Package com.broadleafcommerce.auth.user.autoconfigure

Class AuthorizationServerConfiguration

java.lang.Object

org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter

com.broadleafcommerce.auth.user.autoconfigure.AuthorizationServerConfiguration

All Implemented Interfaces:

org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer

@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfiguration
extends org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter

Set up OAuth specific items. Specifically, register known oauth clients and their explicit redirect url(s). Also, configure conversion of standard OAuth access tokens into JWT tokens.

Author:

Jeff Fischer, Samarth Dhruva (samarthd)

Constructor Summary

Constructors

Constructor

Description

AuthorizationServerConfiguration(OAuth2SessionAuthenticationFilter sessionAuthenticationFilter, OAuth2TokenEndpointAuthenticationFilter tokenEndpointAuthenticationFilter, Optional<EmbeddedLoginTokenEndpointAuthenticationFilter> embeddedLoginTokenEndpointAuthenticationFilter, AuthorizedClientService<AuthorizedClient> authorizedClientService, SecurityService securityService, org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter tokenConverter, List<org.springframework.security.oauth2.provider.token.TokenEnhancer> tokenEnhancers, org.springframework.security.oauth2.provider.token.store.JwtTokenStore tokenStore, org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver, TokenProperties properties, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration authenticationConfiguration)

Method Summary

Modifier and Type	Method	Description
void	configure(org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer clients)
void	configure(org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer endpoints)
void	configure(org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer security)
protected org.springframework.security.oauth2.provider.CompositeTokenGranter	embeddedLoginTokenGranter(SecurityServiceOAuth2RequestFactory factory, DefaultRotatingTokenServices tokenServices, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, org.springframework.security.oauth2.provider.TokenGranter defaultTokenGranters)	Create a CompositeTokenGranter with an EmbeddedLoginTokenGranter followed by the default token granters from the AuthorizationServerEndpointsConfigurer.
DefaultRotatingTokenServices	tokenServices(org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer endpoints, org.springframework.security.oauth2.provider.token.TokenEnhancerChain enhancerChain)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthorizationServerConfiguration

public AuthorizationServerConfiguration(OAuth2SessionAuthenticationFilter sessionAuthenticationFilter,
                                        OAuth2TokenEndpointAuthenticationFilter tokenEndpointAuthenticationFilter,
                                        Optional<EmbeddedLoginTokenEndpointAuthenticationFilter> embeddedLoginTokenEndpointAuthenticationFilter,
                                        AuthorizedClientService<AuthorizedClient> authorizedClientService,
                                        SecurityService securityService,
                                        org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter tokenConverter,
                                        @Nullable
                                        List<org.springframework.security.oauth2.provider.token.TokenEnhancer> tokenEnhancers,
                                        org.springframework.security.oauth2.provider.token.store.JwtTokenStore tokenStore,
                                        org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver,
                                        TokenProperties properties,
                                        org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService,
                                        org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration authenticationConfiguration)
                                 throws Exception

Throws:

Exception

Method Detail

configure

public void configure(org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer endpoints)

Specified by:

configure in interface org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer

Overrides:

configure in class org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter

embeddedLoginTokenGranter

protected org.springframework.security.oauth2.provider.CompositeTokenGranter embeddedLoginTokenGranter(SecurityServiceOAuth2RequestFactory factory,
                                                                                                       DefaultRotatingTokenServices tokenServices,
                                                                                                       org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService,
                                                                                                       org.springframework.security.oauth2.provider.TokenGranter defaultTokenGranters)

Create a CompositeTokenGranter with an EmbeddedLoginTokenGranter followed by the default token granters from the AuthorizationServerEndpointsConfigurer.

Parameters:

factory -

tokenServices -

clientDetailsService -

defaultTokenGranters -

Returns:

A CompositeTokenGranter with an EmbeddedLoginTokenGranter followed by the default token granters

tokenServices

@Bean
@ConditionalOnMissingBean
public DefaultRotatingTokenServices tokenServices(org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer endpoints,
                                                  org.springframework.security.oauth2.provider.token.TokenEnhancerChain enhancerChain)

configure

public void configure(org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer clients)
               throws Exception

Specified by:

configure in interface org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer

Overrides:

configure in class org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter

Throws:

Exception

configure

public void configure(org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer security)

Specified by:

configure in interface org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer

Overrides:

configure in class org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter