Package com.broadleafcommerce.auth.user.service

Class DefaultClientDetailsService

java.lang.Object
com.broadleafcommerce.auth.user.service.DefaultClientDetailsService
All Implemented Interfaces:
org.springframework.security.oauth2.provider.ClientDetailsService
public class DefaultClientDetailsService extends Object implements org.springframework.security.oauth2.provider.ClientDetailsService
Author:
Nick Crum (ncrum)

  • Constructor Details

  • Method Details

    • loadClientByClientId

      public org.springframework.security.oauth2.provider.ClientDetails loadClientByClientId(String clientId) throws org.springframework.security.oauth2.provider.ClientRegistrationException
      Specified by:
      loadClientByClientId in interface org.springframework.security.oauth2.provider.ClientDetailsService
      Throws:
      org.springframework.security.oauth2.provider.ClientRegistrationException

    • withResolvedRelativeRedirectUris

      protected AuthorizedClient withResolvedRelativeRedirectUris(AuthorizedClient client)
      If this client has any relative URLs in its AuthorizedClient.getRedirectUris(), this method will get the base URL for the client's tenant or application. Each relative redirect URI will then be added to the path of the resolved base URL, and this new absolute URL will replace the original relative value.

      If resolution of the base URL fails, or if the value is not absolute even after being appended to the base, the relative URL will be removed from the AuthorizedClient.getRedirectUris() (just in the given POJO - the data store is not updated). This ensures the OAuth specification's requirement of absolute redirect URIs is preserved for security.

      Parameters:
      client - the client for which to prepend application/tenant URL to relative redirect URIs
      Returns:
      the client after replacing its redirect URIs with absolute values

    • withExpandedAuthorities

      protected org.springframework.security.oauth2.provider.ClientDetails withExpandedAuthorities(org.springframework.security.oauth2.provider.ClientDetails clientDetails)
      Expands the set of authorities to include any scopes derived from the PermissionScope domain. This ensures that OAuth2RequestFactory is able to validate the requested scopes are valid for these ClientDetails.
      Parameters:
      clientDetails - the client details
      Returns:
      the client details with scopes as authorities
      See Also:

    • expandAllAuthorities

      protected Set<org.springframework.security.core.GrantedAuthority> expandAllAuthorities(Collection<org.springframework.security.core.GrantedAuthority> initialAuthorities)
      Allows a ClientDetails to include a GrantedAuthority prefixed with PermissionType.ALL.

      This method expands any GrantedAuthority prefixed by PermissionType.ALL into various PermissionType such as PermissionType.READ or PermissionType.CREATE. The full set can be found in PermissionUtils.expandAllPermission(String).

      Parameters:
      initialAuthorities - the initial set of authorities without expanded PermissionType.ALL authorities
      Returns:
      authorities with additional authorities coming from expanded PermissionType.ALL authorities

    • isExplodePermissions

      protected boolean isExplodePermissions()

    • getAuthorizedClientService

      protected AuthorizedClientService<AuthorizedClient> getAuthorizedClientService()

    • getTokenProperties

      protected TokenProperties getTokenProperties()