com.broadleafcommerce.auth.server.domain

Class AuthorizedClient

java.lang.Object

com.broadleafcommerce.auth.server.domain.AuthorizedClient

All Implemented Interfaces:

Serializable

public class AuthorizedClient
extends Object
implements Serializable

Represents the authorization service concept of an authorized client. This structure is used to store a persistent representation of an OAuth2 ClientDetails for an AuthorizationServer.

Author:

Nick Crum (ncrum)

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
AuthorizedClient()

Method Summary

Modifier and Type	Method and Description
protected boolean	canEqual(Object other)
boolean	equals(Object o)
String	getApplicationId() Populated if this authorized client is used for authorizing customer users in a certain application.
Map<String,Object>	getAttributes() Additional attributes for this client, not needed by the vanilla OAuth protocol but might be useful, for example, for storing descriptive information.
String	getClientId() The OAuth2 client ID for this authorized client.
String	getClientSecret() The encrypted OAuth2 client secret for this authorized client.
String	getDefaultRedirectUri() The default redirect URI to use if a user accesses a login page without a valid redirect cookie
String	getFriendlyName() The friendly name of this authorized client.
Set<String>	getGrantTypes() The grant types for which this client is authorized.
String	getId() The primary key of this authorized client.
Set<String>	getPermissions() Returns the permissions that are granted to the OAuth client.
Set<String>	getRedirectUris() The pre-defined redirect URIs for this client to use during the "authorization_code" access grant.
Integer	getRefreshTokenTimeoutSeconds() The period of time, in seconds, that an refresh token issued will be valid for.
Set<String>	getResourceIds() The resources that this client can access.
Set<String>	getScopes() The scopes for this client.
String	getServerId() The ID of the authorization server this authorized client is part of.
Integer	getTokenTimeoutSeconds() The period of time, in seconds, that an access token issued will be valid for.
int	hashCode()
boolean	isAdmin() Whether or not this authorized client is used for authorizing admin users.
void	setAdmin(boolean isAdmin) Whether or not this authorized client is used for authorizing admin users.
void	setApplicationId(String applicationId) Populated if this authorized client is used for authorizing customer users in a certain application.
void	setAttributes(Map<String,Object> attributes) Additional attributes for this client, not needed by the vanilla OAuth protocol but might be useful, for example, for storing descriptive information.
void	setClientId(String clientId) The OAuth2 client ID for this authorized client.
void	setClientSecret(String clientSecret) The encrypted OAuth2 client secret for this authorized client.
void	setDefaultRedirectUri(String defaultRedirectUri) The default redirect URI to use if a user accesses a login page without a valid redirect cookie
void	setFriendlyName(String friendlyName) The friendly name of this authorized client.
void	setGrantTypes(Set<String> grantTypes) The grant types for which this client is authorized.
void	setId(String id) The primary key of this authorized client.
void	setPermissions(Set<String> permissions) Returns the permissions that are granted to the OAuth client.
void	setRedirectUris(Set<String> redirectUris) The pre-defined redirect URIs for this client to use during the "authorization_code" access grant.
void	setRefreshTokenTimeoutSeconds(Integer refreshTokenTimeoutSeconds) The period of time, in seconds, that an refresh token issued will be valid for.
void	setResourceIds(Set<String> resourceIds) The resources that this client can access.
void	setScopes(Set<String> scopes) The scopes for this client.
void	setServerId(String serverId) The ID of the authorization server this authorized client is part of.
void	setTokenTimeoutSeconds(Integer tokenTimeoutSeconds) The period of time, in seconds, that an access token issued will be valid for.
org.springframework.security.oauth2.provider.ClientDetails	toClientDetails() Convert this authorized client to a ClientDetails.
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

AuthorizedClient

public AuthorizedClient()

Method Detail

toClientDetails

public org.springframework.security.oauth2.provider.ClientDetails toClientDetails()

Convert this authorized client to a ClientDetails.

Returns:

the client details

getId

public String getId()

The primary key of this authorized client.

Returns:

the primary key

getServerId

public String getServerId()

The ID of the authorization server this authorized client is part of.

Returns:

the authorization server ID

getFriendlyName

public String getFriendlyName()

The friendly name of this authorized client. Intended for display purposes

Returns:

the friendly name

getClientId

public String getClientId()

The OAuth2 client ID for this authorized client. Usually generated as a randomized string.

Returns:

the client ID

getClientSecret

public String getClientSecret()

The encrypted OAuth2 client secret for this authorized client. Not serialized as part of the response object.

Returns:

the encrypted client secret

getTokenTimeoutSeconds

public Integer getTokenTimeoutSeconds()

The period of time, in seconds, that an access token issued will be valid for.

Returns:

the timeout in seconds

getRefreshTokenTimeoutSeconds

public Integer getRefreshTokenTimeoutSeconds()

The period of time, in seconds, that an refresh token issued will be valid for. A refresh token used within this timeframe will become invalid because of rotation. It should be generally considered that a refresh token can be used once.

Returns:

the timeout in seconds

getResourceIds

public Set<String> getResourceIds()

The resources that this client can access. Can be ignored by callers if empty.

Returns:

the resource IDs

getGrantTypes

public Set<String> getGrantTypes()

The grant types for which this client is authorized.

Returns:

The grant types for which this client is authorized.

getRedirectUris

public Set<String> getRedirectUris()

The pre-defined redirect URIs for this client to use during the "authorization_code" access grant. See OAuth spec, section 4.1.1.

Any of these values may be relative, and if so, the DefaultClientDetailsService will use the TenantUrlResolver to determine the base URL to resolve them against such that ultimately they are absolute. If resolution to an absolute URL fails for whatever reason, the relative URL will be omitted from the final ClientDetails.getRegisteredRedirectUri().

Returns:

The pre-defined redirect URIs for this client.

See Also:

DefaultClientDetailsService, TenantUrlResolver

getScopes

public Set<String> getScopes()

The scopes for this client. Empty if the client isn't scoped.

Returns:

The scopes of this client.

getPermissions

public Set<String> getPermissions()

Returns the permissions that are granted to the OAuth client. Cannot return null. Note that these are NOT the permissions that are granted to the user with an authorized access token. Instead, these permissions are inherent to the client itself.

Returns:

the permissions (never null)

getApplicationId

public String getApplicationId()

Populated if this authorized client is used for authorizing customer users in a certain application. This is generally used in discovering the authorized client or authorization server for customer users.

Returns:

the application ID this client is used in, or null if not used for customers

getAttributes

public Map<String,Object> getAttributes()

Additional attributes for this client, not needed by the vanilla OAuth protocol but might be useful, for example, for storing descriptive information.

Returns:

a map of additional attributes

getDefaultRedirectUri

public String getDefaultRedirectUri()

The default redirect URI to use if a user accesses a login page without a valid redirect cookie

Returns:

a string representing the default fallback URI

setId

public void setId(String id)

The primary key of this authorized client.

Parameters:

id - the primary key

setServerId

public void setServerId(String serverId)

The ID of the authorization server this authorized client is part of.

Parameters:

serverId - the authorization server ID

setFriendlyName

public void setFriendlyName(String friendlyName)

The friendly name of this authorized client. Intended for display purposes

Parameters:

friendlyName - the friendly name

setClientId

public void setClientId(String clientId)

The OAuth2 client ID for this authorized client. Usually generated as a randomized string.

Parameters:

clientId - the client ID

setClientSecret

public void setClientSecret(String clientSecret)

The encrypted OAuth2 client secret for this authorized client. Not serialized as part of the response object.

Parameters:

clientSecret - the encrypted client secret

setTokenTimeoutSeconds

public void setTokenTimeoutSeconds(Integer tokenTimeoutSeconds)

The period of time, in seconds, that an access token issued will be valid for.

Parameters:

tokenTimeoutSeconds - the timeout in seconds

setRefreshTokenTimeoutSeconds

public void setRefreshTokenTimeoutSeconds(Integer refreshTokenTimeoutSeconds)

The period of time, in seconds, that an refresh token issued will be valid for. A refresh token used within this timeframe will become invalid because of rotation. It should be generally considered that a refresh token can be used once.

Parameters:

tokenTimeoutSeconds - the timeout in seconds

setResourceIds

public void setResourceIds(Set<String> resourceIds)

The resources that this client can access. Can be ignored by callers if empty.

Parameters:

resourceIds - the resource IDs

setGrantTypes

public void setGrantTypes(Set<String> grantTypes)

The grant types for which this client is authorized.

Parameters:

grantTypes - the grant types

setRedirectUris

public void setRedirectUris(Set<String> redirectUris)

The pre-defined redirect URIs for this client to use during the "authorization_code" access grant. See OAuth spec, section 4.1.1.

Any of these values may be relative, and if so, the DefaultClientDetailsService will use the TenantUrlResolver to determine the base URL to resolve them against such that ultimately they are absolute. If resolution to an absolute URL fails for whatever reason, the relative URL will be omitted from the final ClientDetails.getRegisteredRedirectUri().

Parameters:

redirectUris - the redirect URIs

See Also:

DefaultClientDetailsService, TenantUrlResolver

setScopes

public void setScopes(Set<String> scopes)

The scopes for this client. Empty if the client isn't scoped.

Parameters:

scopes - the scopes

setPermissions

public void setPermissions(Set<String> permissions)

Returns the permissions that are granted to the OAuth client. Cannot return null. Note that these are NOT the permissions that are granted to the user with an authorized access token. Instead, these permissions are inherent to the client itself.

Parameters:

permissions - the permissions

setAdmin

public void setAdmin(boolean isAdmin)

Whether or not this authorized client is used for authorizing admin users. This is generally used in discovering the authorized client or authorization server for admin users.

Parameters:

isAdmin - whether or not this authorized client is for admin users

setApplicationId

public void setApplicationId(String applicationId)

Populated if this authorized client is used for authorizing customer users in a certain application. This is generally used in discovering the authorized client or authorization server for customer users.

Parameters:

applicationId - the application ID this client is used in

setAttributes

public void setAttributes(Map<String,Object> attributes)

Additional attributes for this client, not needed by the vanilla OAuth protocol but might be useful, for example, for storing descriptive information.

Parameters:

attributes - the additional attributes

setDefaultRedirectUri

public void setDefaultRedirectUri(String defaultRedirectUri)

The default redirect URI to use if a user accesses a login page without a valid redirect cookie

Parameters:

defaultRedirectUri - the default fallback URI to use for this client

equals

public boolean equals(Object o)

Overrides:

equals in class Object

canEqual

protected boolean canEqual(Object other)

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object

isAdmin

public boolean isAdmin()

Whether or not this authorized client is used for authorizing admin users. This is generally used in discovering the authorized client or authorization server for admin users.

Returns:

whether or not this authorized client is for admin users