Override URL and SSL data for DirectGrant only.

MikeNeilson · MikeNeilson · commit 82d5ab8695ef · 2025-10-22T10:30:21.000-07:00
diff --git a/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/CwbiAuthTokenProvider.java b/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/CwbiAuthTokenProvider.java
@@ -24,12 +24,19 @@
 package hec.army.usace.hec.cwbi.auth.http.client;
 
 import hec.army.usace.hec.cwbi.auth.http.client.trustmanagers.CwbiAuthTrustManager;
+
+import java.io.IOException;
 import java.util.Objects;
+
 import javax.net.ssl.SSLSocketFactory;
 import mil.army.usace.hec.cwms.http.client.ApiConnectionInfo;
 import mil.army.usace.hec.cwms.http.client.ApiConnectionInfoBuilder;
 import mil.army.usace.hec.cwms.http.client.SslSocketData;
+import mil.army.usace.hec.cwms.http.client.auth.OAuth2Token;
 
+/**
+ * Suitable only for CWBI Keycloaks direct grant setup.
+ */
 public final class CwbiAuthTokenProvider extends CwbiAuthTokenProviderBase {
 
     private final SSLSocketFactory sslSocketFactory;
@@ -53,4 +60,19 @@ ApiConnectionInfo getUrl() {
                 .build();
     }
 
+    @Override
+    public ApiConnectionInfo getAuthUrl() {
+        // This is specific to CWBI Direct Grant so this replacement as-is is fine
+        return new ApiConnectionInfoBuilder(this.tokenUrl.getApiRoot().replace("identity", "identityc"))
+                .withSslSocketData(new SslSocketData(sslSocketFactory, CwbiAuthTrustManager.getTrustManager()))
+                .build();
+    }
+
+    @Override
+    public OAuth2Token newToken() throws IOException {
+        return new DirectGrantX509TokenRequestBuilder()
+                .withTokenUrl(getAuthUrl())
+                .buildRequest().withClientId(clientId)
+                .fetchToken();
+    }
 }
diff --git a/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/CwbiAuthTokenProviderBase.java b/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/CwbiAuthTokenProviderBase.java
@@ -45,14 +45,6 @@ public synchronized OAuth2Token getToken() throws IOException {
         return token;
     }
 
-    @Override
-    public OAuth2Token newToken() throws IOException {
-        return new DirectGrantX509TokenRequestBuilder()
-                .withUrl(tokenUrl)
-                .withClientId(clientId)
-                .fetchToken();
-    }
-
     @Override
     public synchronized OAuth2Token refreshToken() throws IOException {
         OAuth2Token newToken = new RefreshTokenRequestBuilder()
diff --git a/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/DirectGrantX509TokenRequestBuilder.java b/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/DirectGrantX509TokenRequestBuilder.java
@@ -23,6 +23,7 @@
  */
 package hec.army.usace.hec.cwbi.auth.http.client;
 
+import mil.army.usace.hec.cwms.http.client.ApiConnectionInfo;
 import mil.army.usace.hec.cwms.http.client.HttpRequestBuilderImpl;
 import mil.army.usace.hec.cwms.http.client.HttpRequestResponse;
 import mil.army.usace.hec.cwms.http.client.auth.OAuth2Token;
@@ -43,7 +44,7 @@ OAuth2Token retrieveToken() throws IOException {
                 .addUsername("")
                 .buildEncodedString();
         HttpRequestExecutor executor =
-                new HttpRequestBuilderImpl(getUrl())
+                new HttpRequestBuilderImpl(getTokenUrl())
                         .post()
                         .withBody(formBody)
                         .withMediaType(MEDIA_TYPE);
diff --git a/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/OidcAuthTokenProvider.java b/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/OidcAuthTokenProvider.java
@@ -113,4 +113,14 @@ public OAuth2Token newToken() throws IOException {
 
     }
 
+    @Override
+    public ApiConnectionInfo getAuthUrl() {
+        return authUrl;
+    }
+
+    @Override
+    public ApiConnectionInfo getTokenUrl() {
+        return tokenUrl;
+    }
+
 }
diff --git a/cwms-http-client/src/main/java/mil/army/usace/hec/cwms/http/client/SslSocketData.java b/cwms-http-client/src/main/java/mil/army/usace/hec/cwms/http/client/SslSocketData.java
@@ -38,11 +38,11 @@ public SslSocketData(SSLSocketFactory sslSocketFactory, X509TrustManager x509Tru
         this.x509TrustManager = Objects.requireNonNull(x509TrustManager, "Missing required X509TrustManager");
     }
 
-    SSLSocketFactory getSslSocketFactory() {
+    public SSLSocketFactory getSslSocketFactory() {
         return sslSocketFactory;
     }
 
-    X509TrustManager getX509TrustManager() {
+    public X509TrustManager getX509TrustManager() {
         return x509TrustManager;
     }
 }
diff --git a/cwms-http-client/src/main/java/mil/army/usace/hec/cwms/http/client/auth/OAuth2TokenProvider.java b/cwms-http-client/src/main/java/mil/army/usace/hec/cwms/http/client/auth/OAuth2TokenProvider.java
@@ -28,6 +28,8 @@
 import java.net.URI;
 import java.util.function.Consumer;
 
+import mil.army.usace.hec.cwms.http.client.ApiConnectionInfo;
+
 /**
  * 
  * TODO: needs additional support for alternative flows. deciding if attempting to
@@ -55,4 +57,7 @@ default Consumer<URI> getAuthCallback() {
     default void setAuthCallback(Consumer<URI> authCallback) {
         /** default do nothing... for now */
     }
+
+    ApiConnectionInfo getAuthUrl();
+    ApiConnectionInfo getTokenUrl();
 }

Original file line number	Diff line number	Diff line change
`@@ -113,4 +113,14 @@ public OAuth2Token newToken() throws IOException {`
`113`	`113`
`114`	`114`	`}`
`115`	`115`
	`116`	`+ @Override`
	`117`	`+ public ApiConnectionInfo getAuthUrl() {`
	`118`	`+ return authUrl;`
	`119`	`+ }`
	`120`	`+`
	`121`	`+ @Override`
	`122`	`+ public ApiConnectionInfo getTokenUrl() {`
	`123`	`+ return tokenUrl;`
	`124`	`+ }`
	`125`	`+`
`116`	`126`	`}`
Original file line number	Diff line number	Diff line change
`@@ -38,11 +38,11 @@ public SslSocketData(SSLSocketFactory sslSocketFactory, X509TrustManager x509Tru`
`38`	`38`	`this.x509TrustManager = Objects.requireNonNull(x509TrustManager, "Missing required X509TrustManager");`
`39`	`39`	`}`
`40`	`40`
`41`		`- SSLSocketFactory getSslSocketFactory() {`
	`41`	`+ public SSLSocketFactory getSslSocketFactory() {`
`42`	`42`	`return sslSocketFactory;`
`43`	`43`	`}`
`44`	`44`
`45`		`- X509TrustManager getX509TrustManager() {`
	`45`	`+ public X509TrustManager getX509TrustManager() {`
`46`	`46`	`return x509TrustManager;`
`47`	`47`	`}`
`48`	`48`	`}`
Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,8 @@`
`28`	`28`	`import java.net.URI;`
`29`	`29`	`import java.util.function.Consumer;`
`30`	`30`
	`31`	`+import mil.army.usace.hec.cwms.http.client.ApiConnectionInfo;`
	`32`	`+`
`31`	`33`	`/**`
`32`	`34`	`*`
`33`	`35`	`* TODO: needs additional support for alternative flows. deciding if attempting to`
`@@ -55,4 +57,7 @@ default Consumer<URI> getAuthCallback() {`
`55`	`57`	`default void setAuthCallback(Consumer<URI> authCallback) {`
`56`	`58`	`/** default do nothing... for now */`
`57`	`59`	`}`
	`60`	`+`
	`61`	`+ ApiConnectionInfo getAuthUrl();`
	`62`	`+ ApiConnectionInfo getTokenUrl();`
`58`	`63`	`}`