camunda-community-hub
diff --git a/‎camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/Authentication.java
+4-1 b/‎camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/Authentication.java
+4-1
diff --git a/‎camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/DefaultNoopAuthentication.java
+1-3 b/‎camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/DefaultNoopAuthentication.java
+1-3
diff --git a/‎camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/JwtAuthentication.java
+65-4 b/‎camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/JwtAuthentication.java
+65-4
diff --git a/‎camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/JwtAuthenticationBuilder.java
+22 b/‎camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/JwtAuthenticationBuilder.java
+22
diff --git a/‎camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/SaaSAuthentication.java
+24-42 b/‎camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/SaaSAuthentication.java
+24-42
diff --git a/‎camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/SaaSAuthenticationBuilder.java
+11-9 b/‎camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/SaaSAuthenticationBuilder.java
+11-9
diff --git a/‎camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/SelfManagedAuthentication.java
+16-61 b/‎camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/SelfManagedAuthentication.java
+16-61
@@ -4,9 +4,12 @@
 
 public interface Authentication {
 
-  Authentication build();
 
   Map.Entry<String, String> getTokenHeader(Product product);
 
   void resetToken(Product product);
+
+  interface AuthenticationBuilder {
+    Authentication build();
+  }
 }
@@ -17,10 +17,8 @@ public class DefaultNoopAuthentication implements Authentication {
 
   private final String errorMessage = "Unable to determine authentication. Please check your configuration";
 
-  @Override
-  public Authentication build() {
+  public DefaultNoopAuthentication() {
     LOG.error(errorMessage);
-    return this;
   }
 
   @Override
 
@@ -1,9 +1,70 @@
 package io.camunda.common.auth;
 
-/**
- * TODO: Figure out common functionality between SaaS and Self Managed that can be inserted here
- * to reduce code duplication. If not, remove this class
- */
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.lang.invoke.MethodHandles;
+import java.time.LocalDateTime;
+import java.util.AbstractMap;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Map.Entry;
+
+
 public abstract class JwtAuthentication implements Authentication {
+  private static final Logger LOG = LoggerFactory.getLogger(MethodHandles
+    .lookup().lookupClass());
+
+  private final JwtConfig jwtConfig;
+  private final Map<Product, JwtToken> tokens = new HashMap<>();
+
+  protected JwtAuthentication(JwtConfig jwtConfig) {this.jwtConfig = jwtConfig;}
+
+  public JwtConfig getJwtConfig() {
+    return jwtConfig;
+  }
+
+  @Override
+  public final void resetToken(Product product) {
+    tokens.remove(product);
+  }
+  @Override
+  public final Entry<String, String> getTokenHeader(Product product) {
+    if (!tokens.containsKey(product) || !isValid(tokens.get(product))) {
+      JwtToken newToken = generateToken(product,jwtConfig.getProduct(product));
+      tokens.put(product, newToken);
+    }
+    return authHeader(tokens.get(product).getToken());
+  }
+
+  protected abstract JwtToken generateToken(Product product, JwtCredential credential);
+
+  private Entry<String,String> authHeader(String token){
+    return new AbstractMap.SimpleEntry<>("Authorization", "Bearer " + token);
+  }
+
+  private boolean isValid(JwtToken jwtToken) {
+    // a token is only counted valid if it is only valid for at least 30 seconds
+    return jwtToken.getExpiry().isAfter(LocalDateTime.now().minusSeconds(30));
+  }
+
+
+
+  protected static class JwtToken {
+    private final String token;
+    private final LocalDateTime expiry;
+
+    public JwtToken(String token, LocalDateTime expiry) {
+      this.token = token;
+      this.expiry = expiry;
+    }
+
+    public String getToken() {
+      return token;
+    }
 
+    public LocalDateTime getExpiry() {
+      return expiry;
+    }
+  }
 }
@@ -0,0 +1,22 @@
+package io.camunda.common.auth;
+
+import io.camunda.common.auth.Authentication.AuthenticationBuilder;
+
+public abstract class JwtAuthenticationBuilder<
+    T extends JwtAuthenticationBuilder<?>> implements AuthenticationBuilder {
+  private JwtConfig jwtConfig;
+
+  public final T withJwtConfig(JwtConfig jwtConfig) {
+    this.jwtConfig = jwtConfig;
+    return self();
+  }
+
+  @Override
+  public final Authentication build() {
+    return build(jwtConfig);
+  }
+
+  protected abstract T self();
+
+  protected abstract Authentication build(JwtConfig jwtConfig);
+}
@@ -19,69 +19,51 @@
 public class SaaSAuthentication extends JwtAuthentication {
 
   private static final Logger LOG = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-  private JwtConfig jwtConfig;
-  private Map<Product, String> tokens;
 
-  // TODO: have a single object mapper to be used all throughout the SDK, i.e.bean injection
-  private JsonMapper jsonMapper = new SdkObjectMapper();
+  private final JsonMapper jsonMapper;
 
-  public SaaSAuthentication() {
-    tokens = new HashMap<>();
+  public SaaSAuthentication(JwtConfig jwtConfig, JsonMapper jsonMapper) {
+    super(jwtConfig);
+    this.jsonMapper = jsonMapper;
   }
 
   public static SaaSAuthenticationBuilder builder() {
     return new SaaSAuthenticationBuilder();
   }
 
-  public JwtConfig getJwtConfig() {
-    return jwtConfig;
-  }
-
-  public void setJwtConfig(JwtConfig jwtConfig) {
-    this.jwtConfig = jwtConfig;
-  }
-
-  @Override
-  public Authentication build() {
-    return this;
-  }
 
-  @Override
-  public void resetToken(Product product) {
-    tokens.remove(product);
-  }
-
-  private String retrieveToken(Product product, JwtCredential jwtCredential) {
-      try(CloseableHttpClient client = HttpClients.createDefault()){
-        HttpPost request = buildRequest(jwtCredential);
-        TokenResponse tokenResponse = client.execute(request, response ->
-           jsonMapper.fromJson(EntityUtils.toString(response.getEntity()), TokenResponse.class)
-        );
-        tokens.put(product, tokenResponse.getAccessToken());
-      } catch (Exception e) {
+  private TokenResponse retrieveToken(Product product, JwtCredential jwtCredential) {
+    try (CloseableHttpClient client = HttpClients.createDefault()) {
+      HttpPost request = buildRequest(jwtCredential);
+      return client.execute(
+          request,
+          response ->
+              jsonMapper.fromJson(EntityUtils.toString(response.getEntity()), TokenResponse.class));
+    } catch (Exception e) {
       LOG.error("Authenticating for " + product + " failed due to " + e);
       throw new RuntimeException("Unable to authenticate", e);
     }
-    return tokens.get(product);
   }
 
   private HttpPost buildRequest(JwtCredential jwtCredential) {
     HttpPost httpPost = new HttpPost(jwtCredential.getAuthUrl());
     httpPost.addHeader("Content-Type", "application/json");
-    TokenRequest tokenRequest = new TokenRequest(jwtCredential.getAudience(), jwtCredential.getClientId(), jwtCredential.getClientSecret());
+    TokenRequest tokenRequest =
+        new TokenRequest(
+            jwtCredential.getAudience(),
+            jwtCredential.getClientId(),
+            jwtCredential.getClientSecret());
     httpPost.setEntity(new StringEntity(jsonMapper.toJson(tokenRequest)));
     return httpPost;
   }
 
+
+
   @Override
-  public Map.Entry<String, String> getTokenHeader(Product product) {
-    String token;
-    if (tokens.containsKey(product)) {
-      token = tokens.get(product);
-    } else {
-      JwtCredential jwtCredential = jwtConfig.getProduct(product);
-      token = retrieveToken(product, jwtCredential);
-    }
-    return new AbstractMap.SimpleEntry<>("Authorization", "Bearer " + token);
+  protected JwtToken generateToken(Product product, JwtCredential credential) {
+    TokenResponse tokenResponse = retrieveToken(product, credential);
+    return new JwtToken(
+        tokenResponse.getAccessToken(),
+        LocalDateTime.now().plusSeconds(tokenResponse.getExpiresIn()));
   }
 }
@@ -1,20 +1,22 @@
 package io.camunda.common.auth;
 
-public class SaaSAuthenticationBuilder {
+import io.camunda.common.json.JsonMapper;
 
-  SaaSAuthentication saaSAuthentication;
+public class SaaSAuthenticationBuilder extends JwtAuthenticationBuilder<SaaSAuthenticationBuilder> {
+  private JsonMapper jsonMapper;
 
-  SaaSAuthenticationBuilder() {
-    saaSAuthentication = new SaaSAuthentication();
+  public SaaSAuthenticationBuilder withJsonMapper(JsonMapper jsonMapper) {
+    this.jsonMapper = jsonMapper;
+    return this;
   }
 
-  public SaaSAuthenticationBuilder jwtConfig(JwtConfig jwtConfig) {
-    saaSAuthentication.setJwtConfig(jwtConfig);
+  @Override
+  protected SaaSAuthenticationBuilder self() {
     return this;
   }
 
-  public Authentication build() {
-    return saaSAuthentication.build();
+  @Override
+  protected SaaSAuthentication build(JwtConfig jwtConfig) {
+    return new SaaSAuthentication(jwtConfig, jsonMapper);
   }
-
 }
@@ -17,6 +17,7 @@
 import java.lang.invoke.MethodHandles;
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
+import java.time.LocalDateTime;
 import java.util.AbstractMap;
 import java.util.HashMap;
 import java.util.Map;
@@ -26,65 +27,23 @@ public class SelfManagedAuthentication extends JwtAuthentication {
 
   private static final Logger LOG = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
 
-  private String authUrl;
+  private final String authUrl;
+  private final JsonMapper jsonMapper;
 
-  // TODO: Check with Identity about upcoming IDPs to abstract this
-  private String keycloakRealm = "camunda-platform";
-  private String keycloakUrl;
-  private String keycloakTokenUrl;
-  private JwtConfig jwtConfig;
-  private Map<Product, String> tokens;
-
-  // TODO: have a single object mapper to be used all throughout the SDK, i.e.bean injection
-  private JsonMapper jsonMapper = new SdkObjectMapper();
-
-  public SelfManagedAuthentication() {
-    tokens = new HashMap<>();
+  public SelfManagedAuthentication(JwtConfig jwtConfig, String authUrl, JsonMapper jsonMapper) {
+    super(jwtConfig);
+    this.authUrl = authUrl;
+    this.jsonMapper = jsonMapper;
   }
 
   public static SelfManagedAuthenticationBuilder builder() {
     return new SelfManagedAuthenticationBuilder();
   }
 
-  public void setKeycloakRealm(String keycloakRealm) {
-    this.keycloakRealm = keycloakRealm;
-  }
-
-  public void setKeycloakUrl(String keycloakUrl) {
-    this.keycloakUrl = keycloakUrl;
-  }
-
-  public void setKeycloakTokenUrl(String keycloakTokenUrl) {
-    this.keycloakTokenUrl = keycloakTokenUrl;
-  }
-
-  public JwtConfig getJwtConfig() {
-    return jwtConfig;
-  }
-
-  public void setJwtConfig(JwtConfig jwtConfig) {
-    this.jwtConfig = jwtConfig;
-  }
-
-  @Override
-  public Authentication build() {
-    if (keycloakTokenUrl != null) {
-      authUrl = keycloakTokenUrl;
-    } else {
-      authUrl = keycloakUrl+"/auth/realms/"+keycloakRealm+"/protocol/openid-connect/token";
-    }
-    return this;
-  }
-
-  @Override
-  public void resetToken(Product product) {
-    tokens.remove(product);
-  }
-
-  private String retrieveToken(Product product, JwtCredential jwtCredential) {
+  private TokenResponse retrieveToken(Product product, JwtCredential jwtCredential) {
     try(CloseableHttpClient client = HttpClients.createDefault()) {
       HttpPost request = buildRequest(jwtCredential);
-      TokenResponse tokenResponse =
+      return
           client.execute(
               request,
               response -> {
@@ -99,12 +58,10 @@ private String retrieveToken(Product product, JwtCredential jwtCredential) {
                           + EntityUtils.toString(response.getEntity()));
                 }
               });
-      tokens.put(product, tokenResponse.getAccessToken());
     } catch (Exception e) {
       LOG.error("Authenticating for " + product + " failed due to " + e);
       throw new SdkException("Unable to authenticate", e);
     }
-    return tokens.get(product);
   }
 
   private HttpPost buildRequest(JwtCredential jwtCredential) {
@@ -132,15 +89,13 @@ private HttpPost buildRequest(JwtCredential jwtCredential) {
     return  httpPost;
   }
 
+
+
   @Override
-  public Map.Entry<String, String> getTokenHeader(Product product) {
-    String token;
-    if (tokens.containsKey(product)) {
-      token = tokens.get(product);
-    } else {
-      JwtCredential jwtCredential = jwtConfig.getProduct(product);
-      token = retrieveToken(product, jwtCredential);
-    }
-    return new AbstractMap.SimpleEntry<>("Authorization", "Bearer " + token);
+  protected JwtToken generateToken(Product product, JwtCredential credential) {
+    TokenResponse tokenResponse = retrieveToken(product, credential);
+    return new JwtToken(
+        tokenResponse.getAccessToken(),
+        LocalDateTime.now().plusSeconds(tokenResponse.getExpiresIn()));
   }
 }
Original file line number	Diff line number	Diff line change
`@@ -17,10 +17,8 @@ public class DefaultNoopAuthentication implements Authentication {`
`17`	`17`
`18`	`18`	`private final String errorMessage = "Unable to determine authentication. Please check your configuration";`
`19`	`19`
`20`		`- @Override`
`21`		`- public Authentication build() {`
	`20`	`+ public DefaultNoopAuthentication() {`
`22`	`21`	`LOG.error(errorMessage);`
`23`		`- return this;`
`24`	`22`	`}`
`25`	`23`
`26`	`24`	`@Override`