Package com.broadleafcommerce.auth.user.session

Class StatelessUtilImpl

    • Method Detail

      • getSessionTokenClaims

        protected com.nimbusds.jwt.JWTClaimsSet getSessionTokenClaims​(String clientId,
                                                              String userId,
                                                              String subject,
                                                              @NonNull
                                                              Map<String,​Object> additionalClaims)

      • generateSignedJwt

        public com.nimbusds.jwt.SignedJWT generateSignedJwt​(@Nullable
                                                    String subject,
                                                    @Nullable
                                                    Map<String,​Object> claims,
                                                    @Nullable
                                                    Long expiresInSeconds)
        Description copied from interface: StatelessUtil
        Generate a signed JWT with issuer and audience values as well as optional additional claims.
        Specified by:
        generateSignedJwt in interface StatelessUtil
        Parameters:
        subject - The subject of the JWT
        claims - Additional claims to add to the JWT
        Returns:
        A signed JWT

      • getDecodedClaim

        protected String getDecodedClaim​(javax.servlet.http.Cookie savedRequestCookie,
                                 String claim,
                                 String errorMessage)

      • getRemoveSessionCookie

        public javax.servlet.http.Cookie getRemoveSessionCookie​(String clientId)
        Description copied from interface: StatelessUtil
        Create a cookie that can be passed to the response to clear any existing session cookie in the browser.
        Specified by:
        getRemoveSessionCookie in interface StatelessUtil
        Returns:
        the newly created cookie

      • getSessionRemovalCookie

        public org.springframework.http.ResponseCookie getSessionRemovalCookie​(String clientId)
        Description copied from interface: StatelessUtil
        Gets a ResponseCookie for the removal of the session cookie.
        Specified by:
        getSessionRemovalCookie in interface StatelessUtil
        Parameters:
        clientId - the client ID
        Returns:
        the session removal cookie

      • getSessionSameSiteAttribute

        protected String getSessionSameSiteAttribute​(AuthorizationServer authorizationServer)
        Gets the SameSite attribute value for the session cookie. This method should return one of the following values: "None", "Lax", or "Strict".

        Learn more about the SameSite attribute at: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

        Parameters:
        authorizationServer - the authorization server
        Returns:
        the SameSite attribute value

      • getSavedRequestCookie

        public javax.servlet.http.Cookie getSavedRequestCookie​(String requestUrl,
                                                       String redirectUrl)
        Description copied from interface: StatelessUtil
        Create a cookie containing a JWT token identifying an originating request url and a redirect url. This information is used to forward the user to an authentication url. Once authenticated, the original request is completed.
        Specified by:
        getSavedRequestCookie in interface StatelessUtil
        Parameters:
        requestUrl - the original request (e.g. /oauth/authorize)
        redirectUrl - the uri to redirect to for authentication (e.g. /login)
        Returns:
        a newly created session cookie

      • createSavedRequestCookie

        public org.springframework.http.ResponseCookie createSavedRequestCookie​(String requestUrl,
                                                                        String redirectUrl)
        Description copied from interface: StatelessUtil
        Create a cookie containing a JWT token identifying an originating request url and a redirect url. This information is used to forward the user to an authentication url. Once authenticated, the original request is completed.
        Specified by:
        createSavedRequestCookie in interface StatelessUtil
        Parameters:
        requestUrl - the original request (e.g. /oauth/authorize)
        redirectUrl - the uri to redirect to for authentication (e.g. /login)
        Returns:
        a newly created session cookie

      • getSameSiteAttributeForSavedRequestCookie

        protected String getSameSiteAttributeForSavedRequestCookie()
        Gets the SameSite attribute value to use for the saved request cookies (createSavedRequestCookie(String, String) and createSavedRequestRemovalCookie()). This method should return one of the following values: "None", "Lax", or "Strict".

        Learn more about the SameSite attribute at: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

        Returns:
        the SameSite attribute value to use for the saved request cookies

      • getRemoveSavedRequestCookie

        public javax.servlet.http.Cookie getRemoveSavedRequestCookie()
        Description copied from interface: StatelessUtil
        Create a cookie that can be passed to the response to clear any existing saved request cookie in the browser.
        Specified by:
        getRemoveSavedRequestCookie in interface StatelessUtil
        Returns:
        the newly created cookie

      • verify

        public com.nimbusds.jwt.SignedJWT verify​(String token)
        Description copied from interface: StatelessUtil
        Verify the signature of a signed JWT inside a cookie
        Specified by:
        verify in interface StatelessUtil
        Parameters:
        token - the cookie to verify
        Returns:
        a verified and signed JWT token, or null if the given cookie has no value

      • getSessionCookieName

        public String getSessionCookieName​(String clientId)
        Description copied from interface: StatelessUtil
        Get the standard name for a session cookie
        Specified by:
        getSessionCookieName in interface StatelessUtil
        Returns:
        the cookie name used to store the session
        See Also:
        #getSessionCookie(String, String)

      • getRemovalCookie

        public org.springframework.http.ResponseCookie getRemovalCookie​(javax.servlet.http.Cookie cookieToRemove)
        Description copied from interface: StatelessUtil
        Returns a removal cookie for any arbitrary cookie.
        Specified by:
        getRemovalCookie in interface StatelessUtil
        Parameters:
        cookieToRemove - The cookie to target for removal
        Returns:
        A cookie that may be set on an HttpServletResponse to remove the supplied cookie.

      • entityMissing

        protected Supplier<? extends com.broadleafcommerce.data.tracking.core.exception.EntityMissingException> entityMissing​(String msg)