Package io.jmix.superset

Interface SupersetTokenManager

All Known Implementing Classes:

SupersetTokenManagerImpl

public interface SupersetTokenManager

Provides Superset tokens management: access token, CSRF token (if is enabled). It stores tokens and cares about refreshing tokens if it is needed.

Method Summary

Modifier and Type	Method	Description
String	getAccessToken()	The access token is available after Spring context refresh when a "login" request is sent to Superset.
String	getCsrfToken()	Depends on SupersetProperties.isCsrfProtectionEnabled() application property.
String	getRefreshToken()	The refresh token is available after Spring context refresh when a "login" request is sent to Superset.
void	refreshAccessToken()	Refreshes an access token.
void	refreshCsrfToken()	Depends on SupersetProperties.isCsrfProtectionEnabled() application property.

Method Details

refreshAccessToken

void refreshAccessToken()

Refreshes an access token. It sends a "login" request for the first time and then sends "refresh" requests. A refresh request is sent only when the difference between expiration time and current time is less than or equal to one minute.

This method is managed by SupersetTokenScheduleConfigurer. The Spring scheduler is configured to invoke this method with SupersetProperties.getAccessTokenRefreshSchedule() delay.

getAccessToken

@Nullable
String getAccessToken()

The access token is available after Spring context refresh when a "login" request is sent to Superset.

Returns:

access token or null if it's not initialized

getRefreshToken

@Nullable
String getRefreshToken()

The refresh token is available after Spring context refresh when a "login" request is sent to Superset.

Returns:

refresh token or null if it's not initialized

refreshCsrfToken

void refreshCsrfToken()

Depends on SupersetProperties.isCsrfProtectionEnabled() application property. If it's enabled a request will be sent to get a new CSRF token. Then the getCsrfToken() method will return new CSRF token.

This method is managed by SupersetTokenScheduleConfigurer. The Spring scheduler is configured to invoke this method with SupersetProperties.getCsrfTokenRefreshSchedule() delay.

Note, that CSRF token does not encode the expiration time so the schedule delay duration is configured almost equal to a default value of CSRF token expiration in Superset (WTF_CSRF_TIME_LIMIT property). If the value of expiration time is changed in Superset, the SupersetProperties.getCsrfTokenRefreshSchedule() should be changed too.

getCsrfToken

@Nullable
String getCsrfToken()

Depends on SupersetProperties.isCsrfProtectionEnabled() application property. If it's enabled a CSRF token will be fetched on Spring context refresh. Otherwise, no CSRF token will be fetched and method will return null.

Returns:

a CSRF token or null if CSRF protection is disabled