Package com.tibco.tibjms

Class TibjmsOAuth

  • java.lang.Object
    • com.tibco.tibjms.TibjmsOAuth
  • public class TibjmsOAuth
extends java.lang.Object
    Provides methods which are used to enable or disable debug tracing for OAuth 2.0 authentication.

    NOTE: All properties relating to OAuth 2.0 authentication are part of the Tibjms package. This allows client applications built prior to release 10.3 to make use of the OAuth 2.0 authentication feature without the need for source code changes and rebuilds. The sections below provide an overview of OAuth 2.0 support in the client.

    OAuth 2.0 Grants

    Connection factories that are configured with OAuth 2.0 properties will create connection objects capable of automatically requesting access tokens from an OAuth 2.0 authorization server and using them to authenticate with the EMS server.
    Two authorization grant types are supported for obtaining access tokens in this manner: client credentials grant and resource owner password credentials grant. If the 'userName' parameter for the connection creation method is null, the client credentials grant is used. If the 'userName' parameter is not null, the resource owner password credentials grant is used, with the 'userName' and 'password' parameter values serving as the username and password credentials for the grant.

    Refresh tokens are supported when using the resource owner password credentials grant type. If the authorization server issues a refresh token along with the requested access token, the connection object will use that refresh token instead of the grant the next time it needs to request an access token. If it fails to obtain a new access token using the refresh token, it will try again using the grant.

    User-Defined Callbacks

    Client applications can define callbacks for obtaining access tokens and register them with connection factories. Connections created using a particular factory will invoke the callback any time a new access token is required for authentication. See Tibjms.PROP_OAUTH2_TOKEN_FETCH_CALLBACK_OBJECT and TibjmsOAuth2TokenFetchCallback for more information.

    If a callback is registered with a connection factory, connections created using the factory will not attempt to obtain access tokens from an authorization server using OAuth 2.0 grants - even if the relevant OAuth 2.0 properties are set.

    Configured Access Token

    Connection factories can also directly be configured with an access token in the form of an OAuth 2.0 property. All connection objects created using the connection factory will use the configured access token for authentication. See Tibjms.PROP_OAUTH2_ACCESS_TOKEN for more information.

    Explicitly configuring an access token in a connection factory disables all other methods of obtaining access tokens for that factory. Connections created using the factory will always use the configured token for authentication.

    In the event of access token expiration, connections that use OAuth 2.0 grants or user-defined callbacks will automatically obtain a new access token and re-authenticate with the EMS server. However, connections that use a configured access token will not be able to handle this scenario and will experience authentication failures.

    Configuring OAuth 2.0 Authentication

    OAuth 2.0 authentication can be configured programmatically using ConnectionFactory properties / System Properties, or by setting System Properties / environment variables prior to starting the client application. Configuration using ConnectionFactory properties is the preferred method as this allows fine-grained control over the OAuth 2.0 properties for each individual factory. In contrast, OAuth 2.0 properties set through System Properties / environment variables apply to all connection factories created by the client application.

    OAuth 2.0 properties set via ConnectionFactory properties take precedence over values set through corresponding System Properties. In turn, values configured through System Properties take priority over values set through corresponding environment variables.

    • Constructor Summary

      Constructors 
      Constructor Description
      TibjmsOAuth()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static java.io.PrintStream getClientTracer()
      Returns client tracer, or null if client tracing is disabled.
      static boolean getDebugTraceEnabled()
      Returns true if debug tracing is enabled.
      static void setClientTracer​(java.io.PrintStream tracer)
      Set client tracer to given output stream.
      static void setDebugTraceEnabled​(boolean enabled)
      Enables additional debug tracing.

      • Methods inherited from class java.lang.Object

        equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • TibjmsOAuth

        public TibjmsOAuth()

    • Method Detail

      • getDebugTraceEnabled

        public static boolean getDebugTraceEnabled()
        Returns true if debug tracing is enabled.
        Since:
        EMS 10.3.0

      • setDebugTraceEnabled

        public static void setDebugTraceEnabled​(boolean enabled)
        Enables additional debug tracing. Java 'j2se' level tracing should be enabled via javax.net.debug system property.
        Since:
        EMS 10.3.0

      • setClientTracer

        public static void setClientTracer​(java.io.PrintStream tracer)
        Set client tracer to given output stream. Specify null as parameter to disable client tracing. Client tracing prints information about the OAuth 2.0 authentication process.
        Since:
        EMS 10.3.0

      • getClientTracer

        public static java.io.PrintStream getClientTracer()
        Returns client tracer, or null if client tracing is disabled.
        Since:
        EMS 10.3.0