Class DefaultClientDetailsService
java.lang.Object
com.broadleafcommerce.auth.user.service.DefaultClientDetailsService
- All Implemented Interfaces:
org.springframework.security.oauth2.provider.ClientDetailsService
public class DefaultClientDetailsService
extends Object
implements org.springframework.security.oauth2.provider.ClientDetailsService
- Author:
- Nick Crum (ncrum)
-
Constructor Summary
ConstructorDescriptionDefaultClientDetailsService
(AuthorizedClientService<AuthorizedClient> authorizedClientService) Deprecated, for removal: This API element is subject to removal in a future version.since 1.8.0.DefaultClientDetailsService
(AuthorizedClientService<AuthorizedClient> authorizedClientService, TokenProperties tokenProperties) -
Method Summary
Modifier and TypeMethodDescriptionprotected Set<org.springframework.security.core.GrantedAuthority>
expandAllAuthorities
(Collection<org.springframework.security.core.GrantedAuthority> initialAuthorities) protected AuthorizedClientService<AuthorizedClient>
protected TokenProperties
protected boolean
org.springframework.security.oauth2.provider.ClientDetails
loadClientByClientId
(String clientId) protected org.springframework.security.oauth2.provider.ClientDetails
withExpandedAuthorities
(org.springframework.security.oauth2.provider.ClientDetails clientDetails) Expands the set of authorities to include any scopes derived from thePermissionScope
domain.protected AuthorizedClient
If this client has any relative URLs in itsAuthorizedClient.getRedirectUris()
, this method will get the base URL for the client's tenant or application.
-
Constructor Details
-
DefaultClientDetailsService
@Deprecated(forRemoval=true) public DefaultClientDetailsService(AuthorizedClientService<AuthorizedClient> authorizedClientService) Deprecated, for removal: This API element is subject to removal in a future version. -
DefaultClientDetailsService
public DefaultClientDetailsService(AuthorizedClientService<AuthorizedClient> authorizedClientService, TokenProperties tokenProperties)
-
-
Method Details
-
loadClientByClientId
public org.springframework.security.oauth2.provider.ClientDetails loadClientByClientId(String clientId) throws org.springframework.security.oauth2.provider.ClientRegistrationException - Specified by:
loadClientByClientId
in interfaceorg.springframework.security.oauth2.provider.ClientDetailsService
- Throws:
org.springframework.security.oauth2.provider.ClientRegistrationException
-
withResolvedRelativeRedirectUris
If this client has any relative URLs in itsAuthorizedClient.getRedirectUris()
, this method will get the base URL for the client's tenant or application. Each relative redirect URI will then be added to the path of the resolved base URL, and this new absolute URL will replace the original relative value.If resolution of the base URL fails, or if the value is not absolute even after being appended to the base, the relative URL will be removed from the
AuthorizedClient.getRedirectUris()
(just in the given POJO - the data store is not updated). This ensures the OAuth specification's requirement of absolute redirect URIs is preserved for security.- Parameters:
client
- the client for which to prepend application/tenant URL to relative redirect URIs- Returns:
- the client after replacing its redirect URIs with absolute values
-
withExpandedAuthorities
protected org.springframework.security.oauth2.provider.ClientDetails withExpandedAuthorities(org.springframework.security.oauth2.provider.ClientDetails clientDetails) Expands the set of authorities to include any scopes derived from thePermissionScope
domain. This ensures thatOAuth2RequestFactory
is able to validate the requested scopes are valid for theseClientDetails
.- Parameters:
clientDetails
- the client details- Returns:
- the client details with scopes as authorities
- See Also:
-
expandAllAuthorities
protected Set<org.springframework.security.core.GrantedAuthority> expandAllAuthorities(Collection<org.springframework.security.core.GrantedAuthority> initialAuthorities) Allows aClientDetails
to include aGrantedAuthority
prefixed withPermissionType.ALL
.This method expands any
GrantedAuthority
prefixed byPermissionType.ALL
into variousPermissionType
such asPermissionType.READ
orPermissionType.CREATE
. The full set can be found inPermissionUtils.expandAllPermission(String)
.- Parameters:
initialAuthorities
- the initial set of authorities without expandedPermissionType.ALL
authorities- Returns:
- authorities with additional authorities coming from expanded
PermissionType.ALL
authorities
-
isExplodePermissions
protected boolean isExplodePermissions() -
getAuthorizedClientService
-
getTokenProperties
-