Package com.broadleafcommerce.auth.user.session

Interface StatelessUtil

  • All Known Implementing Classes:
    StatelessUtilImpl
    public interface StatelessUtil
    Utility for JWT-based cookies - specifically those intended to drive stateless behavior, such as stateless sessions.
    Author:
    Jeff Fischer

    • Method Detail

      • getSessionToken

        OAuth2SessionToken getSessionToken​(String clientId,
                                   String userId,
                                   String subject,
                                   Map<String,​Object> additionalClaims)
        Creates a OAuth2SessionToken for the provided client ID and subject with the set of additional claims.
        Parameters:
        clientId - the client ID
        userId -
        subject - the user subject
        additionalClaims - the additional session claims
        Returns:

      • getClientId

        String getClientId​(String savedRequestToken)

      • getCookieClaims

        Map<String,​Object> getCookieClaims​(String cookieValue)
        Get a Map of the claims from a SignedJWT cookie. The values of the map are Base64 encoded.
        Parameters:
        cookieValue -
        Returns:

      • getRemoveSessionCookie

        @Deprecated
javax.servlet.http.Cookie getRemoveSessionCookie​(String clientId)
        Deprecated.
        in favor of getSessionRemovalCookie(String)
        Create a cookie that can be passed to the response to clear any existing session cookie in the browser.
        Parameters:
        clientId -
        Returns:
        the newly created cookie

      • getSessionCookie

        org.springframework.http.ResponseCookie getSessionCookie​(OAuth2SessionToken sessionToken)
        Gets a ResponseCookie for the OAuth2SessionToken.
        Parameters:
        sessionToken - the session token
        Returns:
        the session cookie

      • getSessionRemovalCookie

        org.springframework.http.ResponseCookie getSessionRemovalCookie​(String clientId)
        Gets a ResponseCookie for the removal of the session cookie.
        Parameters:
        clientId - the client ID
        Returns:
        the session removal cookie

      • getSavedRequestCookie

        @Deprecated
javax.servlet.http.Cookie getSavedRequestCookie​(String requestUrl,
                                                String redirectUrl)
        Deprecated.
        since 1.6, replaced by createSavedRequestCookie(String, String)
        Create a cookie containing a JWT token identifying an originating request url and a redirect url. This information is used to forward the user to an authentication url. Once authenticated, the original request is completed.
        Parameters:
        requestUrl - the original request (e.g. /oauth/authorize)
        redirectUrl - the uri to redirect to for authentication (e.g. /login)
        Returns:
        a newly created session cookie

      • createSavedRequestCookie

        org.springframework.http.ResponseCookie createSavedRequestCookie​(String requestUrl,
                                                                 String redirectUrl)
        Create a cookie containing a JWT token identifying an originating request url and a redirect url. This information is used to forward the user to an authentication url. Once authenticated, the original request is completed.
        Parameters:
        requestUrl - the original request (e.g. /oauth/authorize)
        redirectUrl - the uri to redirect to for authentication (e.g. /login)
        Returns:
        a newly created session cookie

      • getSavedRequestJwt

        String getSavedRequestJwt​(String requestUrl,
                          String redirectUrl)

      • getRemoveSavedRequestCookie

        @Deprecated
javax.servlet.http.Cookie getRemoveSavedRequestCookie()
        Deprecated.
        since 1.6, replaced by createSavedRequestRemovalCookie()
        Create a cookie that can be passed to the response to clear any existing saved request cookie in the browser.
        Returns:
        the newly created cookie

      • createSavedRequestRemovalCookie

        org.springframework.http.ResponseCookie createSavedRequestRemovalCookie()
        Create a cookie that can be passed to the response to clear any existing saved request cookie in the browser.
        Returns:
        the newly created cookie
        See Also:
        createSavedRequestCookie(String, String)

      • verify

        com.nimbusds.jwt.SignedJWT verify​(String token)
        Verify the signature of a signed JWT inside a cookie
        Parameters:
        token - the cookie to verify
        Returns:
        a verified and signed JWT token, or null if the given cookie has no value

      • generateSignedJwt

        com.nimbusds.jwt.SignedJWT generateSignedJwt​(@Nullable
                                             String subject,
                                             @Nullable
                                             Map<String,​Object> claims,
                                             @Nullable
                                             Long expiresInSeconds)
        Generate a signed JWT with issuer and audience values as well as optional additional claims.
        Parameters:
        subject - The subject of the JWT
        claims - Additional claims to add to the JWT
        Returns:
        A signed JWT

      • getSessionCookieName

        String getSessionCookieName​(String clientId)
        Get the standard name for a session cookie
        Parameters:
        clientId -
        Returns:
        the cookie name used to store the session
        See Also:
        #getSessionCookie(String, String)

      • getIssuer

        String getIssuer()

      • getRemovalCookie

        org.springframework.http.ResponseCookie getRemovalCookie​(javax.servlet.http.Cookie cookieToRemove)
        Returns a removal cookie for any arbitrary cookie.
        Parameters:
        cookieToRemove - The cookie to target for removal
        Returns:
        A cookie that may be set on an HttpServletResponse to remove the supplied cookie.