refactored authentication and builders

Author: jonathanlukas

camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/JwtAuthentication.java

@@ -1,9 +1,66 @@
 package io.camunda.common.auth;
 
-/**
- * TODO: Figure out common functionality between SaaS and Self Managed that can be inserted here
- * to reduce code duplication. If not, remove this class
- */
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.lang.invoke.MethodHandles;
+import java.time.LocalDateTime;
+import java.util.AbstractMap;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Map.Entry;
+
+
 public abstract class JwtAuthentication implements Authentication {
+  private static final Logger LOG = LoggerFactory.getLogger(MethodHandles
+    .lookup().lookupClass());
+
+  private final JwtConfig jwtConfig;
+  private final Map<Product, JwtToken> tokens = new HashMap<>();
+
+  protected JwtAuthentication(JwtConfig jwtConfig) {this.jwtConfig = jwtConfig;}
+
+  @Override
+  public final void resetToken(Product product) {
+    tokens.remove(product);
+  }
+  @Override
+  public final Entry<String, String> getTokenHeader(Product product) {
+    if (!tokens.containsKey(product) || !isValid(tokens.get(product))) {
+      JwtToken newToken = generateToken(product,jwtConfig.getProduct(product));
+      tokens.put(product, newToken);
+    }
+    return authHeader(tokens.get(product).getToken());
+  }
+
+  protected abstract JwtToken generateToken(Product product, JwtCredential credential);
+
+  private Entry<String,String> authHeader(String token){
+    return new AbstractMap.SimpleEntry<>("Authorization", "Bearer " + token);
+  }
+
+  private boolean isValid(JwtToken jwtToken) {
+    // a token is only counted valid if it is only valid for at least 30 seconds
+    return jwtToken.getExpiry().isAfter(LocalDateTime.now().minusSeconds(30));
+  }
+
+
+
+  protected static class JwtToken {
+    private final String token;
+    private final LocalDateTime expiry;
+
+    public JwtToken(String token, LocalDateTime expiry) {
+      this.token = token;
+      this.expiry = expiry;
+    }
+
+    public String getToken() {
+      return token;
+    }
 
+    public LocalDateTime getExpiry() {
+      return expiry;
+    }
+  }
 }

camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/JwtAuthenticationBuilder.java

@@ -0,0 +1,22 @@
+package io.camunda.common.auth;
+
+import io.camunda.common.auth.Authentication.AuthenticationBuilder;
+
+public abstract class JwtAuthenticationBuilder<
+    T extends JwtAuthenticationBuilder<?>> implements AuthenticationBuilder {
+  private JwtConfig jwtConfig;
+
+  public final T withJwtConfig(JwtConfig jwtConfig) {
+    this.jwtConfig = jwtConfig;
+    return self();
+  }
+
+  @Override
+  public final Authentication build() {
+    return build(jwtConfig);
+  }
+
+  protected abstract T self();
+
+  protected abstract Authentication build(JwtConfig jwtConfig);
+}

camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/SaaSAuthentication.java

@@ -19,69 +19,51 @@
 public class SaaSAuthentication extends JwtAuthentication {
 
   private static final Logger LOG = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-  private JwtConfig jwtConfig;
-  private Map<Product, String> tokens;
 
-  // TODO: have a single object mapper to be used all throughout the SDK, i.e.bean injection
-  private JsonMapper jsonMapper = new SdkObjectMapper();
+  private final JsonMapper jsonMapper;
 
-  public SaaSAuthentication() {
-    tokens = new HashMap<>();
+  public SaaSAuthentication(JwtConfig jwtConfig, JsonMapper jsonMapper) {
+    super(jwtConfig);
+    this.jsonMapper = jsonMapper;
   }
 
   public static SaaSAuthenticationBuilder builder() {
     return new SaaSAuthenticationBuilder();
   }
 
-  public JwtConfig getJwtConfig() {
-    return jwtConfig;
-  }
-
-  public void setJwtConfig(JwtConfig jwtConfig) {
-    this.jwtConfig = jwtConfig;
-  }
-
-  @Override
-  public Authentication build() {
-    return this;
-  }
 
-  @Override
-  public void resetToken(Product product) {
-    tokens.remove(product);
-  }
-
-  private String retrieveToken(Product product, JwtCredential jwtCredential) {
-      try(CloseableHttpClient client = HttpClients.createDefault()){
-        HttpPost request = buildRequest(jwtCredential);
-        TokenResponse tokenResponse = client.execute(request, response ->
-           jsonMapper.fromJson(EntityUtils.toString(response.getEntity()), TokenResponse.class)
-        );
-        tokens.put(product, tokenResponse.getAccessToken());
-      } catch (Exception e) {
+  private TokenResponse retrieveToken(Product product, JwtCredential jwtCredential) {
+    try (CloseableHttpClient client = HttpClients.createDefault()) {
+      HttpPost request = buildRequest(jwtCredential);
+      return client.execute(
+          request,
+          response ->
+              jsonMapper.fromJson(EntityUtils.toString(response.getEntity()), TokenResponse.class));
+    } catch (Exception e) {
       LOG.error("Authenticating for " + product + " failed due to " + e);
       throw new RuntimeException("Unable to authenticate", e);
     }
-    return tokens.get(product);
   }
 
   private HttpPost buildRequest(JwtCredential jwtCredential) {
     HttpPost httpPost = new HttpPost(jwtCredential.getAuthUrl());
     httpPost.addHeader("Content-Type", "application/json");
-    TokenRequest tokenRequest = new TokenRequest(jwtCredential.getAudience(), jwtCredential.getClientId(), jwtCredential.getClientSecret());
+    TokenRequest tokenRequest =
+        new TokenRequest(
+            jwtCredential.getAudience(),
+            jwtCredential.getClientId(),
+            jwtCredential.getClientSecret());
     httpPost.setEntity(new StringEntity(jsonMapper.toJson(tokenRequest)));
     return httpPost;
   }
 
+
+
   @Override
-  public Map.Entry<String, String> getTokenHeader(Product product) {
-    String token;
-    if (tokens.containsKey(product)) {
-      token = tokens.get(product);
-    } else {
-      JwtCredential jwtCredential = jwtConfig.getProduct(product);
-      token = retrieveToken(product, jwtCredential);
-    }
-    return new AbstractMap.SimpleEntry<>("Authorization", "Bearer " + token);
+  protected JwtToken generateToken(Product product, JwtCredential credential) {
+    TokenResponse tokenResponse = retrieveToken(product, credential);
+    return new JwtToken(
+        tokenResponse.getAccessToken(),
+        LocalDateTime.now().plusSeconds(tokenResponse.getExpiresIn()));
   }
 }

camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/SaaSAuthenticationBuilder.java

@@ -1,20 +1,22 @@
 package io.camunda.common.auth;
 
-public class SaaSAuthenticationBuilder {
+import io.camunda.common.json.JsonMapper;
 
-  SaaSAuthentication saaSAuthentication;
+public class SaaSAuthenticationBuilder extends JwtAuthenticationBuilder<SaaSAuthenticationBuilder> {
+  private JsonMapper jsonMapper;
 
-  SaaSAuthenticationBuilder() {
-    saaSAuthentication = new SaaSAuthentication();
+  public SaaSAuthenticationBuilder withJsonMapper(JsonMapper jsonMapper) {
+    this.jsonMapper = jsonMapper;
+    return this;
   }
 
-  public SaaSAuthenticationBuilder jwtConfig(JwtConfig jwtConfig) {
-    saaSAuthentication.setJwtConfig(jwtConfig);
+  @Override
+  protected SaaSAuthenticationBuilder self() {
     return this;
   }
 
-  public Authentication build() {
-    return saaSAuthentication.build();
+  @Override
+  protected SaaSAuthentication build(JwtConfig jwtConfig) {
+    return new SaaSAuthentication(jwtConfig, jsonMapper);
   }
-
 }

camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/SelfManagedAuthentication.java

@@ -3,72 +3,39 @@
 import io.camunda.common.auth.identity.IdentityConfig;
 import io.camunda.identity.sdk.Identity;
 import io.camunda.identity.sdk.authentication.Tokens;
-import io.camunda.identity.sdk.authentication.exception.TokenExpiredException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 import java.lang.invoke.MethodHandles;
+import java.time.LocalDateTime;
 import java.util.AbstractMap;
 import java.util.HashMap;
 import java.util.Map;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 public class SelfManagedAuthentication extends JwtAuthentication {
 
   private static final Logger LOG = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-  private JwtConfig jwtConfig;
-  private IdentityConfig identityConfig;
-  private Map<Product, String> tokens;
+  private final IdentityConfig identityConfig;
 
-  public SelfManagedAuthentication() {
-    tokens = new HashMap<>();
+  public SelfManagedAuthentication(JwtConfig jwtConfig, IdentityConfig identityConfig) {
+    super(jwtConfig);
+    this.identityConfig = identityConfig;
   }
 
   public static SelfManagedAuthenticationBuilder builder() {
     return new SelfManagedAuthenticationBuilder();
   }
 
-  public JwtConfig getJwtConfig() {
-    return jwtConfig;
-  }
-
-  public void setJwtConfig(JwtConfig jwtConfig) {
-    this.jwtConfig = jwtConfig;
-  }
-
-  public void setIdentityConfig(IdentityConfig identityConfig) {
-    this.identityConfig = identityConfig;
-  }
-
-  @Override
-  public Authentication build() {
-    return this;
-  }
-
   @Override
-  public void resetToken(Product product) {
-    tokens.remove(product);
+  protected JwtToken generateToken(Product product, JwtCredential credential) {
+    Tokens token = getIdentityToken(product, credential);
+    return new JwtToken(
+        token.getAccessToken(), LocalDateTime.now().plusSeconds(token.getExpiresIn()));
   }
 
-  @Override
-  public Map.Entry<String, String> getTokenHeader(Product product) {
-    String token;
-    if (tokens.containsKey(product)) {
-      token = tokens.get(product);
-    } else {
-      token = getIdentityToken(product);
-      saveToken(product, token);
-    }
-    return new AbstractMap.SimpleEntry<>("Authorization", "Bearer " + token);
-  }
-
-  private String getIdentityToken(Product product) {
+  private Tokens getIdentityToken(Product product, JwtCredential credential) {
     Identity identity = identityConfig.get(product).getIdentity();
-    String audience = jwtConfig.getProduct(product).getAudience();
-    Tokens identityTokens = identity.authentication().requestToken(audience);
-    return identityTokens.getAccessToken();
+    String audience = credential.getAudience();
+    return identity.authentication().requestToken(audience);
   }
 
-  private void saveToken(Product product, String token) {
-    tokens.put(product, token);
-  }
 }

camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/SelfManagedAuthenticationBuilder.java

@@ -2,25 +2,22 @@
 
 import io.camunda.common.auth.identity.IdentityConfig;
 
-public class SelfManagedAuthenticationBuilder {
+public class SelfManagedAuthenticationBuilder
+    extends JwtAuthenticationBuilder<SelfManagedAuthenticationBuilder> {
+  private IdentityConfig identityConfig;
 
-  SelfManagedAuthentication selfManagedAuthentication;
-
-  SelfManagedAuthenticationBuilder() {
-    selfManagedAuthentication = new SelfManagedAuthentication();
-  }
-
-  public SelfManagedAuthenticationBuilder jwtConfig(JwtConfig jwtConfig) {
-    selfManagedAuthentication.setJwtConfig(jwtConfig);
+  public SelfManagedAuthenticationBuilder withIdentityConfig(IdentityConfig identityConfig) {
+    this.identityConfig = identityConfig;
     return this;
   }
 
-  public SelfManagedAuthenticationBuilder identityConfig(IdentityConfig identityConfig) {
-    selfManagedAuthentication.setIdentityConfig(identityConfig);
+  @Override
+  protected SelfManagedAuthenticationBuilder self() {
     return this;
   }
 
-  public Authentication build() {
-    return selfManagedAuthentication.build();
+  @Override
+  protected Authentication build(JwtConfig jwtConfig) {
+    return new SelfManagedAuthentication(jwtConfig, identityConfig);
   }
 }

camunda-sdk-java/java-common/src/main/java/io/camunda/common/auth/SimpleAuthentication.java

@@ -17,35 +17,19 @@ public class SimpleAuthentication implements Authentication {
 
   private static final Logger LOG = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
 
-  private String simpleUrl;
-  private SimpleConfig simpleConfig;
-  private Map<Product, String> tokens;
+  private final SimpleConfig simpleConfig;
+  private final Map<Product, String> tokens = new HashMap<>();
 
-  private String authUrl;
+  private final String authUrl;
 
-  public void setSimpleUrl(String simpleUrl) {
-    this.simpleUrl = simpleUrl;
-  }
-
-  public SimpleConfig getSimpleConfig() {
-    return simpleConfig;
-  }
-
-  public void setSimpleConfig(SimpleConfig simpleConfig) {
+  public SimpleAuthentication(String simpleUrl, SimpleConfig simpleConfig) {
     this.simpleConfig = simpleConfig;
-  }
-
-  public SimpleAuthentication() {
-    tokens = new HashMap<>();
+    this.authUrl = simpleUrl+"/api/login";
   }
 
   public static SimpleAuthenticationBuilder builder() { return new SimpleAuthenticationBuilder(); }
 
-  @Override
-  public Authentication build() {
-    authUrl = simpleUrl+"/api/login";
-    return this;
-  }
+
 
   private String retrieveToken(Product product, SimpleCredential simpleCredential) {
     try(CloseableHttpClient client = HttpClients.createDefault()) {