Package com.broadleafcommerce.auth.server.domain

Class AuthorizationServer

  • public class AuthorizationServer
extends Object
    An authorization server responsible for authenticating users. Generally, there are at least two authorization servers per tenant: one for customer users and one for admin users.

    Users belong to an authorization server and are authenticated against it.

    In the majority of cases, there is a 1-1 relationship between an AuthorizationServer and AuthorizedClient, though this is not a requirement.

    In the case that an authorization server has multiple clients, users are shared between clients. This allows, for example, a tenant with multiple store-fronts to share a single login across different storefronts.

    Keep in mind that any unique user requirements, such as unique email addresses, usernames, etc. are unique to an authorization server.

    See Also:
    AuthorizedClient

    • Constructor Detail

      • AuthorizationServer

        public AuthorizationServer()

    • Method Detail

      • getId

        public String getId()
        The primary ID of this server

      • getTenantId

        public String getTenantId()
        The ID of the tenant this authorization server is associated with. This value is not updatable.

      • getName

        public String getName()
        The unique name for this authorization server. This value is not updatable.

      • getFriendlyName

        public String getFriendlyName()
        The friendly name of this authorization server. Intended for display purposes.

      • getInactivityTimeoutSeconds

        public Integer getInactivityTimeoutSeconds()
        The period of time, in seconds, that the user's session will timeout if no action is taken.

      • getRequireLoginTimeoutSeconds

        public Integer getRequireLoginTimeoutSeconds()
        The maximum amount of time, in seconds, a user's session will persist before requiring re-login.

      • getTemplatePath

        public String getTemplatePath()
        The path on the classpath to the authorization servers templates. This should reference the folder within the `templates` folder. i.e. "admin" for the path `classpath:/templates/admin/`

      • isSsoEnabled

        public boolean isSsoEnabled()
        Whether or not SSO is enabled for this authorization server.

      • isCrossOrigin

        public boolean isCrossOrigin()
        Whether or not the user's session with this authorization server is active for cross-origin requests. If set to true, the session cookie will include a SameSite policy of "None", thereby allowing the session cookie for cross-origin requests. Defaults to false.

      • getDefaultUserRoles

        public Set<UserRoleRef> getDefaultUserRoles()
        The default roles a user is assigned when authenticating against this server.

      • getDefaultUserPermissions

        public Set<UserPermissionRef> getDefaultUserPermissions()
        The default permissions a user is assigned when authenticating against this server.

      • getAttributes

        public Map<String,​Object> getAttributes()
        Additional attributes associated with this authorization server.

      • getDefaultRedirectUri

        public String getDefaultRedirectUri()
        The default redirect URI to use if a user accesses a login page without a valid redirect cookie

      • getFailedLoginAttemptsAllowed

        public Integer getFailedLoginAttemptsAllowed()
        How many failed login attempts are allowed before a user is locked out. Zero or null indicates unlimited login attempts.

      • getLockoutDurationMinutes

        public Long getLockoutDurationMinutes()
        The time, in minutes, a user is locked out if they exceed the allowed number of failed login attempts. Null indicates unlimited lockout duration.

      • getLoginFailDecayMinutes

        public Long getLoginFailDecayMinutes()
        How long, in minutes, it takes for failed login attempts to "decay". Failed login attempts that have decayed will not be taken into account when determining if a use should be locked out. Null indicates attempts never decay.

      • isEmbeddedLoginEnabled

        public boolean isEmbeddedLoginEnabled()
        Whether this server allows embedded login and registration submissions as opposed to only allowing Universal Login. Default is false.
        Returns:
        Whether this server allows embedded login and registration submissions as opposed to only allowing Universal Login.

      • getResetPasswordUnlocksUser

        public String getResetPasswordUnlocksUser()
        Will a successful reset password unlock this user if they're locked? See User.isLocked()

      • getLockedUserCanResetPassword

        public String getLockedUserCanResetPassword()
        Can a locked user initiate a password reset? See User.isLocked()

      • setId

        public void setId​(String id)
        The primary ID of this server

      • setTenantId

        public void setTenantId​(String tenantId)
        The ID of the tenant this authorization server is associated with. This value is not updatable.

      • setName

        public void setName​(String name)
        The unique name for this authorization server. This value is not updatable.

      • setFriendlyName

        public void setFriendlyName​(String friendlyName)
        The friendly name of this authorization server. Intended for display purposes.

      • setInactivityTimeoutSeconds

        public void setInactivityTimeoutSeconds​(Integer inactivityTimeoutSeconds)
        The period of time, in seconds, that the user's session will timeout if no action is taken.

      • setRequireLoginTimeoutSeconds

        public void setRequireLoginTimeoutSeconds​(Integer requireLoginTimeoutSeconds)
        The maximum amount of time, in seconds, a user's session will persist before requiring re-login.

      • setTemplatePath

        public void setTemplatePath​(String templatePath)
        The path on the classpath to the authorization servers templates. This should reference the folder within the `templates` folder. i.e. "admin" for the path `classpath:/templates/admin/`

      • setSsoEnabled

        public void setSsoEnabled​(boolean ssoEnabled)
        Whether or not SSO is enabled for this authorization server.

      • setCrossOrigin

        public void setCrossOrigin​(boolean crossOrigin)
        Whether or not the user's session with this authorization server is active for cross-origin requests. If set to true, the session cookie will include a SameSite policy of "None", thereby allowing the session cookie for cross-origin requests. Defaults to false.

      • setDefaultUserRoles

        public void setDefaultUserRoles​(Set<UserRoleRef> defaultUserRoles)
        The default roles a user is assigned when authenticating against this server.

      • setDefaultUserPermissions

        public void setDefaultUserPermissions​(Set<UserPermissionRef> defaultUserPermissions)
        The default permissions a user is assigned when authenticating against this server.

      • setAttributes

        public void setAttributes​(Map<String,​Object> attributes)
        Additional attributes associated with this authorization server.

      • setDefaultRedirectUri

        public void setDefaultRedirectUri​(String defaultRedirectUri)
        The default redirect URI to use if a user accesses a login page without a valid redirect cookie

      • setFailedLoginAttemptsAllowed

        public void setFailedLoginAttemptsAllowed​(Integer failedLoginAttemptsAllowed)
        How many failed login attempts are allowed before a user is locked out. Zero or null indicates unlimited login attempts.

      • setLockoutDurationMinutes

        public void setLockoutDurationMinutes​(Long lockoutDurationMinutes)
        The time, in minutes, a user is locked out if they exceed the allowed number of failed login attempts. Null indicates unlimited lockout duration.

      • setLoginFailDecayMinutes

        public void setLoginFailDecayMinutes​(Long loginFailDecayMinutes)
        How long, in minutes, it takes for failed login attempts to "decay". Failed login attempts that have decayed will not be taken into account when determining if a use should be locked out. Null indicates attempts never decay.

      • setEmbeddedLoginEnabled

        public void setEmbeddedLoginEnabled​(boolean embeddedLoginEnabled)
        Whether this server allows embedded login and registration submissions as opposed to only allowing Universal Login. Default is false.
        Parameters:
        embeddedLoginEnabled - Whether this server allows embedded login and registration submissions as opposed to only allowing Universal Login.

      • setResetPasswordUnlocksUser

        public void setResetPasswordUnlocksUser​(String resetPasswordUnlocksUser)
        Will a successful reset password unlock this user if they're locked? See User.isLocked()

      • setLockedUserCanResetPassword

        public void setLockedUserCanResetPassword​(String lockedUserCanResetPassword)
        Can a locked user initiate a password reset? See User.isLocked()

      • canEqual

        protected boolean canEqual​(Object other)

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object