refactor: prepare for ContainerAuthenticator impl (#139)

This commit introduces the IamRequestBasedAuthenticator class
which will serve as a common base class for any authenticator
impl that interacts with the IAM token service to obtain an
access token.
Common code was moved from the IamAuthenticator class to
the new IamRequestBasedAuthenticator base class.

Author: padamstx

src/main/java/com/ibm/cloud/sdk/core/security/IamAuthenticator.java

@@ -31,32 +31,19 @@
  * an access token from the IAM token service via the "POST /identity/token" operation.
  * When the access token expires, a new access token will be fetched.
  */
-public class IamAuthenticator extends TokenRequestBasedAuthenticator<IamToken, IamToken> implements Authenticator {
+public class IamAuthenticator extends IamRequestBasedAuthenticator implements Authenticator {
   private static final String DEFAULT_IAM_URL = "https://iam.cloud.ibm.com";
   private static final String OPERATION_PATH = "/identity/token";
-  private static final String GRANT_TYPE = "grant_type";
-  private static final String REQUEST_GRANT_TYPE = "urn:ibm:params:oauth:grant-type:apikey";
-  private static final String API_KEY = "apikey";
-  private static final String RESPONSE_TYPE = "response_type";
-  private static final String CLOUD_IAM = "cloud_iam";
-  private static final String SCOPE = "scope";
 
   // Properties specific to an IAM authenticator.
-  private String url;
   private String apikey;
-  private String scope;
-  private String clientId;
-  private String clientSecret;
-
-  // This is the value of the Authorization header we'll use when interacting with the token server.
-  private String cachedAuthorizationHeader = null;
 
   /**
    * This Builder class is used to construct IamAuthenticator instances.
    */
   public static class Builder {
-    private String url;
     private String apikey;
+    private String url;
     private String scope;
     private String clientId;
     private String clientSecret;
@@ -70,12 +57,12 @@ public Builder() { }
 
     // Builder ctor which copies config from an existing authenticator instance.
     private Builder(IamAuthenticator obj) {
-      this.url = obj.url;
       this.apikey = obj.apikey;
-      this.scope = obj.scope;
-      this.clientId = obj.clientId;
-      this.clientSecret = obj.clientSecret;
 
+      this.url = obj.getURL();
+      this.scope = obj.getScope();
+      this.clientId = obj.getClientId();
+      this.clientSecret = obj.getClientSecret();
       this.disableSSLVerification = obj.getDisableSSLVerification();
       this.headers = obj.getHeaders();
       this.proxy = obj.getProxy();
@@ -91,6 +78,16 @@ public IamAuthenticator build() {
       return new IamAuthenticator(this);
     }
 
+    /**
+     * Sets the apikey property.
+     * @param apikey the apikey to use when retrieving an access token
+     * @return the Builder
+     */
+    public Builder apikey(String apikey) {
+      this.apikey = apikey;
+      return this;
+    }
+
     /**
      * Sets the url property.
      * @param url the base url to use with the IAM token service
@@ -121,16 +118,6 @@ public Builder clientSecret(String clientSecret) {
       return this;
     }
 
-    /**
-     * Sets the apikey property.
-     * @param apikey the apikey to use when retrieving an access token
-     * @return the Builder
-     */
-    public Builder apikey(String apikey) {
-      this.apikey = apikey;
-      return this;
-    }
-
     /**
      * Sets the scope property.
      * @param scope the scope to use when retrieving an access token
@@ -195,12 +182,11 @@ protected IamAuthenticator() {
    * @param builder the Builder instance containing the configuration to be used
    */
   protected IamAuthenticator(Builder builder) {
-    this.url = builder.url;
     this.apikey = builder.apikey;
-    this.scope = builder.scope;
-    this.clientId = builder.clientId;
-    this.clientSecret = builder.clientSecret;
 
+    setURL(builder.url);
+    setScope(builder.scope);
+    setClientIdAndSecret(builder.clientId, builder.clientSecret);
     setDisableSSLVerification(builder.disableSSLVerification);
     setHeaders(builder.headers);
     setProxy(builder.proxy);
@@ -319,8 +305,8 @@ public static IamAuthenticator fromConfiguration(Map<String, String> config) {
     }
 
     return new Builder()
-      .url(config.get(PROPNAME_URL))
       .apikey(apikey)
+      .url(config.get(PROPNAME_URL))
       .scope(config.get(PROPNAME_SCOPE))
       .clientId(config.get(PROPNAME_CLIENT_ID))
       .clientSecret(config.get(PROPNAME_CLIENT_SECRET))
@@ -350,7 +336,8 @@ public static IamAuthenticator fromConfiguration(Map<String, String> config) {
   protected void init(String apikey, String url, String clientId, String clientSecret,
     boolean disableSSLVerification, Map<String, String> headers, String scope) {
     this.apikey = apikey;
-    this.url = url;
+
+    setURL(url);
     setClientIdAndSecret(clientId, clientSecret);
     setScope(scope);
     this.validate();
@@ -361,13 +348,14 @@ protected void init(String apikey, String url, String clientId, String clientSec
 
   @Override
   public void validate() {
+    super.validate();
 
-    if (StringUtils.isEmpty(this.url)) {
+    if (StringUtils.isEmpty(this.getURL())) {
       // If no base URL was configured, then use the default IAM base URL.
-      this.url = DEFAULT_IAM_URL;
-    } else if (this.url.endsWith(OPERATION_PATH)) {
+      this.setURL(DEFAULT_IAM_URL);
+    } else {
       // Canonicalize the URL by removing the operation path from it if present.
-      this.url = this.url.substring(0, this.url.length() - OPERATION_PATH.length());
+      this.setURL(StringUtils.removeEnd(this.getURL(), OPERATION_PATH));
     }
 
     if (StringUtils.isEmpty(this.apikey)) {
@@ -377,21 +365,6 @@ public void validate() {
     if (CredentialUtils.hasBadStartOrEndChar(this.apikey)) {
       throw new IllegalArgumentException(String.format(ERRORMSG_PROP_INVALID, "apikey"));
     }
-
-    if (StringUtils.isEmpty(getUsername()) && StringUtils.isEmpty(getPassword())) {
-      // both empty is ok.
-    } else {
-      if (StringUtils.isEmpty(getUsername())) {
-        throw new IllegalArgumentException(String.format(ERRORMSG_PROP_MISSING, "clientId"));
-      }
-      if (StringUtils.isEmpty(getPassword())) {
-        throw new IllegalArgumentException(String.format(ERRORMSG_PROP_MISSING, "clientSecret"));
-      }
-    }
-
-    // Assuming everything validates clean, let's cache the basic auth header if
-    // the clientId/clientSecret properties are configured.
-    this.cachedAuthorizationHeader = constructBasicAuthHeader(this.clientId, this.clientSecret);
   }
 
   @Override
@@ -406,38 +379,6 @@ public String getApiKey() {
     return this.apikey;
   }
 
-  /**
-   * @return the URL configured on this Authenticator.
-   */
-  public String getURL() {
-    return this.url;
-  }
-
-  /**
-   * Sets the URL on this Authenticator.
-   * @param url the URL representing the IAM token server endpoint
-   */
-  public void setURL(String url) {
-    if (StringUtils.isEmpty(url)) {
-      url = DEFAULT_IAM_URL;
-    }
-    this.url = url;
-  }
-
-  /**
-   * @return the clientId configured on this Authenticator.
-   */
-  public String getClientId() {
-    return this.clientId;
-  }
-
-  /**
-   * @return the clientSecret configured on this Authenticator.
-   */
-  public String getClientSecret() {
-    return this.clientSecret;
-  }
-
   /**
    * @return the basic auth username (clientId) configured for this Authenticator.
    *
@@ -470,32 +411,6 @@ public void setBasicAuthInfo(String clientId, String clientSecret) {
     setClientIdAndSecret(clientId, clientSecret);
   }
 
-  /**
-   * Sets the clientId and clientSecret on this Authenticator.
-   * @param clientId the clientId to use in interactions with the token server
-   * @param clientSecret the clientSecret to use in interactions with the token server
-   */
-  public void setClientIdAndSecret(String clientId, String clientSecret) {
-    this.clientId = clientId;
-    this.clientSecret = clientSecret;
-    this.validate();
-  }
-
-  /**
-   * @return the scope parameter
-   */
-  public String getScope() {
-    return this.scope;
-  }
-
-  /**
-   * Sets the "scope" parameter to use when fetching the bearer token from the IAM token server.
-   * @param value a space seperated string that makes up the scope parameter.
-   */
-  public void setScope(String value) {
-    this.scope = value;
-  }
-
   /**
    * Fetches an IAM access token for the apikey using the configured URL.
    *
@@ -504,23 +419,22 @@ public void setScope(String value) {
   @Override
   public IamToken requestToken() {
     // Form a POST request to retrieve the access token.
-    RequestBuilder builder = RequestBuilder.post(RequestBuilder.resolveRequestUrl(this.url, OPERATION_PATH));
+    RequestBuilder builder = RequestBuilder.post(RequestBuilder.resolveRequestUrl(this.getURL(), OPERATION_PATH));
 
     // Now add the Content-Type and (optionally) the Authorization header to the token server request.
     builder.header(HttpHeaders.CONTENT_TYPE, HttpMediaType.APPLICATION_FORM_URLENCODED);
-    if (StringUtils.isNotEmpty(this.cachedAuthorizationHeader)) {
-      builder.header(HttpHeaders.AUTHORIZATION, this.cachedAuthorizationHeader);
-    }
+    addAuthorizationHeader(builder);
 
     // Build the form request body.
     FormBody formBody;
     final FormBody.Builder formBodyBuilder = new FormBody.Builder()
-        .add(GRANT_TYPE, REQUEST_GRANT_TYPE)
-        .add(API_KEY, apikey)
-        .add(RESPONSE_TYPE, CLOUD_IAM);
-    // Add the scope param if it's not empty
+        .add("grant_type", "urn:ibm:params:oauth:grant-type:apikey")
+        .add("apikey", getApiKey())
+        .add("response_type", "cloud_iam");
+
+    // Add the scope param if it's not empty.
     if (!StringUtils.isEmpty(getScope())) {
-      formBodyBuilder.add(SCOPE, getScope());
+      formBodyBuilder.add("scope", getScope());
     }
     formBody = formBodyBuilder.build();
     builder.body(formBody);

src/main/java/com/ibm/cloud/sdk/core/security/IamRequestBasedAuthenticator.java

@@ -0,0 +1,127 @@
+/**
+ * (C) Copyright IBM Corp. 2015, 2021.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package com.ibm.cloud.sdk.core.security;
+
+import org.apache.commons.lang3.StringUtils;
+
+import com.ibm.cloud.sdk.core.http.HttpHeaders;
+import com.ibm.cloud.sdk.core.http.RequestBuilder;
+
+/**
+ * This class contains code that is common to all authenticators that need to
+ * interact with the IAM tokens service to obtain an access token.
+ */
+public abstract class IamRequestBasedAuthenticator
+  extends TokenRequestBasedAuthenticator<IamToken, IamToken>
+  implements Authenticator {
+
+  private static final String DEFAULT_IAM_URL = "https://iam.cloud.ibm.com";
+
+  // Properties common to IAM-based authenticators.
+  private String url;
+  private String scope;
+  private String clientId;
+  private String clientSecret;
+
+  // This is the value of the Authorization header we'll use when interacting with the token server.
+  protected String cachedAuthorizationHeader = null;
+
+
+  @Override
+  public void validate() {
+    if (StringUtils.isEmpty(getClientId()) && StringUtils.isEmpty(getClientSecret())) {
+      // both empty is ok.
+    } else {
+      if (StringUtils.isEmpty(getClientId())) {
+        throw new IllegalArgumentException(String.format(ERRORMSG_PROP_MISSING, "clientId"));
+      }
+      if (StringUtils.isEmpty(getClientSecret())) {
+        throw new IllegalArgumentException(String.format(ERRORMSG_PROP_MISSING, "clientSecret"));
+      }
+    }
+
+    // Assuming everything validates clean, let's cache the basic auth header if
+    // the clientId/clientSecret properties are configured.
+    this.cachedAuthorizationHeader = constructBasicAuthHeader(this.clientId, this.clientSecret);
+  }
+
+  /**
+   * @return the URL configured on this Authenticator.
+   */
+  public String getURL() {
+    return this.url;
+  }
+
+  /**
+   * Sets the URL on this Authenticator.
+   * @param url the URL representing the IAM token server endpoint
+   */
+  public void setURL(String url) {
+    if (StringUtils.isEmpty(url)) {
+      url = DEFAULT_IAM_URL;
+    }
+    this.url = url;
+  }
+
+  /**
+   * @return the clientId configured on this Authenticator.
+   */
+  public String getClientId() {
+    return this.clientId;
+  }
+
+  /**
+   * @return the clientSecret configured on this Authenticator.
+   */
+  public String getClientSecret() {
+    return this.clientSecret;
+  }
+
+  /**
+   * Sets the clientId and clientSecret on this Authenticator.
+   * @param clientId the clientId to use in interactions with the token server
+   * @param clientSecret the clientSecret to use in interactions with the token server
+   */
+  public void setClientIdAndSecret(String clientId, String clientSecret) {
+    this.clientId = clientId;
+    this.clientSecret = clientSecret;
+    this.validate();
+  }
+
+  /**
+   * @return the scope parameter
+   */
+  public String getScope() {
+    return this.scope;
+  }
+
+  /**
+   * Sets the "scope" parameter to use when fetching the bearer token from the IAM token server.
+   * @param value a space seperated string that makes up the scope parameter.
+   */
+  public void setScope(String value) {
+    this.scope = value;
+  }
+
+  /**
+   * If a basic auth Authorization header is cached in "this", then add it to
+   * the specified request builder.
+   * @param builder the request builder
+   */
+  protected void addAuthorizationHeader(RequestBuilder builder) {
+    if (StringUtils.isNotEmpty(this.cachedAuthorizationHeader)) {
+      builder.header(HttpHeaders.AUTHORIZATION, this.cachedAuthorizationHeader);
+    }
+  }
+}