com.broadleafcommerce.auth.user.service

Interface ImpersonationService

All Known Implementing Classes:

DefaultImpersonationService

public interface ImpersonationService

Service providing various methods related to the impersonation flow. Includes generating and validating impersonation tokens used during redirects, as well as session tokens. Implementations of this class should support cross domain impersonation.

Author:

Nick Crum (ncrum)

See Also:

ImpersonationEndpoint

Method Summary

Modifier and Type	Method and Description
ImpersonationRequestToken	consumeImpersonationToken(String token) Validates tokens generated by generateImpersonationToken(ImpersonationRequest, Authentication) and converts them into the original ImpersonationRequest supplied before redirect.
String	generateImpersonationRedirectUrl(String redirectUrl, com.nimbusds.jwt.SignedJWT signedJWT, String contextPath) Generates a URL String containing a serialized signed JWT that should be redirected to in order to consume an impersonation token.
com.nimbusds.jwt.SignedJWT	generateImpersonationToken(ImpersonationRequest request, org.springframework.security.core.Authentication authentication) Generates a JWT to be used during redirects when impersonating a user.
OAuth2SessionToken	getImpersonationSessionToken(ImpersonationRequestToken impersonationRequest, OAuth2UserDetails impersonatedUser) Creates an OAuth2SessionToken for the validated ImpersonationRequest.

Method Detail

getImpersonationSessionToken

OAuth2SessionToken getImpersonationSessionToken(ImpersonationRequestToken impersonationRequest,
                                                OAuth2UserDetails impersonatedUser)

Creates an OAuth2SessionToken for the validated ImpersonationRequest.

Parameters:

impersonatedUser - The user to be impersonated

impersonationRequest - The impersonation request

Returns:

A valid OAuth2SessionToken for the impersonated user with additional CSR claims.

generateImpersonationToken

com.nimbusds.jwt.SignedJWT generateImpersonationToken(ImpersonationRequest request,
                                                      org.springframework.security.core.Authentication authentication)

Generates a JWT to be used during redirects when impersonating a user. This allows impersonation across domains.

Parameters:

request - The impersonation request.

authentication - The current user's authentication

Returns:

A signed JWT to be used during a redirect to the targeted domain.

consumeImpersonationToken

ImpersonationRequestToken consumeImpersonationToken(String token)

Validates tokens generated by generateImpersonationToken(ImpersonationRequest, Authentication) and converts them into the original ImpersonationRequest supplied before redirect.

Parameters:

token - The serialized signed JWT.

Returns:

An impersonation request.

generateImpersonationRedirectUrl

String generateImpersonationRedirectUrl(String redirectUrl,
                                        com.nimbusds.jwt.SignedJWT signedJWT,
                                        String contextPath)

Generates a URL String containing a serialized signed JWT that should be redirected to in order to consume an impersonation token.

Parameters:

redirectUrl - The redirect URL, typically ImpersonationRequest.getRedirect_uri()

signedJWT - The signed JWT, generated from generateImpersonationToken(ImpersonationRequest, Authentication)

contextPath - The context path of the impersonation request

Returns:

A URL to consume the impersonation token.