public class DefaultClientDetailsService extends Object implements org.springframework.security.oauth2.provider.ClientDetailsService
| Constructor and Description |
|---|
DefaultClientDetailsService(AuthorizedClientService<AuthorizedClient> authorizedClientService) |
| Modifier and Type | Method and Description |
|---|---|
protected Set<org.springframework.security.core.GrantedAuthority> |
expandAllAuthorities(Collection<org.springframework.security.core.GrantedAuthority> initialAuthorities)
|
org.springframework.security.oauth2.provider.ClientDetails |
loadClientByClientId(String clientId) |
protected org.springframework.security.oauth2.provider.ClientDetails |
withExpandedAuthorities(org.springframework.security.oauth2.provider.ClientDetails clientDetails)
Expands the set of authorities to include any scopes derived from the
PermissionScope
domain. |
protected AuthorizedClient |
withResolvedRelativeRedirectUris(AuthorizedClient client)
If this client has any relative URLs in its
AuthorizedClient.getRedirectUris(), this
method will get the base URL for the client's tenant or application. |
public DefaultClientDetailsService(AuthorizedClientService<AuthorizedClient> authorizedClientService)
public org.springframework.security.oauth2.provider.ClientDetails loadClientByClientId(String clientId) throws org.springframework.security.oauth2.provider.ClientRegistrationException
loadClientByClientId in interface org.springframework.security.oauth2.provider.ClientDetailsServiceorg.springframework.security.oauth2.provider.ClientRegistrationExceptionprotected AuthorizedClient withResolvedRelativeRedirectUris(AuthorizedClient client)
AuthorizedClient.getRedirectUris(), this
method will get the base URL for the client's tenant or application. Each relative redirect
URI will then be added to the path of the resolved base URL, and this new absolute URL will
replace the original relative value.
If resolution of the base URL fails, or if the value is not absolute even after being
appended to the base, the relative URL will be removed from the
AuthorizedClient.getRedirectUris() (just in the given POJO - the data store is not
updated). This ensures the OAuth specification's requirement of absolute redirect URIs is
preserved for security.
client - the client for which to prepend application/tenant URL to relative redirect
URIsprotected org.springframework.security.oauth2.provider.ClientDetails withExpandedAuthorities(org.springframework.security.oauth2.provider.ClientDetails clientDetails)
PermissionScope
domain. This ensures that OAuth2RequestFactory is able to validate the requested
scopes are valid for these ClientDetails.clientDetails - the client detailsfor how this is done for a {@link User}protected Set<org.springframework.security.core.GrantedAuthority> expandAllAuthorities(Collection<org.springframework.security.core.GrantedAuthority> initialAuthorities)
ClientDetails to include a GrantedAuthority prefixed with
PermissionType.ALL.
This method expands any GrantedAuthority prefixed by PermissionType.ALL into
various PermissionType such as PermissionType.READ or
PermissionType.CREATE. The full set can be found in
PermissionUtils.expandAllPermission(String).
initialAuthorities - the initial set of authorities without expanded
PermissionType.ALL authoritiesPermissionType.ALL authoritiesCopyright © 2021. All rights reserved.