This filter helps with the 3rd Party OAuth Server functionality, where this app is acting as an
OAuth2 Client to a 3rd party OAuth service.
This filter checks for a client_id request parameter and sets it as a request attribute, via the
ContextHelperService
.
This filter works in tandem with the
ContextHelperService
. There are a few places in the
3rd party OAuth authentication flows where it is very helpful to have the blc client_id available
on the RequestContext.
For instance:
When looking up a
ClientRegistration
, the
DefaultBroadleafClientRegistrationRepository
uses the client_id to look up the tenant_id,
which is in turn used to filter the database query to find the appropriate
OAuthClientRegistrationWrapper
. It is necessary to use the RequestContext attribute
because the
ClientRegistrationRepository.findByRegistrationId(java.lang.String)
method
does not have access to the request. In order to preserve that interface, we use the
RequestContext to hold the client_id. This preserves a lot of the Spring OAuth2 Client library
functionality that would otherwise have to be customized if we customized the
ClientRegistrationRepository
interface.
When a user is redirected back to this app after logging in with a 3rd party, that redirect does
not contain the client_id parameter needed by the auth service. To address this gap, the
BroadleafAuthorizationRequestRepository
saves the client_id on the saved request before
sending the user to the 3rd party login page. Then, when the user comes back from the 3rd party,
BroadleafAuthorizationRequestRepository
re-populates the client_id request attribute with
the client_id from the saved request. This eventually gets put on a
BroadleafOAuthClientAuthenticationDetails
, which is used in the
DefaultSessionAuthenticationStrategy
to create a user and session cookie with the
appropriate client id.