Class BroadleafAuthorizationRequestRepository
- java.lang.Object
-
- com.broadleafcommerce.auth.client.web.repo.BroadleafAuthorizationRequestRepository
-
- All Implemented Interfaces:
org.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>
public class BroadleafAuthorizationRequestRepository extends Object implements org.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>
Save and loadOAuth2AuthorizationRequestfrom a cookie. TheOAuth2AuthorizationRequestis wrapped in anAuthorizationRequestWrapper. Then it is serialized, wrapped in a signed jwt token, and saved to a cookie. When the browser redirects back to this app from the third party login, theAuthorizationRequestWrapperis read from the cookie, verified, and deserialized into anOAuth2AuthorizationRequest.
-
-
Field Summary
Fields Modifier and Type Field Description protected static StringAUTH_REQUEST_CLAIM_KEYprotected static longEXPIRES_IN_SECONDSprotected static StringSAVED_AUTH_REQUEST_COOKIE_NAME
-
Constructor Summary
Constructors Constructor Description BroadleafAuthorizationRequestRepository(StatelessUtil statelessUtil, ContextHelperService contextHelperService)
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description protected org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequestbuildOAuth2AuthorizationRequest(AuthorizationRequestWrapper authorizationRequestWrapper)Build aOAuth2AuthorizationRequestfrom aAuthorizationRequestWrapper.protected AuthorizationRequestWrapperdeserializeCookie(String cookie)Deserialize a cookie value into anAuthorizationRequestWrapper.protected ContextHelperServicegetContextHelperService()protected com.fasterxml.jackson.databind.ObjectMappergetObjectMapper()protected AuthorizationRequestRepositoryPropertiesgetProperties()@NotNull StringgetSavedAuthRequestCookieName()protected StatelessUtilgetStatelessUtil()org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequestloadAuthorizationRequest(javax.servlet.http.HttpServletRequest request)Load a savedOAuth2AuthorizationRequestfrom a cookie.protected AuthorizationRequestWrapperreadAuthRequestWrapperFromCookie(javax.servlet.http.HttpServletRequest request)org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequestremoveAuthorizationRequest(javax.servlet.http.HttpServletRequest request)This method is deprecated in the interface and is not supported by this implementation.org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequestremoveAuthorizationRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)Set a blank cookie to delete the saved authorization request.voidsaveAuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)Save aOAuth2AuthorizationRequestto a cookie.protected @NotNull javax.servlet.http.CookiesaveAuthRequestWrapper(AuthorizationRequestWrapper authorizationRequestWrapper)Deprecated.since 1.6, replaced bysaveAuthRequestWrapperResponseCookie(AuthorizationRequestWrapper)protected @NotNull org.springframework.http.ResponseCookiesaveAuthRequestWrapperResponseCookie(AuthorizationRequestWrapper authorizationRequestWrapper)protected StringserializeAuthRequest(AuthorizationRequestWrapper authorizationRequestWrapper)Serialize the givenAuthorizationRequestWrapperinto a String.protected voidsetObjectMapper(com.fasterxml.jackson.databind.ObjectMapper objectMapper)voidsetProperties(AuthorizationRequestRepositoryProperties properties)protected AuthorizationRequestWrapperwrapAuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest, String clientId)Wrap aOAuth2AuthorizationRequestin aAuthorizationRequestWrapperwith the current client idprotected AuthorizationRequestWrapperwrapAuthRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest)Wrap the givenOAuth2AuthorizationRequestinto anAuthorizationRequestWrapperTheAuthorizationRequestWrapperincludes a blcClientId field, which is set from a request parameter.
-
-
-
Field Detail
-
SAVED_AUTH_REQUEST_COOKIE_NAME
protected static final String SAVED_AUTH_REQUEST_COOKIE_NAME
- See Also:
- Constant Field Values
-
AUTH_REQUEST_CLAIM_KEY
protected static final String AUTH_REQUEST_CLAIM_KEY
- See Also:
- Constant Field Values
-
EXPIRES_IN_SECONDS
protected static final long EXPIRES_IN_SECONDS
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
BroadleafAuthorizationRequestRepository
public BroadleafAuthorizationRequestRepository(StatelessUtil statelessUtil, ContextHelperService contextHelperService)
-
-
Method Detail
-
loadAuthorizationRequest
@Nullable public org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest loadAuthorizationRequest(javax.servlet.http.HttpServletRequest request)
Load a savedOAuth2AuthorizationRequestfrom a cookie. As a side-effect, this method will also set the clientId as a request attribute.- Specified by:
loadAuthorizationRequestin interfaceorg.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>- Parameters:
request-- Returns:
-
saveAuthorizationRequest
public void saveAuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)Save aOAuth2AuthorizationRequestto a cookie.- Specified by:
saveAuthorizationRequestin interfaceorg.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>- Parameters:
authorizationRequest-request-response-
-
removeAuthorizationRequest
public org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest removeAuthorizationRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)Set a blank cookie to delete the saved authorization request.- Specified by:
removeAuthorizationRequestin interfaceorg.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>- Parameters:
request-response-- Returns:
-
removeAuthorizationRequest
public org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest removeAuthorizationRequest(javax.servlet.http.HttpServletRequest request)
This method is deprecated in the interface and is not supported by this implementation.- Specified by:
removeAuthorizationRequestin interfaceorg.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>- Parameters:
request-- Returns:
- Throws:
UnsupportedOperationException
-
saveAuthRequestWrapper
@NotNull @Deprecated protected @NotNull javax.servlet.http.Cookie saveAuthRequestWrapper(AuthorizationRequestWrapper authorizationRequestWrapper)
Deprecated.since 1.6, replaced bysaveAuthRequestWrapperResponseCookie(AuthorizationRequestWrapper)- Parameters:
authorizationRequestWrapper- the authorization request wrapper to create a cookie for- Returns:
- the cookie containing the authorization request wrapper
-
saveAuthRequestWrapperResponseCookie
@NotNull protected @NotNull org.springframework.http.ResponseCookie saveAuthRequestWrapperResponseCookie(AuthorizationRequestWrapper authorizationRequestWrapper)
-
serializeAuthRequest
protected String serializeAuthRequest(AuthorizationRequestWrapper authorizationRequestWrapper)
Serialize the givenAuthorizationRequestWrapperinto a String.- Parameters:
authorizationRequestWrapper-- Returns:
-
readAuthRequestWrapperFromCookie
@Nullable protected AuthorizationRequestWrapper readAuthRequestWrapperFromCookie(javax.servlet.http.HttpServletRequest request)
-
deserializeCookie
protected AuthorizationRequestWrapper deserializeCookie(String cookie)
Deserialize a cookie value into anAuthorizationRequestWrapper.- Parameters:
cookie-- Returns:
-
wrapAuthRequest
protected AuthorizationRequestWrapper wrapAuthRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest)
Wrap the givenOAuth2AuthorizationRequestinto anAuthorizationRequestWrapperTheAuthorizationRequestWrapperincludes a blcClientId field, which is set from a request parameter.- Parameters:
authorizationRequest-- Returns:
-
wrapAuthorizationRequest
protected AuthorizationRequestWrapper wrapAuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest, String clientId)
Wrap aOAuth2AuthorizationRequestin aAuthorizationRequestWrapperwith the current client id- Parameters:
authorizationRequest-clientId-- Returns:
-
buildOAuth2AuthorizationRequest
protected org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest buildOAuth2AuthorizationRequest(AuthorizationRequestWrapper authorizationRequestWrapper)
Build aOAuth2AuthorizationRequestfrom aAuthorizationRequestWrapper.- Parameters:
authorizationRequestWrapper-- Returns:
-
getSavedAuthRequestCookieName
@NotNull public @NotNull String getSavedAuthRequestCookieName()
-
getStatelessUtil
protected StatelessUtil getStatelessUtil()
-
getContextHelperService
protected ContextHelperService getContextHelperService()
-
getObjectMapper
protected com.fasterxml.jackson.databind.ObjectMapper getObjectMapper()
-
setObjectMapper
protected void setObjectMapper(com.fasterxml.jackson.databind.ObjectMapper objectMapper)
-
getProperties
protected AuthorizationRequestRepositoryProperties getProperties()
-
setProperties
@Autowired public void setProperties(AuthorizationRequestRepositoryProperties properties)
-
-