com.broadleafcommerce.auth.client.web.repo

Class BroadleafAuthorizationRequestRepository

java.lang.Object

com.broadleafcommerce.auth.client.web.repo.BroadleafAuthorizationRequestRepository

All Implemented Interfaces:

org.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>

public class BroadleafAuthorizationRequestRepository
extends Object
implements org.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>

Save and load OAuth2AuthorizationRequest from a cookie. The OAuth2AuthorizationRequest is wrapped in an AuthorizationRequestWrapper. Then it is serialized, wrapped in a signed jwt token, and saved to a cookie. When the browser redirects back to this app from the third party login, the AuthorizationRequestWrapper is read from the cookie, verified, and deserialized into an OAuth2AuthorizationRequest.

Field Summary

Fields

Modifier and Type	Field and Description
protected static String	AUTH_REQUEST_CLAIM_KEY
protected static long	EXPIRES_IN_SECONDS
protected static String	SAVED_AUTH_REQUEST_COOKIE_NAME

Constructor Summary

Constructors

Constructor and Description
BroadleafAuthorizationRequestRepository(StatelessUtil statelessUtil, ContextHelperService contextHelperService)

Method Summary

Modifier and Type	Method and Description
protected org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest	buildOAuth2AuthorizationRequest(AuthorizationRequestWrapper authorizationRequestWrapper) Build a OAuth2AuthorizationRequest from a AuthorizationRequestWrapper.
protected AuthorizationRequestWrapper	deserializeCookie(String cookie) Deserialize a cookie value into an AuthorizationRequestWrapper.
protected ContextHelperService	getContextHelperService()
protected com.fasterxml.jackson.databind.ObjectMapper	getObjectMapper()
protected AuthorizationRequestRepositoryProperties	getProperties()
@NotNull String	getSavedAuthRequestCookieName()
protected StatelessUtil	getStatelessUtil()
org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest	loadAuthorizationRequest(javax.servlet.http.HttpServletRequest request) Load a saved OAuth2AuthorizationRequest from a cookie.
protected AuthorizationRequestWrapper	readAuthRequestWrapperFromCookie(javax.servlet.http.HttpServletRequest request)
org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest	removeAuthorizationRequest(javax.servlet.http.HttpServletRequest request) This method is deprecated in the interface and is not supported by this implementation.
org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest	removeAuthorizationRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Set a blank cookie to delete the saved authorization request.
void	saveAuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Save a OAuth2AuthorizationRequest to a cookie.
protected @NotNull javax.servlet.http.Cookie	saveAuthRequestWrapper(AuthorizationRequestWrapper authorizationRequestWrapper) Deprecated. since 1.6, replaced by saveAuthRequestWrapperResponseCookie(AuthorizationRequestWrapper)
protected @NotNull org.springframework.http.ResponseCookie	saveAuthRequestWrapperResponseCookie(AuthorizationRequestWrapper authorizationRequestWrapper)
protected String	serializeAuthRequest(AuthorizationRequestWrapper authorizationRequestWrapper) Serialize the given AuthorizationRequestWrapper into a String.
protected void	setObjectMapper(com.fasterxml.jackson.databind.ObjectMapper objectMapper)
void	setProperties(AuthorizationRequestRepositoryProperties properties)
protected AuthorizationRequestWrapper	wrapAuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest, String clientId) Wrap a OAuth2AuthorizationRequest in a AuthorizationRequestWrapper with the current client id
protected AuthorizationRequestWrapper	wrapAuthRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest) Wrap the given OAuth2AuthorizationRequest into an AuthorizationRequestWrapper The AuthorizationRequestWrapper includes a blcClientId field, which is set from a request parameter.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SAVED_AUTH_REQUEST_COOKIE_NAME

protected static final String SAVED_AUTH_REQUEST_COOKIE_NAME

See Also:

Constant Field Values

AUTH_REQUEST_CLAIM_KEY

protected static final String AUTH_REQUEST_CLAIM_KEY

See Also:

Constant Field Values

EXPIRES_IN_SECONDS

protected static final long EXPIRES_IN_SECONDS

See Also:

Constant Field Values

Constructor Detail

BroadleafAuthorizationRequestRepository

public BroadleafAuthorizationRequestRepository(StatelessUtil statelessUtil,
                                               ContextHelperService contextHelperService)

Method Detail

loadAuthorizationRequest

@Nullable
public org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest loadAuthorizationRequest(javax.servlet.http.HttpServletRequest request)

Load a saved OAuth2AuthorizationRequest from a cookie. As a side-effect, this method will also set the clientId as a request attribute.

Specified by:

loadAuthorizationRequest in interface org.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>

Parameters:

request -

Returns:

saveAuthorizationRequest

public void saveAuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest,
                                     javax.servlet.http.HttpServletRequest request,
                                     javax.servlet.http.HttpServletResponse response)

Save a OAuth2AuthorizationRequest to a cookie.

Specified by:

saveAuthorizationRequest in interface org.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>

Parameters:

authorizationRequest -

request -

response -

removeAuthorizationRequest

public org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest removeAuthorizationRequest(javax.servlet.http.HttpServletRequest request,
                                                                                                               javax.servlet.http.HttpServletResponse response)

Set a blank cookie to delete the saved authorization request.

Specified by:

removeAuthorizationRequest in interface org.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>

Parameters:

request -

response -

Returns:

removeAuthorizationRequest

public org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest removeAuthorizationRequest(javax.servlet.http.HttpServletRequest request)

This method is deprecated in the interface and is not supported by this implementation.

Specified by:

removeAuthorizationRequest in interface org.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>

Parameters:

request -

Returns:

Throws:

UnsupportedOperationException

saveAuthRequestWrapper

@NotNull
 @Deprecated
protected @NotNull javax.servlet.http.Cookie saveAuthRequestWrapper(AuthorizationRequestWrapper authorizationRequestWrapper)

Deprecated. since 1.6, replaced by saveAuthRequestWrapperResponseCookie(AuthorizationRequestWrapper)

Parameters:

authorizationRequestWrapper - the authorization request wrapper to create a cookie for

Returns:

the cookie containing the authorization request wrapper

saveAuthRequestWrapperResponseCookie

@NotNull
protected @NotNull org.springframework.http.ResponseCookie saveAuthRequestWrapperResponseCookie(AuthorizationRequestWrapper authorizationRequestWrapper)

serializeAuthRequest

protected String serializeAuthRequest(AuthorizationRequestWrapper authorizationRequestWrapper)

Serialize the given AuthorizationRequestWrapper into a String.

Parameters:

authorizationRequestWrapper -

Returns:

readAuthRequestWrapperFromCookie

@Nullable
protected AuthorizationRequestWrapper readAuthRequestWrapperFromCookie(javax.servlet.http.HttpServletRequest request)

deserializeCookie

protected AuthorizationRequestWrapper deserializeCookie(String cookie)

Deserialize a cookie value into an AuthorizationRequestWrapper.

Parameters:

cookie -

Returns:

wrapAuthRequest

protected AuthorizationRequestWrapper wrapAuthRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest)

Wrap the given OAuth2AuthorizationRequest into an AuthorizationRequestWrapper The AuthorizationRequestWrapper includes a blcClientId field, which is set from a request parameter.

Parameters:

authorizationRequest -

Returns:

wrapAuthorizationRequest

protected AuthorizationRequestWrapper wrapAuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest,
                                                               String clientId)

Wrap a OAuth2AuthorizationRequest in a AuthorizationRequestWrapper with the current client id

Parameters:

authorizationRequest -

clientId -

Returns:

buildOAuth2AuthorizationRequest

protected org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest buildOAuth2AuthorizationRequest(AuthorizationRequestWrapper authorizationRequestWrapper)

Build a OAuth2AuthorizationRequest from a AuthorizationRequestWrapper.

Parameters:

authorizationRequestWrapper -

Returns:

getSavedAuthRequestCookieName

@NotNull
public @NotNull String getSavedAuthRequestCookieName()

getStatelessUtil

protected StatelessUtil getStatelessUtil()

getContextHelperService

protected ContextHelperService getContextHelperService()

getObjectMapper

protected com.fasterxml.jackson.databind.ObjectMapper getObjectMapper()

setObjectMapper

protected void setObjectMapper(com.fasterxml.jackson.databind.ObjectMapper objectMapper)

getProperties

protected AuthorizationRequestRepositoryProperties getProperties()

setProperties

@Autowired
public void setProperties(AuthorizationRequestRepositoryProperties properties)