CookieClientCredentials.java

package org.multibit.mbm.auth.cookie;

import com.google.common.base.Objects;
import com.google.common.base.Optional;
import org.multibit.mbm.auth.Authority;

import java.util.UUID;

import static com.google.common.base.Preconditions.checkNotNull;

/**
 * <p>Value object to provide the following to cookie authenticator:</p>
 * <ul>
 * <li>Storage of the necessary credentials for cookie authentication</li>
 * </ul>
 * <p>A set of user-provided cookie authentication credentials, consisting of a session token and "remember me" token.
 * </p>
 *
 * @since 0.0.1
 */
public class CookieClientCredentials {

  /**
   * The sessionToken is a UUID that is only valid for the length of the session
   * and is obtained after a successful authentication
   * It may be absent during an authentication for the public role
   */
  private final Optional<UUID> sessionToken;

  /**
   * The rememberMeToken is a UUID that persists until cleared. It provides a partial login with reduced
   * access rights.
   */
  private final Optional<UUID> rememberMeToken;

  private final Authority[] requiredAuthorities;

  private final boolean isPublic;

  /**
   * @param sessionToken        The session token (expires when browser tab is closed)
   * @param rememberMeToken     The remember-me token (expires after a length of time)
   * @param requiredAuthorities The authorities required to authenticate (provided by the {@link org.multibit.mbm.auth.annotation.RestrictedTo} annotation)
   * @param isPublic            True if the authentication can be made purely at the client side
   */
  public CookieClientCredentials(
    Optional<UUID> sessionToken,
    Optional<UUID> rememberMeToken,
    Authority[] requiredAuthorities,
    boolean isPublic
  ) {
    this.sessionToken = checkNotNull(sessionToken);
    this.rememberMeToken = checkNotNull(rememberMeToken);
    this.requiredAuthorities = checkNotNull(requiredAuthorities);
    this.isPublic = isPublic;
  }

  /**
   * @return The temporary session token that authenticates this user
   */
  public Optional<UUID> getSessionToken() {
    return sessionToken;
  }

  /**
   * @return The long-lived remember me token that provides a partial login privilege
   */
  public Optional<UUID> getRememberMeToken() {
    return rememberMeToken;
  }

  /**
   * @return The authorities that are required to access to the resource
   */
  public Authority[] getRequiredAuthorities() {
    return requiredAuthorities;
  }

  /**
   * @return True if the authentication can be made purely at the client side (anonymous for session duration)
   */
  public boolean isPublic() {
    return isPublic;
  }

  @Override
  public String toString() {
    return Objects.toStringHelper(this)
      .add("sessionToken", sessionToken)
      .add("rememberMeToken", rememberMeToken)
      .toString();
  }

}