Package com.broadleafcommerce.auth.user.service

Class DefaultClientDetailsService

  • All Implemented Interfaces:
    org.springframework.security.oauth2.provider.ClientDetailsService
    public class DefaultClientDetailsService
extends Object
implements org.springframework.security.oauth2.provider.ClientDetailsService
    Author:
    Nick Crum (ncrum)

    • Method Detail

      • loadClientByClientId

        public org.springframework.security.oauth2.provider.ClientDetails loadClientByClientId​(String clientId)
                                                                                throws org.springframework.security.oauth2.provider.ClientRegistrationException
        Specified by:
        loadClientByClientId in interface org.springframework.security.oauth2.provider.ClientDetailsService
        Throws:
        org.springframework.security.oauth2.provider.ClientRegistrationException

      • withResolvedRelativeRedirectUris

        protected AuthorizedClient withResolvedRelativeRedirectUris​(AuthorizedClient client)
        If this client has any relative URLs in its AuthorizedClient.getRedirectUris(), this method will get the base URL for the client's tenant or application. Each relative redirect URI will then be added to the path of the resolved base URL, and this new absolute URL will replace the original relative value.

        If resolution of the base URL fails, or if the value is not absolute even after being appended to the base, the relative URL will be removed from the AuthorizedClient.getRedirectUris() (just in the given POJO - the data store is not updated). This ensures the OAuth specification's requirement of absolute redirect URIs is preserved for security.

        Parameters:
        client - the client for which to prepend application/tenant URL to relative redirect URIs
        Returns:
        the client after replacing its redirect URIs with absolute values

      • withExpandedAuthorities

        protected org.springframework.security.oauth2.provider.ClientDetails withExpandedAuthorities​(org.springframework.security.oauth2.provider.ClientDetails clientDetails)
        Expands the set of authorities to include any scopes derived from the PermissionScope domain. This ensures that OAuth2RequestFactory is able to validate the requested scopes are valid for these ClientDetails.
        Parameters:
        clientDetails - the client details
        Returns:
        the client details with scopes as authorities
        See Also:
        for how this is done for a