Class DefaultImpersonationService
- java.lang.Object
-
- com.broadleafcommerce.auth.user.service.DefaultImpersonationService
-
- All Implemented Interfaces:
ImpersonationService
public class DefaultImpersonationService extends Object implements ImpersonationService
- Author:
- Nick Crum (ncrum)
-
-
Field Summary
Fields Modifier and Type Field Description static StringCSR_CLIENT_IDstatic StringCSR_IDstatic StringIMPERSONATED_CLIENT_IDstatic StringIMPERSONATED_SUBprotected static longIMPERSONATION_TOKEN_EXP_TIME_SECstatic StringREDIRECT_URI
-
Constructor Summary
Constructors Constructor Description DefaultImpersonationService(ImpersonationClaimsEnhancer claimsEnhancer, StatelessUtil statelessUtil)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected Map<String,Object>buildImpersonationClaims(ImpersonationRequest request, org.springframework.security.core.Authentication authentication)ImpersonationRequestTokenconsumeImpersonationToken(String token)Validates tokens generated byImpersonationService.generateImpersonationToken(ImpersonationRequest, Authentication)and converts them into the originalImpersonationRequestsupplied before redirect.StringgenerateImpersonationRedirectUrl(String redirectUrl, com.nimbusds.jwt.SignedJWT token, String contextPath)Generates a URL String containing a serialized signed JWT that should be redirected to in order to consume an impersonation token.com.nimbusds.jwt.SignedJWTgenerateImpersonationToken(ImpersonationRequest request, org.springframework.security.core.Authentication authentication)Generates a JWT to be used during redirects when impersonating a user.protected ImpersonationClaimsEnhancergetClaimsEnhancer()protected ObjectgetDetail(Map<String,Object> details, String key)OAuth2SessionTokengetImpersonationSessionToken(ImpersonationRequestToken token, OAuth2UserDetails impersonatedUser)Creates anOAuth2SessionTokenfor the validatedImpersonationRequest.protected StatelessUtilgetStatelessUtil()
-
-
-
Field Detail
-
IMPERSONATION_TOKEN_EXP_TIME_SEC
protected static final long IMPERSONATION_TOKEN_EXP_TIME_SEC
- See Also:
- Constant Field Values
-
REDIRECT_URI
public static final String REDIRECT_URI
- See Also:
- Constant Field Values
-
CSR_ID
public static final String CSR_ID
- See Also:
- Constant Field Values
-
CSR_CLIENT_ID
public static final String CSR_CLIENT_ID
- See Also:
- Constant Field Values
-
IMPERSONATED_SUB
public static final String IMPERSONATED_SUB
- See Also:
- Constant Field Values
-
IMPERSONATED_CLIENT_ID
public static final String IMPERSONATED_CLIENT_ID
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
DefaultImpersonationService
public DefaultImpersonationService(ImpersonationClaimsEnhancer claimsEnhancer, StatelessUtil statelessUtil)
-
-
Method Detail
-
getImpersonationSessionToken
public OAuth2SessionToken getImpersonationSessionToken(ImpersonationRequestToken token, OAuth2UserDetails impersonatedUser)
Description copied from interface:ImpersonationServiceCreates anOAuth2SessionTokenfor the validatedImpersonationRequest.- Specified by:
getImpersonationSessionTokenin interfaceImpersonationService- Parameters:
token- The impersonation requestimpersonatedUser- The user to be impersonated- Returns:
- A valid
OAuth2SessionTokenfor the impersonated user with additional CSR claims.
-
generateImpersonationToken
public com.nimbusds.jwt.SignedJWT generateImpersonationToken(ImpersonationRequest request, org.springframework.security.core.Authentication authentication)
Description copied from interface:ImpersonationServiceGenerates a JWT to be used during redirects when impersonating a user. This allows impersonation across domains.- Specified by:
generateImpersonationTokenin interfaceImpersonationService- Parameters:
request- The impersonation request.authentication- The current user's authentication- Returns:
- A signed JWT to be used during a redirect to the targeted domain.
-
generateImpersonationRedirectUrl
public String generateImpersonationRedirectUrl(String redirectUrl, com.nimbusds.jwt.SignedJWT token, String contextPath)
Description copied from interface:ImpersonationServiceGenerates a URL String containing a serialized signed JWT that should be redirected to in order to consume an impersonation token.- Specified by:
generateImpersonationRedirectUrlin interfaceImpersonationService- Parameters:
redirectUrl- The redirect URL, typicallyImpersonationRequest.getRedirect_uri()token- The signed JWT, generated fromImpersonationService.generateImpersonationToken(ImpersonationRequest, Authentication)contextPath- The context path of the impersonation request- Returns:
- A URL to consume the impersonation token.
-
consumeImpersonationToken
public ImpersonationRequestToken consumeImpersonationToken(String token)
Description copied from interface:ImpersonationServiceValidates tokens generated byImpersonationService.generateImpersonationToken(ImpersonationRequest, Authentication)and converts them into the originalImpersonationRequestsupplied before redirect.- Specified by:
consumeImpersonationTokenin interfaceImpersonationService- Parameters:
token- The serialized signed JWT.- Returns:
- An impersonation request.
-
buildImpersonationClaims
protected Map<String,Object> buildImpersonationClaims(ImpersonationRequest request, org.springframework.security.core.Authentication authentication)
-
getClaimsEnhancer
@NonNull protected ImpersonationClaimsEnhancer getClaimsEnhancer()
-
getStatelessUtil
@NonNull protected StatelessUtil getStatelessUtil()
-
-