evaluation, which one will depend on
the policy.
Context implementation to maintain cross-domain SSO properties.Context implementation to hold error details, should an error occur during cross-domain SSO authentication.A filter that evaluates a required EL expression to establish the client certificate from both context and
request, then calculates the thumbprint for that certificate (sha-256 hash and base64 url encoding) before
storing it in the attributes context for later retrieval in downstream components.
Creates and initializes a certificate thumbprint filter in a heap environment.
Provide
CertificateThumbprintFilter's TypeDefinition.A key used for verifying certificate signatures.
Allow to build a chain of filters as one filter.
Provide
ChainFilterHeaplet's TypeDefinition.A chain of zero or more filters and one handler.
Provide the HTTP Filter's Chain
TypeDefinition.Transforms a
Flowable of CharBuffer into a Flowable of String, by splitting on EOL chars
('\r' and '\n').A
CharsetDecoderFlowableTransformer decodes bytes from a stream of ByteBuffer into
a stream of CharBuffer using the given Charset.Just enough of a HttpServletRequest wrapper around a CHF
Request to keep the
AM SAML2 components happy.Just enough of a HttpServletResponse wrapper around a CHF
Response to keep the
AM SAML2 components happy.Class enabling clients to choose (set) a value from a choice of two possible types, and conduct later processing
based on the chosen type.
Filter implementing the Circuit Breaker pattern to avoid cascading failures.
The Heaplet used to create a
CircuitBreakerFilter heap object.The
TypeDefinitionProvider of the CircuitBreakerFilter.This interface has to be implemented by each Identity Gateway module that wants to register new class aliases.
An HTTP client which forwards requests to a wrapped
Handler.Represents a ClientAuthenticationException when the client fails to authenticate.
Client context gives easy access to client-related information that are available into the request.
Builder for creating
ClientContext instances.Verifies a certificate thumbprint by computing a digest of the client certificate (found in
ClientContext)
and comparing the result with the base64-url-encoded value provided within the confirmation key node.A grant type handler that can retrieve an access token using the client_credentials grant type.
Creates and initializes a
Filter supporting the transformation of client credentials to an access_token.The
TypeDefinitionProvider of the ClientCredentialsOAuth2ClientFilterHeaplet.Creates and initializes a
ClientHandler in a heap environment.Provide
ClientHandlerHeaplet's TypeDefinition.A configuration for an OpenID Connect Provider.
Creates and initializes a Client Registration object in a heap environment.
The client registration filter is the way to dynamically register an OpenID
Connect Relying Party with the End-User's OpenID Provider.
Strategy supporting different client registration mechanisms.
Provide the
ClientRegistration's TypeDefinition.Deprecated.
since 26.2.
Heaplet supporting creation of a client-secret-basic authentication
Filter.Provide the
ClientSecretBasicAuthenticationFilterHeaplet's TypeDefinition.A
Filter implementation to add the credentials to request body for authenticating as per
the OAuth 2.0 Authorization
Framework specification.Heaplet supporting creation of a client-secret-post authentication
Filter.Provide the
ClientSecretPostAuthenticationFilterHeaplet's TypeDefinition.Extension to
TlsOptions to support changing the behaviour of how hostname verification is enforced.Creates and initializes client-side TLS options in a heap environment.
Provide
ClientTlsOptionsHeaplet's TypeDefinition.Common utility methods for Closeables.
AsyncFunction that silently closes an input-parameter after
a delegate-function's AsyncFunction.apply(Object) is completed.Function that silently closes an input-parameter after a delegate-function's Function.apply(Object)
is invoked.An implementation interface for resource providers which exposes a collection
of resource instances.
This class stores the common audit logging batch process configurations.
Expose Caffeine's
StatsCounter in our own MeterRegistry.An Enum of the possible compression algorithms that can be applied to the JWE payload plaintext.
The interface for CompressionHandlers for all the different compression algorithms.
A service to get the appropriate CompressionHandler for a specified Compression algorithm.
This filter conditionally executes a delegate Filter given the result of a 'condition' function.
Creates a
ConditionalFilter into a Heap environment.Provide
ConditionalFilterHeaplet's TypeDefinition.An
ConditionEnforcementFilter makes sure that the handled Request verifies
a condition.Creates and initializes an ConditionEnforcementFilter in a heap environment.
Provide
ConditionEnforcementFilter.Heaplet's TypeDefinition.Builder for audit config events.
A
ConfirmationKeyVerifier is responsible to verify a confirmation key node.A
ConfirmationKeyVerifierAccessTokenResolver is responsible of validating
confirmation keys bound to the access_token (such as certificate thumbprint).Creates and initializes a Confirmation Key Verifier access_token resolver in the heap environment.
The
ConfirmationKeyVerifierAccessTokenResolver TypeDefinition.An exception that is thrown during a operation on a resource when such an
operation would result in a conflict.
A client connection to a JSON resource provider over which read and update
requests may be performed.
Describes if the event is a connection event or a disconnection event.
A connection factory provides an interface for obtaining a connection to a
JSON resource provider.
Processes the
Connection message header.Constraints defined for JWT validation.A
Consumer functional interface which can throw a checked Exception.Processes the
Content-API-Version message header.Processes the
Content-Encoding message header.Processes the
Content-Length message header.Processes the
Content-Type message header.A decoration
Context is a way to provide the decorator(s) all of the available
information about the instance to decorate.Type-safe contextual information associated with the processing of a request in an application.
An HTTP cookie.
Indicates the SameSite
value of the cookie.
Suppresses, relays and manages cookies.
Creates and initializes a cookie filter in a heap environment.
Provide
CookieFilter.Heaplet's TypeDefinition.Processes the
Cookie request message header.Register all the aliases supported by the openig-core module.
Core default declarations to add in Heap.
This filters implements the resource processing of the CORS protocol.
A
CorsFilterHeaplet configures a CorsFilter in a heap environment.Provide
CorsFilterHeaplet's TypeDefinition.The CORS policy is responsible to handle both actual and preflight CORS requests
and set the appropriate set of response headers based on its own configuration.
Builder for
CorsPolicy instances.A
CorsPolicyProvider allows the CorsFilter to lookup its configuration at runtime,
also based on contextual information.An enum of count policy types.
A specific exception for when Create is not supported, but Upsert might be being attempted so distinguish from
other
BadRequestExceptions.A request to create a new JSON resource.
Credential pair implementation.
This interface is used to parse the credentials component of an
Authorization HTTP header.Declare a CREST Application.
A CREST HTTP utility class which creates instances of the
HttpAdapter
to handle CREST HTTP requests.The
CrestSessionService is responsible for performing interactions with the AM sessions endpoint.Builder of the
CrestSessionService.The
CrestUserProfileService is responsible for interactions with AM users endpoint
using resource version 3.0; since AM v13.CREST utility class.
This filter verifies the presence of a JWT authentication token in the configured cookie name:
If the JWT is present then its validity is checked and the request is forwarded to the next handler.
If the JWT is not present, then the user-agent is redirected to Access Management via its OAuth2
authorization endpoint, to obtain user authentication.
Creates and initialises an authentication filter in a heap environment.
Provide
CrossDomainSingleSignOnFilter.Heaplet's TypeDefinition.Constants for Crypto Algorithms and Json Crypto Json pointer keys.
Base class for all secrets that are used as keys for cryptographic operations.
A generic filter for preventing cross-site request forgery (CSRF) attacks when using cookie-based authentication.
Builder class for the CSRF filter.
Creates and initializes a
CsrfFilter supporting the injection and validation of an anti-CSRF token
in the request header.Provide
CsrfFilterHeaplet's TypeDefinition.Handles AuditEvents by writing them to a CSV file.
A configuration for CSV audit event handler.
Contains the csv writer configuration parameters.
Configuration of event buffering.
A
ProxyOptions representing custom proxy settings.Creates and initializes a
CustomProxyOptions in a heap environment.Provide the
CustomProxyOptions's TypeDefinition.A key that is used for decrypting confidential data.
A key that is used for encrypting confidential data.
The
DataPreservationFilter supports preserving POSTed data from a request that triggers a login redirect.Create a
DataPreservationFilter heap object.A
TypeDefinitionProvider for DataPreservationFilter.This filter inserts a Date header into the response if it is not present.
Creates and initializes a DateHeaderFilter in a heap environment.
Provide
DateHeaderFilter's TypeDefinition.Decodes an HTTP message entity input stream.
A DecorationHandle is handle to get the decorated object and being able to notify the decoration to stop.
A Decorator is responsible for decorating existing object's instances.
A base class for decorator heaplets.
Marker interface for all key types that can be used for decryption.
This interface has to be implemented by each Identity Gateway module that wants to register new default heaplet
declaration to put in the Gateway heap.
A Heaplet declaration definition.
Reify the normal environment structure with pre-configured shortcuts.
Default implementation of
KeyStoreHandlerProvider.Default implementation of
LocalHostNameProvider using InetAddress to lookup host name of local host.A
DefaultRateThrottlingPolicy is a delegating ThrottlingPolicy that ensures the returned
ThrottlingRate is never null.Creates and initializes a
DefaultRateThrottlingPolicy in a heap environment.Provide
DefaultRateThrottlingPolicyHeaplet's TypeDefinition.Default implementation of
ScriptFactoryManager supporting dynamic registration
and un-registration of ScriptFactory.Default implementation of
SecureStorageProvider.The default routing behaviour to use when no Accept-API-Version
is set on the request.
An implementation of the CompressionHandler for DEFLATE Compressed Data Format Specification.
This heaplet aims to be be a placeholder so you can decorate the delegate object with any decorators.
Provide the Delegate's
TypeDefinition.A route matcher that delegates to a provided route matcher.
A request to delete a JSON resource.
Configuration wrapper for JMS
DeliveryMode persistence constants.An interface for a simple dependency provider.
AuditEventFactory capable of performing construction injection by resolving dependencies using a DependencyProvider.
Base DependencyProvider that has provides no dependencies.
Utility methods for reading and writing DER-encoded values.
A routing component (a CHF
Handler or CREST RequestHandler) can describe its API
by implementing this interface.Interface for listener instances.
A handler that both handles
Requests, and also supports querying for API Descriptors.An
HttpApplication that produces OpenAPI API Descriptors.Version of
SynchronousRequestHandlerAdapter that exposes a described handler.Manage the
WebSocketAdapter and run subscribe and unsubscribe operations on it.Supports direct encryption using a shared symmetric key.
Represents the name/value pair of a HTTP header directives.
High-level interface to the
WatchService API for detecting filesystem change events.A
Collection decorator that notifies the provided DirtyListener when one ore more elements are
removed.An
Iterator decorator that notifies the provided DirtyListener when one element is removed.Enable observers to be notified when one or more element are removed from a Map.
A
Set decorator that notifies the provided DirtyListener when one ore more elements are removed.The different behaviours that can be applied in case of notifications disconnections.
Represents an exception whilst performing OpenID discovery.
In order for an OpenID Connect Relying Party to utilize OpenID Connect
services for an End-User, the RP needs to know where the OpenID Provider is.
A
RetentionPolicy that will retain/delete log files based off the total disk space used.Dispatches to one of a list of handlers.
Creates and initializes a dispatch handler in a heap environment.
Provide
DispatchHandler's TypeDefinition.Represents a duration in english.
Implements Elliptic Curve Diffie-Hellman (ECDH) key agreement in ephemeral-static (ECDH-ES) mode.
Deprecated.
Use
SecretECDSASigningHandler insteadThis class implements an Elliptical Curve Json Web Key storage and manipulation class.
EC JWK builder.
Deprecated.
Use
SecretEdDSASigningHandler instead.Utilities for working with Elasticsearch.
Encapsulates common functionality for JWKs that represent elliptic curve keys: EcJWK and OkpJWK.
A JWE implementation of the
Jwt interface.An implementation of a JwtBuilder that can build a JWT and encrypt it, resulting in an EncryptedJwt object.
Support for JWT encryption, both asymmetric and symmetric (authenticated encryption) are supported.
A
Filter implementation to add the client credentials to request as signed then encrypted private key jwt as
per the OpenID Connect Client
Authentication specification.Builder class for creating the Encrypted PrivateKey Jwt ClientAuthentication Filter.
Heaplet supporting creation of an encrypted private-key-jwt authentication
Filter.Provide the
EncryptedPrivateKeyJwtClientAuthenticationFilterHeaplet's TypeDefinition.An implementation of a JWS with a nested JWE as its payload.
An implementation of a JwtBuilder that can build a JWT and encrypt it and nest it within another signed JWT,
resulting in an SignedEncryptedJwt object.
An implementation of a JWS Header builder that provides a fluent builder pattern to create JWS headers for
signed encrypted JWTs.
The interface for EncryptionHandlers for all the different encryption algorithms.
Marker interface for all key types that can be used for encryption.
A service to get the appropriate EncryptionHandler for a specified Java Cryptographic encryption algorithm.
An Enum of the possible encryption methods that can be used when encrypting a JWT.
Registry for Identity Gateway REST API endpoints.
Handle for un-registering an endpoint.
Message content.
Extracts regular expression patterns from a message entity.
Creates and initializes an entity extract handler in a heap environment.
Provide
EntityExtractFilter's TypeDefinition.Utility class for accessing Java enum types.
Provides a
EnumValueOfHelper.valueOf(String) method as a replacement for the implicitly declared enum function
valueOf(String), which has the advantage of not throwing exceptions when the name argument
is null or cannot be found in the enum's values.Encapsulate logic to access configuration files and other directories of the IG base directory.
The root
Heap that includes access to the environment additional information.Base class for audit event handler configuration.
Encapsulates meta-data for event topics.
Builder for
EventTopicsMetaData.A completion handler for consuming exceptions which occur during the execution of
asynchronous tasks.
This
Filter executes all CREST operations in an executor, effectively running the rest of the chain in
another thread.Responsible for generating ExecutorService instances which are automatically
wired up to shutdown when the ShutdownListener event triggers.
An exception generated by a
TokenHandler on extraction when the token is expired.Resolves
Bindings-based tokens using COMMONS Config PropertyResolver.Defines the standard Syslog message facilities.
A factory interface.
Wraps an existing
InputStream, supporting a failed state that is checked before and after each operation.Unable to load the JWK/x5u location points.
Context implementation to hold error information regarding failures.A
FapiInteractionIdFilter is responsible to manage the FapiInteractionIdFilter.FAPI_INTERACTION_ID header value.Creates and initializes a fapi interaction-id filter in a heap environment.
Provide
FapiInteractionIdFilter's TypeDefinition.Context holding values extracted from the
FileAttributesFilter.Retrieves and exposes a record from a delimiter-separated file.
Creates and initializes a separated values file attribute provider in a heap environment.
Provide
FileAttributesFilter.Heaplet's TypeDefinition.Configures time based or size based log file rotation.
Groups the file retention config parameters.
Groups the file rotation config parameters.
A
BranchingInputStream for reading from files.Utility class for filename related methods.
An interface to declare the names of audit log files.
A
FileResourceSet is able to give access to file-based content
within the scope of the root directory.A
SecretStore that reads secrets from a directory with the expectation that each file
contains a separate secret.A builder for more fluently creating a FileSystemSecretStore.
This heaplet represents an instance of a
PropertyResolverSecretStore resolving properties from files
in a directory.Provide the
FileSystemSecretStoreHeaplet's TypeDefinition.Interface that represents an audit filter.
Filters the request and/or response of an HTTP exchange.
An interface for implementing request handler filters.
Builds a
Filter for a given set of FilterPolicy.A chain of filters terminated by a target request handler.
A condition which controls whether or not a filter will be invoked or not.
Represents a FilterPolicy which contains the includeIf and excludeIf values for the filter.
Utility methods for creating common types of filters.
This class contains methods for creating various kinds of
Filter and
FilterConditions.An implementation of the
ThrottlingPolicy that always returns the same throttling rate.Rotates audit files at fixed times throughout the day.
Decodes an HTTP message entity flow.
An exception that is thrown when access to a resource is forbidden during an
operation on an resource.
Form fields, a case-sensitive multi-string-valued map.
A
Header representation of the Forwarded HTTP header.This class represents a request's hop detail.
Rebase the
UriRouterContext's Original URI with a computed scheme, host name and port.Creates and initializes an
ForwardedRequestFilter in a heap environment.Provide
ForwardedRequestFilter's TypeDefinition.The
FragmentFilter supports URIs that contain fragments, keeping track of the fragment part when a request
triggers a login redirect.Creates and initialises a
FragmentFilter in a heap environment.Provide
FragmentFilter's TypeDefinition.A
RetentionPolicy that will retain/delete log files given a minimum amount of disk space the file system
must contain.A synchronous function which returns a result immediately.
Configuration class for configuring the Identity Gateway.
Provides the Gateway type definition.
An undecoded HTTP message header.
A generic base class for heaplets with automatically injected fields.
A generic secret represented as an opaque blob of bytes, such as a password or API key.
A GlobalDecorator stores decorators configuration in order to re-apply them when requested
to decorate a given heap object instance.
Unsubscribe from every subscribed topics on closure.
Creates and initializes a
Filter supporting the transformation of a request - e.g.Creates and initialises an
GrantSwapJwtAssertionOAuth2ClientFilter in a heap environment.Provide the
GrantSwapJwtAssertionOAuth2ClientFilter's TypeDefinition.Abstract base class for OAuth 2 grant type handlers for calling the token endpoint.
Provide support for scripts written in the Groovy language.
Utility methods for creating common types of handlers.
Provides commonly used handler implementations.
An HTTP message header.
Creates instances of
Header classes from String representation.Removes headers from and adds headers to a message.
Creates and initializes a header filter in a heap environment.
Provide
HeaderFilter's TypeDefinition.Message headers, a case-insensitive multiple-value map.
Utility class for processing values in HTTP header fields.
Provides an OpenAM SSO Token in the given header name for downstream components.
Manages a collection of associated objects created and initialized by
Heaplet
objects.An exception that is thrown during heap operations.
The concrete implementation of a heap.
Creates and initializes an object that is stored in a
Heap.Builds
Heaplet instances.Loads
Heaplet classes based on the class of object they create.Resolves
Heap objects.Routines for encoding and decoding binary data in hexadecimal format.
For every key that starts with the keyToHide, return an empty value.
Implements the HKDF key deriviation function to allow a
single input key to be expanded into multiple component keys.
A secret key designed to be used as the master key for HKDF key generation.
Deprecated.
Use
SecretHmacSigningHandler insteadA loader for the
KeyStoreSecretStore that knows how to load standard PKCS#11 Hardware Security Module
(HSM) providers on our supported platforms.This heaplet represents an instance of a
HsmSecretStoreHeaplet.Provide
HsmSecretStoreHeaplet's TypeDefinition.This filter aims to send some access audit events to the AuditService managed as a CREST handler.
Configuration class to configure the
HttpApplication instance.An exception that is thrown during a Http Application start up when the start up of the application fails.
Creates and initializes a
Filter supporting the injection of a Basic Authorization
header in the request for the configured credentials.Provide
HttpBasicAuthenticationClientFilterHeaplet's TypeDefinition.Performs authentication through the HTTP Basic authentication scheme.
Creates and initializes an HTTP basic authentication filter in a heap environment.
Provide
HttpBasicAuthFilter's TypeDefinition.An SPI interface for HTTP
Client implementations.An HTTP client for sending requests to remote servers.
SSL host name verification policies.
Encapsulates the details of the proxy if one is required when making outgoing requests.
Abstract Heaplet to create HTTP clients with different behaviors.
A provider interface for obtaining
HttpClient instances.A
Context containing information relating to the originating HTTP request.A factory which is responsible for creating new request
Contexts for
each JSON request.HTTP utility methods and constants.
HTTP WebSocket client interface.
An implementation of
AsyncSessionManager storing session ID in a session cookie.QueryResourceHandler that searches for a specific identifier value.This class encapsulates the result of calling the
IdentityAssertionPlugin.process(org.forgerock.services.context.Context, org.forgerock.http.protocol.Request) method.Provides support to locally process a user and generate a JWT assertion that represents the user back to the
calling party.
Creates and initializes a
IdentityAssertionHandler in a heap environment.Provide
IdentityAssertionHandler's TypeDefinition.Implementations of this interface carry out some user processing and returns the
claims that should be included in the Identity Assertion JWT in the
IdentityAssertionClaims.An exception specific to issues within the
plugin package.An
IdentityRequestJwtContext is used to store the key details of the Identity Request JWT.Enums that represent the version of the Identity Request JWT.
Defines the contract to generate global unique identifiers.
Default implementation of the
IdGenerator that will output some ids based on the following pattern :
<uuid> + '-' + an incrementing sequence.An
IdTokenValidationFilterHeaplet creates a filter that can be used to validate the given
idToken according to the provided configuration by leveraging the JwtValidationFilter.Provide the
IdTokenValidationFilterHeaplet's TypeDefinition.This class is responsible for locating the IG instance directory.
A time source; returns a time value representing the number of nanoseconds elapsed since some fixed but arbitrary
point in time.
An exception which is thrown when two incompatible
RouteMatch
instances are attempted to be compared.Interface of an object that can be indexed with a unique key.
Subscribe to a set of initial topics while starting.
Provide
InMemorySessionManagerHeaplet's TypeDefinition.Supports configuring the session cookie/timeout using the following optional JSON structure, can be provided if
overriding the defaults is required.
This filter is responsible to check that an @
InternalSsoTokenContext was defined in the context's chain and
to propagate the SSO token (potentially not valid) into the request as a header.This class provides utility methods for converting Java Date objects into and from IntDates.
An exception that is thrown during an operation on a resource when the server
encountered an unexpected condition which prevented it from fulfilling the
request.
An
InternalSsoTokenContext used to store an SSO token.Represents an exception that occurs when a JWT is determined as invalid.
An exception generated by a
TokenHandler on validation or extraction when the token is invalid.Utility class that can stream to and from streams.
Metadata of an OAuth2 issuer.
A configuration for an OAuth2 or an OpenID Connect Issuer.
A repository to store and create all the OAuth2 issuers.
Deprecated, for removal: This API element is subject to removal in a future version.
Provide the
IssuerRepository's TypeDefinition.Provide the
Issuer's TypeDefinition.Default implementation of a Keystore handler.
Implements a
AuditEventHandler to write AuditEvents to a JDBC repository.Configures the JDBC mapping and connection pool.
Configuration for a connection pool.
Configuration of event buffering.
Creates and initializes a JDBC data source in a heap environment.
Provide
JdbcDataSourceHeaplet's TypeDefinition.Publishes Audit events on a JMS Topic.
Configuration object for the
JmsAuditEventHandler.This class holds the configuration properties that are used by the {#link BatchPublisher} to control the
batch queue and worker threads that process the items in the queue.
Stores the JNDI context properties and lookup names.
Interface for retrieving a
JMS topic and a JMS connection factory.Set of
SecretConstraints for filtering Secrets.Provides read and write JSON capabilities.
Jackson Module that uses a mixin to make sure that a
JsonValue instance is
serialized using its #getObject() value only.Jackson Module that adds a serializer for
LocalizableString.AuditEventHandler for persisting raw JSON events to a file.Configuration for
JsonAuditEventHandler.Configuration of event buffering.
An exception that is thrown during JSON operations.
Processes partial modifications to JSON values.
RFC6902 expects the patch value to be a predetermined, static value to be used in the
patch operation's execution.
Identifies a specific value within a JSON structure.
Contains Utility methods for dealing with JsonSchema data.
AuditEventHandler for persisting raw JSON events to stdout.Configuration for
JsonStdoutAuditEventHandler.Represents a value in a JSON object model structure.
An exception that is thrown during JSON value operations.
A
QueryFilterVisitor that returns true if the provide JsonValue meets the criteria of
the QueryFilter assertions and false if it does not.This class contains the utility functions to convert a
JsonValue to another type.This class contains the utility functions to convert a
JsonValue to CREST (json-resource) types.Provides additional functionality to
JsonValue.Contains some JsonValue Utility methods.
An Enum of the possible encryption algorithms that can be used to encrypt a JWT.
An Enum of the possible types of JWE algorithms that can be used to encrypt a JWT.
Represents an exception for when compression/decompression of the plaintext fails.
This exception entirely duplicates
JweDecryptionException except that it is a checked exception so that it
can be used with a Promise.Class supporting
EncryptedJwt encryption verification with a verification Purpose and a SecretsProvider responsible for getting the decryption key.Represents an exception for when decryption of the JWE fails.
This class represents the result from the encryption process of the JWT plaintext.
Represents an exception for when encryption of the JWE fails.
Represents a generic exception for JWE operations.
An implementation for the JWE Header parameters.
An implementation of a JWE Header builder that provides a fluent builder pattern to create JWE headers.
An Enum for the additional JWE Header parameter names.
The abstract base class for the 3 implementations of JWK.
JWK builder.
Exports keys in JSON Web Key (JWK) format.
Helper class to look up and return the keys from specific JWK implementation
algorithm types.
Decodes a JSON Web Key (JWK) as a secret.
Builds a
JwkPropertyFormat used to decode JSON Web Key formatted keys that can be used
with SecretStore mappings configuration.Provide the
JwkPropertyFormatHeaplet's TypeDefinition.Holds a Set of JWKs.
Creates a JwkSetHandler to store the cryptographic keys.
Creates and initializes a JwkSetHandler in a heap environment.
Provide
JwkSetHandler.Heaplet's TypeDefinition.Provides methods to gather a JWKSet from a URL and return
a map of key ids to keys as dictated by that JWKS.
A secret store that loads cryptographic keys from a local or remote
JWKSet.This heaplet represents an instance of a
JwkSetSecretStore resolving secrets from an URL of a JSON Web Key
Set(JWKSet).Provide
JwkSetSecretStoreHeaplet's TypeDefinition.Store JWKs into a jwkSet from a JWKs_URI and refresh the jwkSet when necessary.
Manage the jwks store, to avoid having more than one jwks store for the same JWKs_URI unnecessary.
A base implementation class for a JSON Web object.
An Enum of the possible signing algorithms that can be used to sign a JWT.
An Enum of the possible types of JWS algorithms that can be used to sign a JWT.
Represents a generic exception for JWS operations.
An implementation for the JWS Header parameters.
An implementation of a JWS Header builder that provides a fluent builder pattern to create JWS headers.
An Enum for the JWS Header parameter names.
Class supporting
Jwt signature verification with a verification Purpose
and a SigningManager responsible for the verification.Represents an exception for when signing of the JWS fails.
Represents an exception for when verification of the JWS signature fails.
The interface for all types of JSON Web Tokens (JWTs).
Implements the JWT bearer assertion grant type.
The base interface for all JwtBuilders for each type of JWT (plaintext, signed or encrypted).
Used by the
JwtBuilderFilter to make the JWT available in the context.Represents an exception that occurs when creating/rebuilding JWTs.
A factory for getting builders for plaintext, signed and encrypted JWTs and reconstructing JWT strings back into
their relevant JWT objects.
The JwtBuilderFilter collects data from template
and puts the name-value pairs into a JWT structure.
Creates and initializes a JwtBuilderFilter in a heap environment.
Provide
JwtBuilderFilter.Heaplet's TypeDefinition.A
JwtClaimConstraint represents an individual check that can applied to test a claim from a JWT.An implementation that holds a JWT's Claims Set.
An implementation of a JWT Claims Set builder that provides a fluent builder pattern to creating JWT Claims Sets.
An Enum for the JWT Claims Set names.
A
JwtConstraint represents an individual check that can applied to test a JWT.A
JwtFactory encapsulates JWT production strategy into a re-usable and testable design.The JwtFactory supports securing of JWTs.
Provide Utilities to
JwtFactoryConfigUtils methods.A base implementation class for JWT Headers.
A base implementation of a JWT header builder that provides a fluent builder pattern to creating JWT headers.
An Enum for the JWT Header parameter names.
A service that provides a method for reconstruct a JWT string back into its relevant JWT object,
(
SignedJwt, EncryptedJwt, SignedThenEncryptedJwt, EncryptedThenSignedJwt).Represents an exception that occurs when reconstructing JWTs.
Represents a generic exception for JWT operations.
A base implementation for the common security header parameters shared by the JWS and JWE headers.
A base implementation of a JWT header builder, for the common security header parameters shared by the JWS and JWE
headers, that provides a fluent builder pattern to creating JWT headers.
This
Heaplet is responsible for configuring and creating a JwtSession.Provide
JwtSessionManagerHeaplet's TypeDefinition.Deprecated.
Prefer
SecretsJwtTokenHandler instead.A type that stores the media/jwt types for JWTs.
Utility methods supporting JWTs.
A
JwtValidationContext used to store the JWT and claims.A
JwtValidationErrorContext used to store the JWT and
the list of violations for this JWT.A
JwtValidationFilter validates the given JWT according to the provided configuration.Creates and initializes a JwtValidationFilter in a heap environment.
Provide
JwtValidationFilter's TypeDefinition.The
JwtValidator is responsible for the JWT validation.Builder for the JwtValidator.
This interface provides a generic way to enrich a
JwtValidator.Builder.A class that handles the results for the JWT validation.
A
SecretPropertyFormat that wraps another format, extracting the secret value from a JWT before
delegating to the wrapped format.Provides support for validating a user's Kerberos token, works as an
IdentityAssertionPlugin for the
IdentityAssertionHandler.Creates and initializes a
KerberosIdentityAssertionPlugin in a heap environment.Provide the
KerberosIdentityAssertionPlugin's TypeDefinition.A key that is used in a key-agreement protocol (such as Diffie-Hellman) to agree another key.
A key that is used to decrypt (or "unwrap") other keys that have been encrypted with a
KeyEncryptionKey.A key that is used to encrypt ("wrap") other keys.
A format that can be used for exporting key material.
Exports a key in the PEM (Privacy Enhanced Mail) format.
Exports the raw key.
Deprecated.
Use
SecretsKeyManagerHeaplet instead.Represents the Possible key operations values.
Define here the constants that can be used as Heap's keys.
Handles the access to a KeyStore.
Decorate a
KeyStoreHandler in order to add some commons utility methods to read or write keystore's entries.Strategy for obtaining a keystore handler.
Deprecated.
Use
KeyStoreSecretStoreHeaplet instead.A secret store for cryptographic keys based on a standard Java
KeyStore.Specifies an alias with its validity for use in the store.
Permits to retrieve the list of usable AliasSpecs of a specific KeyStore.
Aggregates multiple AliasSpecProviders results to serve the list of AliasSpec for a KeyStore.
Serves a matching subset of the aliases present in a KeyStore based on a predicate.
An interface to allow the consuming application to provide the stable ID for the secret.
Serves a static list of AliasSpecs, without looking at the real content of a KeyStore.
This heaplet represents an instance of a
KeyStoreSecretStore.Provide the
KeyStoreSecretStoreHeaplet's TypeDefinition.Implementation of a secure storage using a keystore.
Utility class to retrieve private keys from
KeyStore.Provides support for a service login using a Keytab file.
Creates and initializes a
KeytabServiceLogin in a heap environment.Provide the
KeytabServiceLogin's TypeDefinition.Enum representing the possible KeyTypes.
Indicates the type of key.
Indicates the allowed usages for a particular key.
Represents the supported KeyUse values.
For a given key/value pair, return the processed value as an Optional.
Class representing a value to be processed.
Utility methods for interacting with lambdas that throw exceptions.
A list with lazy initialization.
A map with lazy initialization.
A
Supplier that lazily computes a value the first time it is accessed and then caches the result to return
on subsequent requests.Manages Lifecycle on an object.
Wraps another map.
Provides helper methods for
List.An SPI interface for implementing alternative service loading strategies.
Provides methods for dynamically loading classes.
Strategy for obtaining the server's local hostname.
Represents a String which could be localizable.
Processes the
Location message header.Rewrites Location headers on responses that generate a redirect that would
take the user directly to the application being proxied rather than taking
the user through the Identity Gateway.
Creates and initializes a LocationHeaderFilter in a heap environment.
Provide
LocationHeaderFilter's TypeDefinition.A
LogAttachedExceptionFilter prints attached exceptions to filtered responses.Thrown when a header string cannot be parsed to a rich
Header implementation.Wraps another map.
A
QueryFilterVisitor that produces a Map representation of the filter tree.Implementation of
ThrottlingPolicy backed by a Map.Creates and initializes a
MappedThrottlingPolicy in a heap environment.Provide
MappedThrottlingPolicyHeaplet's TypeDefinition.An implementation of
Action that will preserve the SLF4J MDC.An implementation of
Consumer that will preserve the SLF4J MDC.A SingleObserver wrapper that manages the MDC.
An implementation of
Subscriber that will preserve the SLF4J MDC.Store SLF4J Mapped Diagnosed Context (aka MDC) when tasks
are submitted, and re-inject it when tasks are executed.
A
MdcRouteIdFilter aims to prepare the current thread with SLF4J MDC information about the current route.Store SLF4J Mapped Diagnosed Context (aka MDC) when tasks
are submitted, and re-inject it when tasks are executed.
A simple in-memory collection resource provider which uses a
Map to
store resources.Elements common to requests and responses.
Abstract message base class.
Indicates a type of HTTP message.
A metered stream is a subclass of OutputStream that
(a) forwards all its output to a target stream
(b) keeps track of how many bytes have been written.
Collect request processing metrics.
Wraps a map for which the values are lists, providing a set of convenience methods for
handling list values.
A MutableUri is a modifiable
URI substitute.A Name uniquely identify an object within a hierarchy.
The
NeverThrowsException class is an uninstantiable placeholder
exception which should be used for indicating that a Function or
AsyncFunction never throws an exception (i.e.Allows the Caching of an object.
An event handler that does nothing.
Used as a no-op placeholder for an
AuditService which can be overridden via config.Creates a
NoOpAuditService in a heap environment.Provide
NoOpAuditService.Heaplet's TypeDefinition.A Decorator which does nothing but act as if it had decorated the object.
A NOP implementation of the Compression Handler, which will be used when no compression is to be
applied.
A
ProxyOptions to use when no proxy must be used.Creates and initializes a
NoProxyOptions in a heap environment.Provide the
NoProxyOptions's TypeDefinition.Deprecated.
This algorithm is inherently insecure and shouldn't be used.
Indicates that no secret was configured for the given purpose, or the named secret is not available.
An exception that is thrown when a specified resource cannot be found.
A
Notification is a special message that AM send to its "agents" to notify the occurrence of an event.Listen to topic notification.
The configuration object used to set up the
NotificationService.Builder to ease the creation of a
NotificationsConfig.Class providing constants used in AM notifications support.
Represents a source of notifications.
Represents the connection event listener registration.
NotificationService implementation.An exception that is thrown during an operation on a resource when the
resource does not implement/support the feature to fulfill the request.
A convenient implementation of a CREST
Filter that just returns a NotSupportedException for all the
methods implementations.This class is used to filter null responses.
OAuth2 utility class.
Processes the OAuth 2.0 Bearer
WWW-Authenticate
message header.Register all the aliases supported by the openig-oauth2 module.
An
OAuth2Context could be used to store and retrieve an AccessTokenInfo.Declares the Heap objects needed by this module in the main IG heap.
Describes an error which occurred during an OAuth 2.0 authorization request
or when performing an authorized request.
An exception that is thrown when OAuth 2.0 request fails.
Context implementation to hold OAuth2 error details, should a failure occur during OAuth2 scenarios.Validates a
Request that contains an OAuth 2.0 access token.Provide a
TypeDefinitionProvider for OAuth2ResourceServer.This context helps to manage the
OAuth2Session when used with AuthorizationCodeOAuth2ClientFilter.Context supporting OAuth2 token exchange scenarios, this manages the resulting exchange token.Filter supporting OAuth2 token exchange scenarios.Creates and initialises an
OAuth2TokenExchangeFilter in a heap environment.Provide
OAuth2TokenExchangeFilter's TypeDefinition.OAuth2 shared
TypeDefinitions.Attempt to deserialize the Object into its String representation.
Common utility methods for Objects.
Creates an Octet JWK.
The Octet JWK builder.
An Octet Key-Pair (OKP) JWK as defined in RFC 8037.
Builder object for Octet Key-Pair (OKP) JWKs.
Deprecated.
The “/oauth2/tokeninfo” endpoint was deprecated in AM 6.5.
Register all the aliases supported by the openig-openam module.
This filter looks for the query parameter {code _api} : if present then it returns the API description of the
downstream handlers, otherwise the request is processed as expected.
A configuration option whose value can be stored in a set of
Options.A set of options which can be used for customizing the behavior of HTTP
clients and servers.
Filter which handles OPTION HTTP requests to CREST resources.A
StableIdResolver that uses a version suffix and a subsequent number to determine
the stableId of a Secret.An exception that is thrown if a buffer would overflow as a result of a write operation.
Ordered pair of arbitrary objects.
Supports password replay feature in a composite filter.
Provide
PasswordReplayFilterHeaplet's TypeDefinition.An individual patch operation which is to be performed against a field within
a resource.
A request to update a JSON resource by applying a set of changes to its existing content.
Utilities for manipulating paths.
If the key matches the expression, return a masked value otherwise return the original value.
Expresses a transformation to be applied to a regular expression pattern match.
The interface represents the body of a JWT.
Supports decoding keys and certificates in PEM
format.
Builds a
PemPropertyFormat used to decode keys and certificates in a
PEM format that can be used
with SecretStore mappings configuration.Provide the
PemPropertyFormatHeaplet's TypeDefinition.A simple reference to an object that is periodically refreshed.
Renew the
AmLink periodically without causing any disconnection.A type helper to supply an
AmLink.AmLinkSupplier from a set of topics.PerItemEvictionStrategyCache is a thread-safe write-through cache.
An exception that indicates that a failure is permanent, i.e.
Register all the aliases supported by the openig-ping module.
This filter permits to evaluate the HTTP request and response against Ping One API Access Management (P1 AAM).
Provide
PingOneApiAccessManagementFilterHeaplet's TypeDefinition.If configured and enabled, the
PingOneProtectDeviceProfileFilter gathers a "device profile" from the client
for the purpose of providing additional evaluation signals to PingOne Protect.Provide
PingOneProtectDeviceProfileFilter.HeapletSupport TypeDefinition.The
PingOneProtectEvaluationFilter supports integration with PingOne Protect.Creates and initialises a
PingOneProtectEvaluationFilter in a heap environment.Provide
PingOneProtectEvaluationFilter.Heaplet's TypeDefinition.The
PingOneProtectFeedbackFilter provides a feedback mechanism to capture the outcome of actions completed
as a result of the risk evaluation.Creates and initialises a
PingOneProtectFeedbackFilter in a heap environment, enabling feedback to
PingOne Protect of failed completion of post-evaluation actions.Creates and initialises a
PingOneProtectFeedbackFilter in a heap environment, enabling feedback to
PingOne Protect of successful completion of post-evaluation actions.Provide
PingOneProtectFeedbackFilter heaplets TypeDefinitions.The
PingOneProtectThreatLevelRoutingHandler routes the request to one of the configured handlers, based on
the PingOneProtectEvaluationContext's level, captured during
evaluation.Creates and initialises a
PingOneProtectThreatLevelRoutingHandler in a heap environment.Provide
PingOneProtectThreatLevelRoutingHandler.Heaplet's
TypeDefinition.The
PingOneService supports integration with PingOne environments, providing the service URI (or base URI in
the case of REST actions), and a handler to be used with these endpoints.Creates and initialises a
PingOneService in a heap environment.Provide
PingOneService.Heaplet's TypeDefinition.Represents a pipe for transferring bytes from an
OutputStream to a InputStream.Proof Key for Code Exchange (PKCE) transformation method.
A
SecretPropertyFormat for a PLAIN format.Provide the
PlainPropertyFormatHeaplet's TypeDefinition.A
PolicyDecisionContext convey policy decision information to downstream filters and handlers.This filter requests policy decisions from Access Management which evaluates the
original URI based on the context and the policies configured, and according
to the decisions, allows or denies the current request.
Creates and initializes a policy enforcement filter in a heap environment.
Provide
PolicyEnforcementFilter.Heaplet's TypeDefinition.An exception that is thrown to indicate that a resource's current version
does not match the version provided.
An exception that is thrown to indicate that a resource requires a version,
but no version was supplied in the request.
A
Predicate functional interface which can thrown a checked Exception.Utility class for
Predicate.This class encapsulates an ordered list of preferred locales, and the logic
to use those to retrieve i18n
ResourceBundles.Container for a principal and secret.
A
Filter implementation for adding the client credentials to request as signed private key jwt as per
the OpenID Connect Client
Authentication specification.PrivateKeyJwtClientAuthenticationFilter.Builder<T extends PrivateKeyJwtClientAuthenticationFilter.Builder<T>>
Builder class for creating the PrivateKey Jwt ClientAuthentication Filter.
Heaplet supporting creation of a private-key-jwt authentication
Filter.Provide the
PrivateKeyJwtClientAuthenticationFilterHeaplet's
TypeDefinition.Utility class to retrieve product information.
Strategy for obtaining the information relating to the product in which the AuditService is deployed.
A
Promise represents the result of an asynchronous task.An implementation of
Promise which can be used as is, or as the basis
for more complex asynchronous behavior.Utility methods for creating and composing
Promises.Ordered list of joined asynchronous results.
Utility class for promises management.
Decodes secrets in raw base64 format.
A
SecretStore implementation that resolves secrets as base64-encoded strings from an underlying
PropertyResolver.Configure proxy settings.
A purpose encapsulates both a name for a function that requires access to secrets, together with a hint as
to the intended usage of those secrets.
A filter which can be used to select resources, which is compatible with the CREST query filters.
QueryFilter constants.
A query string has the following string representation:
Convenience methods to create
QueryFilter that
specify fields in terms of JsonPointer instances.A visitor of
QueryFilters, in the style of the visitor design
pattern.A request to search for all JSON resources matching a user specified set of criteria.
A completion handler for consuming the results of a query request.
The final result of a query request returned after all resources matching the
request have been returned.
The
Randoms utility class offers methods to generate random values.Generates a random value (cryptographically secure) that can be used in a query parameter value.
Exposes a range of integer values as a set.
Utility class for ReactiveX operations.
A request to read a single identified JSON resource.
This class defines a Realm as it is used in OpenAM.
A
RealmNormalizer computes the path segment that includes the AM realm information
as it should be used in REST API call.CREST collection service dedicated to persist JSON objects (other types are not supported: arrays,
primitives, and null).
File-based
Record storage service.A
Header representation of the Referrer HTTP header.A grant type handler that can obtain an access token using a previously obtained refresh token.
Represents an exception whilst performing OpenID registration.
A input parameter-validating utility class using fluent invocation:
A request message.
Common attributes of all JSON resource requests.
A context for audit information for an incoming request.
Exposes incoming request cookies.
Provide the
RequestFormResourceAccess's TypeDefinition.Represents the contract with a set of resources.
The
RequestResourceUriProvider has the following configuration:Creates and initializes a RequestResourceUriProvider in a heap environment.
Provide
RequestResourceUriProvider.Heaplet's TypeDefinition.A utility class containing various factory methods for creating and
manipulating requests.
An enumeration whose values represent the different types of request.
A visitor of
Requests, in the style of the visitor design pattern.A
Resource represents any content that can be served through the ResourceHandler.A
ResourceAccess encapsulates the logic of required scope selection.Utility class providing
ResourceAccess configuration support.Implementations of this interface will be responsible for maintaining the
behaviour of API Version routing.
API Version routing filter which creates a
ApiVersionRouterContext
which contains the default routing behaviour when the
Accept-API-Version header is set on the request.API Version routing filter which creates a
ApiVersionRouterContext
which contains the default routing behaviour when the
Accept-API-Version header is set on the request.A
Filter supporting the specification of resource API version configuration to be
used when a request on a specific endpoint does not contain an Accept-API-Version
header.Handler allowing products to extend behaviour when a request has no resource API version supplied.
Class representing a mapping between a
ResourcePath and a Version.ResourceApiVersionSpecificationFilter.VersionSpecification supporting specification of a request's resource version
based on its resource path.Mechanism supporting specification of a version on the request.
An exception that is thrown during the processing of a JSON resource request.
Utility class to use on ResourceExceptions.
A
ResourceHandler is a handler that serves static content (content of a directory, or a zip).Creates and initializes a ResourceHandler in a heap environment.
Provide
ResourceHandler.Heaplet's TypeDefinition.Creates and initializes a
Filter supporting the transformation of client and user credentials
to an access_token, using the grant type "password".The
TypeDefinitionProvider of the ResourceOwnerOAuth2ClientFilterHeaplet.A grant type handler that can obtain an access token using the Resource Owner Password Credentials (ROPC) grant.
A relative path, or URL, to a resource.
A resource, comprising of a resource ID, a revision (etag), and its JSON
content.
This class contains methods for creating and manipulating connection
factories and connections.
Validates a
Request that contains an OAuth 2.0 access token.A
ResourceSet abstracts Resource lookup mechanism.Used to obtain the resource URI to include in policy requests.
A response message.
Common response object of all resource responses.
Indicates whether a response can be cached and under what conditions.
An HTTP Framework Exception that can be used by filters/handlers to simplify
control-flow inside async call-backs.
Provide out-of-the-box, pre-configured
Response objects.A utility class containing various factory methods for creating and
manipulating responses.
A
Result represents the result of a validation operation:
either a success or a failure (with an associated description).A
Result of a JWT validation.A completion handler for consuming the results of asynchronous tasks.
Hook into the retention checking operations for a file.
RetentionHooks that do nothing.Defines the retention conditions and the files that need to be deleted.
Retry the
AmLink start according to criterion.A type helper to supply an
AmLink.AmLinkSupplier from an SSO Token.An exception that indicates that a failure may be temporary, and that
retrying the same request may be able to succeed in the future.
A
RetryFilter is responsible for re-executing the incoming request should it fail with a runtime exception,
if an optional runtime exception retry condition evaluates to true, or if an optional condition expression evaluates
to true.A
RetryFilter builder.Creates a reverse proxy
Handler in a heap environment.Provide ReverseProxyHandler's
TypeDefinition.A
Context which has an a globally unique ID but no parent.Interface defining methods a rotatable file needs.
Supports file rotation and retention.
Callback hooks to allow custom action to be taken before and after the checks for rotation and
retention is performed.
This class holds some information while a file is being rotated.
Callback hooks to allow custom action to be taken before and after file rotation occurs.
RotationHooks that do nothing.Interface to decide if a file should be rotated or not.
Contains the result of routing to a particular route.
A matcher for evaluating whether a route matches the incoming request.
A utility class that contains methods for creating route matchers.
A utility class that contains methods for creating route matchers.
A router which routes requests based on route matchers.
A router which routes requests based on route predicates.
Represents a URI template string that will be used to match and route
incoming requests.
Auto-configured
DispatchHandler.Creates and initializes a routing handler in a heap environment.
Represents an exception whilst managing the routes in a @
RouterHandler.Provide
RouterHandler's TypeDefinition.Provides the Route type.
Context implementation to maintain a record of the route that accepted the request.The algorithm which should be used when matching URI templates against
request resource names.
Deprecated.
Use
RSAEncryptionHandler and AESCBCHMACSHA2ContentEncryptionHandler instead.Deprecated.
Use
RSAEncryptionHandler and AESCBCHMACSHA2ContentEncryptionHandler instead.Abstract base class for implementations of the RSAES-PKCS1-v1_5 and RSA-OAEP encryption schemes.
Implements a RsaJWK.
The RSA JWK builder.
Holds the other prime factors.
Deprecated.
Use
SecretRSASigningHandler insteadSupported runtime modes.
A completion handler for consuming runtime exceptions which occur during the
execution of asynchronous tasks.
Register all the aliases supported by the openig-saml module.
A simple container for the key SAML configuration items.
Context implementation to hold error details, should an error occur during SAML processing.The SAML federation filter works like other SSO type filters, a request that passes through the SAML federation
filter, that does not trigger the logout expression or matches one of the SAML endpoints, will be checked for a
valid session.
Provide
SamlFederationFilterHeaplet's TypeDefinition.Deprecated.
in 2023.4.0, use
SamlFederationFilterHeaplet as a replacementProvide
SamlFederationHandlerHeaplet's TypeDefinition.Heaplet for building ScheduledExecutorService instances.
Provide
ScheduledExecutorServiceHeaplet's TypeDefinition.Encapsulate an executable script.
A Scriptable access token resolver.
Creates and initializes a scriptable access token resolver in a heap environment.
Provide the
ScriptableAccessTokenResolver's TypeDefinition.A scriptable filter.
Creates and initializes a scriptable filter in a heap environment.
Provide
ScriptableFilter.Heaplet's TypeDefinition.A scriptable handler.
Creates and initializes a scriptable handler in a heap environment.
Provide
ScriptableHandler.Heaplet's TypeDefinition.A scriptable
IdentityAssertionPlugin.Creates and initializes a ScriptableIdentityAssertionPlugin in a heap environment.
Provide
ScriptableIdentityAssertionPlugin's TypeDefinition.A Scriptable JWT Validator customizer.
Creates and initializes a scriptable Jwt Validator customizer in a heap environment.
Provide
ScriptableJwtValidatorCustomizer's TypeDefinition.A scriptable resource access.
Creates and initializes a scriptable object in a heap environment.
Provide the
ScriptableResourceAccess's TypeDefinition.A scriptable resource URI provider.
Creates and initializes a scriptable resource url provider in a heap environment.
Provide
ScriptableResourceUriProvider.Heaplet's TypeDefinition.A scriptable throttling datasource.
Creates and initializes a scriptable object in a heap environment.
Provide
ScriptableThrottlingPolicy's TypeDefinition.A factory for
Scripts.A ScriptFactoryManager is the plug-in point where
ScriptFactory implementations need to be registered
in order to be available to the runtime.A secret is any piece of data that should be kept confidential.
Provides a uniform way for secrets providers to construct secrets and keys.
A Handle to expire a secret.
A simple holder of a secret and its expirer.
Interface for constraints on a secret that must be satisfied for a given
Purpose.Specifies how data retrieved from a
SecretStore should be decoded into a secret object.Elliptic Curve Digital Signature Algorithm (ECDSA) signing and verification.
Signing handler for Edwards Curve DSA (EdDSA) as defined in RFC
8037.
An implementation of the SigningHandler which can sign and verify using algorithms from the HMAC family.
Wraps a property format that decodes raw bytes and converts it into a property format for extracting secret keys
using some algorithm.
It builds a
SecretPropertyFormat that can be use with SecretStore
mappings configuration.Provide the
SecretKeyPropertyFormatHeaplet's TypeDefinition.Defines the format of secrets loaded from configuration properties.
Class aggregating basic
TypeDefinitions for simple subtypes of
SecretPropertyFormat.A long-lived reference to an active or named secret.
The secret resource used for creating a
Secret.An
Secret-based implementation of the SigningHandler which
can sign and verify using algorithms from the RSA family.Provides
Secret-based signing and verification code base.Token handler for creating tokens using a JWT as the store.
Builder pattern object for configuring a
SecretsJwtTokenHandler.An
X509ExtendedKeyManager implementation that gets keys and certificates from a SecretsProvider.A
SecretsKeyManagerHeaplet acts as a factory of SecretsKeyManager.Provide
SecretsKeyManagerHeaplet's TypeDefinition.A Java security provider that exposes a KeyStore view of a secret store.
Class used to initialise the keystore when it is initialised via the standard Java interfaces.
The secrets provider is used to get hold of active, named or valid secret objects.
Creates and initializes a
SecretsProvider in a heap environment.Provide the
SecretsProviderHeaplet's TypeDefinition.An implementation of
Saml2CredentialResolver that provides support for resolving secrets configured in an
IG route/heap.A backend storage mechanism for certain kinds of secrets.
Provides an implementation of a standard Java TLS
X509ExtendedTrustManager that will retrieve trusted
certificates from the Secrets API.A
SecretsTrustManagerHeaplet acts as a factory of SecretsTrustManager.Provide
SecretsTrustManagerHeaplet's TypeDefinition.Utility class to use the Commons Secret API.
Represents a storage for secure keys, to be used for signing files.
Exception that can be thrown by a SecureStorage implementation.
Strategy for obtaining a secure storage, used by handlers providing tamper-evident feature.
A
Context containing information about the client performing the
request which may be used when performing authorization decisions.Deprecated.
This class will be removed once CAF has been migrated fully to CHF, at which point components should
create
SecurityContexts directly rather than via request attributes.Allows records to be retrieved from a delimiter-separated file using key and value.
Reads records with delimiter-separated values from a character stream.
A field separator specification, used to parse delimiter-separated values.
Commonly used field separator specifications.
Processes a request through a sequence of handlers.
Creates and initializes a sequence handler in a heap environment.
Provide
SequenceHandler's TypeDefinition.Provides server info (build-time defined values only at the moment) in a read-only fashion.
Extension to
TlsOptions supporting client authentication configuration used to drive the authentication
negotiation between the client and IG.Enum representing the client authentication configuration options driving authentication negotiations between IG
and the client.
A SNI (Server Name Indication) configuration holder.
Creates and initializes server-side TLS options in a heap environment.
Provide
ServerTlsOptionsHeaplet's TypeDefinition.Used to implement different Kerberos based service logins.
An exception that is thrown during an operation on a resource when the server
is temporarily unable to handle the request.
An interface for managing attributes across multiple requests from the same user agent.
A
SessionContext is a mechanism for maintaining state between components when processing a successive
requests from the same logical client or end-user.Represents an exception whilst performing Session Service.
The
SessionInfo class is responsible to store session info for a given SSO Token.Context to store Access Management session info and properties.This filter requests user session info from Access Management and stores it
on the context for later use.
Creates and initialises a session info filter in a heap environment.
Provide
SessionInfoFilter.Heaplet's TypeDefinition.Deprecated.
Configuration wrapper for JMS
Session.getAcknowledgeMode() SessionMode setting.The
SessionService is responsible to perform interactions with AM sessions endpoint,
such as session info or logout, etc.Deprecated, for removal: This API element is subject to removal in a future version.
This header is no longer supported by browsers.
Processes the
Set-Cookie request message header.This filter allows modification of response cookie attribute values for cookies found in the
Set-Cookies header.
Creates and initializes a SetCookieUpdateFilter in a heap environment.
Provide
SetCookieUpdateFilter.Heaplet's TypeDefinition.Contains another set, which is uses as its basic source of data, possibly transforming the
data along the way.
Defines the standard Syslog message severities.
Verifies a certificate thumbprint against a previously calculated thumbprint, stored in a specially named attribute
stored in the context's attributes.
Any component which needs to be shut down should implement this interface
and use the function to shut down the component.
Interface used by shutdown managers to allow for thread safe
adding and removing of shutdown listeners.
This class defines the shutdown priorities that are consumed by
com.sun.identity.common.ShutdownManager.Sends the requests and responses to the Ping Sideband API, then processes its decisions and accept/reject/rewrite
requests and responses.
Utility class for signing and verifying signatures.
Deprecated.
Use
EncryptedThenSignedJwtHeaderBuilder instead.Deprecated.
Use
EncryptedThenSignedJwt instead.Deprecated.
Use
EncryptedThenSignedJwtBuilder instead.A JWS implementation of the
Jwt interface.A base interface for both SignedJwtBuilder and SignedEncryptedJwtBuilder to create Signed JWTs and Signed and
Encrypted JWTs.
An implementation of a JwtBuilder that can build a JWT and sign it, resulting in a SignedJwt object.
A
JwtFactory for SignedJwt.A nested signed-then-encrypted JWT.
Builder for nested signed-then-encrypted JWT.
A
JwtFactory for SignedThenEncryptedJwt.The interface for SigningHandlers for all the different signing algorithms.
A key that is used for signing digital signatures.
A service to get the appropriate SigningHandler for a specific Java Cryptographic signing algorithm.
This filter verifies the presence of a SSOToken in the given cookie name.
Creates and initialises an authentication filter in a heap environment.
Provide
SingleSignOnFilter's TypeDefinition.An implementation interface for resource providers which exposes a single
permanent resource instance.
A
StableIdResolver that matches a stableId exactly to the purpose for returning only one Secret.Created a size based file retention policy.
Creates a file size based rotation policy.
An implementation of a
ResultRecorder to count the number of failed requests in the last size
requests.A sort key which can be used to specify the order in which JSON resources
should be included in the results of a query request.
This comparator iterates through the provided sortKeys and finds the first comparative difference between the left
and right side JsonValues.
Defines possible positions for JsonValue that wraps a
null object.Split a target cookie that is bigger than 4Kb
(see RFC 6265) in smaller cookies.
Split a target cookie that is bigger than 4Kb (see RFC
6265) into smaller cookies.
Context holding the row found by an
SqlAttributesFilter.Executes a SQL query through a prepared statement and exposes its first result.
Creates and initializes a static attribute provider in a heap environment.
Provide
SqlAttributesFilter.Heaplet's TypeDefinition.Represents the successful result of an authentication against the AM server.
The
SsoTokenContext provides access to the token and user information related to this session.Permits to use a
AmLink even if not started or between disconnection and reconnection events.Interface for resolving stable ids in a
SecretStore.A utility class to capture startup metrics.
A
StatelessAccessTokenResolver that locally resolves and validates stateless access_tokens issued by AM.Creates and initializes a stateless access token resolver in the heap environment.
Provide the
StatelessAccessTokenResolver's TypeDefinition.Creates a new request and send it down the next handler (effectively replacing the previous request).
Creates and initializes a request filter in a heap environment.
Provide
StaticRequestFilter.Heaplet's TypeDefinition.Creates a static HTTP response.
Creates and initializes a static response handler in a heap environment.
Provide
StaticResponseHandler's TypeDefinition.The status-code element is a three-digit integer code giving the
result of the attempt to understand and satisfy the request.
The first digit of the status-code defines the class of response.
Utility methods for operating on IO streams.
This class provides an utility method for validating that a String is either an arbitrary string without any ":"
characters or if the String does contain a ":" character then the String is a valid URI.
Common utility methods for Strings.
Miscellaneous string utility methods.
A
StsContext convey the token transformation results to downstream filters and handlers.Represents a managed subscription to a given topic.
A
SubscriptionAck is a response message to a SubscriptionRequest.Represents a subscription (or un-subscription) failure.
A
SubscriptionRequest is a message send to the notification server when subscribing to a topic.The different kind of subscription requests.
A
Supplier functional interface which can throw a checked Exception.Enumerates all supported elliptic curve parameters for ESXXX signature formats.
An API Producer for APIs that use the Swagger model implementation of the OpenAPI specification.
Extension of
Swagger to override some of its behaviors.Swagger utility.
Conditionally diverts the request to another handler.
Creates and initializes a switch filter in a heap environment.
Provide
SwitchFilter's TypeDefinition.An interface for implementing synchronous
RequestHandlers.The handler publishes audit events formatted using
SyslogFormatter to a syslog daemon using
the configured SyslogPublisher.Configuration object for the
SyslogAuditEventHandler.Configuration of event buffering.
Encapsulates configuration for mapping audit event field values to Syslog severity values.
This heaplet represents an instance of a
PropertyResolverSecretStore resolving properties in system then
in environment variables.Provide
SystemAndEnvSecretStoreHeaplet's TypeDefinition.A
ProxyOptions to use when the system defined proxy must be used.Creates and initializes a
SystemProxyOptions in a heap environment.Provide the
SystemProxyOptions's TypeDefinition.Contains the necessary information to map an event to a database table, and the event fields to the columns
in that database table.
A Heaplet to call
IO.newTemporaryStorage() within a heaplet environment.Provide
TemporaryStorageHeaplet's TypeDefinition.A TextWriter provides a character-based stream which can be queried for number of bytes written.
A TextWriter implementation which writes to a given output stream.
Wraps a
TextWriter in a Writer.A secret store that wraps another secret store and performs all query operations in a background thread using a
thread pool.
Common utility methods for Threads.
This filter applies a rate limitation to incoming requests : over the limit requests will be rejected with a 429
(Too Many Requests) response, others will pass through.
Creates and initializes a throttling filter in a heap environment.
Provide
ThrottlingFilterHeaplet's TypeDefinition.This interface defines the contract to lookup a
ThrottlingRate that will be applied to the given
Request.A value object to represent a throttling rate.
This interface defines the contract for any throttling strategy.
Throwable utilities class.
Creates a rotation policy based on a time duration.
Creates and initializes a TimerDecorator in a heap environment.
Provide
TimerDecorator's TypeDefinition.A factory for the
TimerDecorator.A
FilenameFilter that matches historical log files.Creates a time stamp based file naming policy.
Key TLS Options used by both the
ClientTlsOptions and the ServerTlsOptions.The rate limiting is implemented as a token bucket strategy
that gives us the ability to handle rate limits through a sliding window.
Responsible for the validation, generation and parsing of tokens used for keying a JsonValue
representative of some state.
An exception generated by a
TokenHandler on either creation, validation, or state extraction.An
AccessTokenResolver which is RFC 7662 compliant.Creates and initializes an
TokenIntrospectionAccessTokenResolver in a heap environment.Provide
TokenIntrospectionAccessTokenResolverHeaplet's
TypeDefinition.Deprecated, for removal: This API element is subject to removal in a future version.
A
TokenTransformationFilter is responsible for transforming a token issued by Access Management
into a token of another type.Creates and initializes a token transformation filter in a heap environment.
Provide
TokenTransformationFilter.Heaplet's TypeDefinition.Multiplex topic registration on top of a
AmLink.Creates and initializes a TracingDecorator in a heap environment.
A factory for the
TracingDecorator.A factory for wrapping an
AuditService.A factory for wrapping a
Filter.A factory for wrapping a
Handler.Provide
TracingDecorator's TypeDefinition.A
Header representation of the Trailer HTTP response header.TransactionId value should be unique per request coming from an external agent so that all events occurring in
response to the same external stimulus can be tied together.
This context aims to hold the
TransactionId.Processes the transactionId header used mainly for audit purpose.
This filter is responsible to create the
TransactionIdContext in the context's chain.This filter aims to create a sub-transaction's id and inserts that value as a header of the request.
Creates a
TransactionIdOutboundFilter.The
TransactionIdOutboundFilterHeaplet's TypeDefinitionProvider.Transport protocol over which Syslog messages should be published.
Trust all certificates that this class is asked to check.
Creates and initializes a trust-all manager in a heap environment.
Provide
TrustAllManager.Heaplet's TypeDefinition.Deprecated.
Use
SecretsTrustManagerHeaplet instead.Type definitions helpers for generic types.
Register all the aliases supported by the openig-uma module.
UMA Resource Server specific exception thrown when unrecoverable errors are happening.
An
UmaResourceServerFilter implements a PEP (Policy Enforcement Point) and is responsible to ensure the
incoming requests (from requesting parties) all have a valid RPT (Request Party Token) with the required set of
scopes.Creates and initializes an UMA resource server filter in a heap environment.
Provide
UmaResourceServerFilter.Heaplet's TypeDefinition.An
UmaSharingService provides core UMA features to the Identity Gateway
when acting as an UMA Resource Server.Creates and initializes an UMA service in a heap environment.
Provide
UmaSharingService.Heaplet's TypeDefinition.An exception that indicates that a failure is not directly known to the
system, and hence requires out-of-band knowledge or enhancements to determine
if a failure should be categorized as temporary or permanent.
An marker interface for tagging collection implementations as read-only.
Indicates that the JWT had critical headers that were not
recognized by the JWT library and not
implemented by the
application.
Represents an unrecoverable authentication error or failure such as a missing authentication Tree or Service.
Indicates a 415 Unsupported Media Type response that the Content-Type of the request was not acceptable.
A request to update a JSON resource by replacing its existing content with new content.
Filter supporting URL path rewriting.Create a
UriPathRewriteFilter in a heap environment.Provide
UriPathRewriteFilter's TypeDefinition.A
Context which is created when a request has been routed.Ease
UriRouterContext construction.Utility class for performing operations on universal resource identifiers.
Computes AM endpoint URIs, based on path normalizer, realm and a base Uri.
Provides support for a service login using a username/password.
Creates and initializes a
UsernamePasswordServiceLogin in a heap environment.Provide the
UsernamePasswordServiceLogin's TypeDefinition.Class containing user profile information.
Used by the
UserProfileFilter to make the user's profile attributes available in the context.Represents an exception thrown whilst performing UserProfileService operations.
This filter requests user profile attributes from Access Management and stores them in the context for later use.
Creates and initialises a
UserProfileFilter in a heap environment.Provide
UserProfileFilterHeaplet's TypeDefinition.The
UserProfileService is responsible for requesting user profile attributes.Creates and initializes a
UserProfileService in a heap environment.Provide
UserProfileServiceHeaplet's TypeDefinition.This class provides utility methods to share common behaviour.
Utility class.
Deprecated.
Hash a non-null value, returns a base64 encoded String of the hash.
SHA-256 implementation of the
Utils.Digest interface.The validation context that will be passed among the different JWT constraints validations.
A set of credential pairs built from a
ValidSecretsReference.A long-lived reference to a number of secrets.
Utility methods to create
Value instances related to IG.A key used for verifying digital signatures.
Represents some version in the form majorNumber.minorNumber,
for instance 2.4.
Supports version with the following format: major[.minor[.micro]].
Describe a Violation, used for the JWT validation.
This annotation doesn't actually do anything, other than provide documentation of the fact that a function has
either been marked public, or package private in order for a test (somewhere physically distant in the system)
to compile.
WarningHeader entry.Processes the
Warning message header.Basic websocket application interface facilitating different provider implementations.
A configuration holder to instantiate
WebSocketAdapter.Provider of a WebSocket clients.
A provider capable of providing a
Filter to manage WebSocket upgrade requests and subsequently manage the
bi-directional communication from the client to the remote application.A provider capable of providing a
Filter to manage WebSocket upgrade requests and subsequently manage the
bi-directional communication from the client to the remote application.Creates a static response containing a simple HTML welcome page.
Creates and initializes a static response handler in a heap environment.
Provide
WelcomeHandler.Heaplet's TypeDefinition.A
Header representation of the WWW-Authenticate HTTP header.A single WWW-Authenticate challenge.
Utilities for handling XEC keys for X25519 and X448 ECDH key agreement.
Processes the
X-Forwarded-For message header.This is a custom XML handler to load the dtds from the classpath This should
be used by all the xml parsing document builders to set the default entity
resolvers.
Utility classes for handling XML.
ContentEncryptionHandlerinstead.