Package com.broadleafcommerce.auth.user.session

Class OAuth2AuthenticationEntryPoint

  • All Implemented Interfaces:
    org.springframework.beans.factory.InitializingBean, org.springframework.security.web.AuthenticationEntryPoint
    public class OAuth2AuthenticationEntryPoint
extends org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
    Provides a behavior consistent with http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest. Specifically, inclusion of the prompt=none parameter. This implementation will detect the inclusion of the prompt request param, and if detected to be none, will return an error response consistent with OIDC, rather than redirect to the login page. This allows for silent authentication flows that are suitable for SPA use cases.
    Author:
    Jeff Fischer

    • Constructor Summary

      Constructors 
      Constructor Description
      OAuth2AuthenticationEntryPoint​(String loginFormUrl, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver, boolean useRedirectUriHost)
      The useRedirectUriHost flag has been deprecated as the ForwardedHeaderFilter should be used in all circumstances to correctly determine the redirect URI.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void commence​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException authException)  
      protected String determineUrlToUseForThisRequest​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException exception)  
      org.springframework.security.oauth2.provider.ClientDetailsService getClientDetailsService()  
      org.springframework.security.oauth2.provider.endpoint.RedirectResolver getRedirectResolver()  
      org.springframework.security.web.RedirectStrategy getRedirectStrategy()  
      boolean isUseRedirectUriHost()  
      void setClientDetailsService​(org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService)  
      void setRedirectResolver​(org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver)  
      void setRedirectStrategy​(org.springframework.security.web.RedirectStrategy redirectStrategy)  
      void setUseRedirectUriHost​(boolean useRedirectUriHost)  

      • Methods inherited from class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

        afterPropertiesSet, buildHttpsRedirectUrlForRequest, buildRedirectUrlToLoginPage, getLoginFormUrl, getPortMapper, getPortResolver, isForceHttps, isUseForward, setForceHttps, setPortMapper, setPortResolver, setUseForward

    • Constructor Detail

      • OAuth2AuthenticationEntryPoint

        public OAuth2AuthenticationEntryPoint​(String loginFormUrl,
                                      org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService,
                                      org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver,
                                      @Deprecated
                                      boolean useRedirectUriHost)
        The useRedirectUriHost flag has been deprecated as the ForwardedHeaderFilter should be used in all circumstances to correctly determine the redirect URI. When it is used, the requests will automatically be redirected to the forwarded host/path.

    • Method Detail

      • commence

        public void commence​(javax.servlet.http.HttpServletRequest request,
                     javax.servlet.http.HttpServletResponse response,
                     org.springframework.security.core.AuthenticationException authException)
              throws IOException,
                     javax.servlet.ServletException
        Specified by:
        commence in interface org.springframework.security.web.AuthenticationEntryPoint
        Overrides:
        commence in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
        Throws:
        IOException
        javax.servlet.ServletException

      • determineUrlToUseForThisRequest

        protected String determineUrlToUseForThisRequest​(javax.servlet.http.HttpServletRequest request,
                                                 javax.servlet.http.HttpServletResponse response,
                                                 org.springframework.security.core.AuthenticationException exception)
        Overrides:
        determineUrlToUseForThisRequest in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

      • getRedirectResolver

        public org.springframework.security.oauth2.provider.endpoint.RedirectResolver getRedirectResolver()

      • getClientDetailsService

        public org.springframework.security.oauth2.provider.ClientDetailsService getClientDetailsService()

      • getRedirectStrategy

        public org.springframework.security.web.RedirectStrategy getRedirectStrategy()

      • isUseRedirectUriHost

        public boolean isUseRedirectUriHost()

      • setRedirectResolver

        public void setRedirectResolver​(org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver)

      • setClientDetailsService

        public void setClientDetailsService​(org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService)

      • setRedirectStrategy

        public void setRedirectStrategy​(org.springframework.security.web.RedirectStrategy redirectStrategy)

      • setUseRedirectUriHost

        public void setUseRedirectUriHost​(boolean useRedirectUriHost)