Package com.broadleafcommerce.auth.user.session

Class SecurityServiceAccessTokenConverter

java.lang.Object
org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter
com.broadleafcommerce.auth.user.session.SecurityServiceAccessTokenConverter
All Implemented Interfaces:
org.springframework.security.oauth2.provider.token.AccessTokenConverter
public class SecurityServiceAccessTokenConverter extends org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter
Converts the access token using the defaults within DefaultAccessTokenConverter and then extracts the narrowed set of permissions using SecurityService.extractPermissions(Set) in order to restrict the set of delegated authorities to the set of requested scopes.
Author:
Nick Crum (ncrum), Jeff Fischer, Phillip Verheyden (phillipuniverse)

  • Field Summary

    Fields inherited from interface org.springframework.security.oauth2.provider.token.AccessTokenConverter

    ATI, AUD, AUTHORITIES, CLIENT_ID, EXP, GRANT_TYPE, JTI, SCOPE

  • Constructor Summary

    Constructors
    Constructor
    Description
    SecurityServiceAccessTokenConverter(SecurityService securityService)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    Map<String,?>
    convertAccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken token, org.springframework.security.oauth2.provider.OAuth2Authentication authentication)
     
    org.springframework.security.oauth2.provider.OAuth2Authentication
    extractAuthentication(Map<String,?> map)
    If an account claim is in the given map, add that claim as a request parameter.

    Methods inherited from class org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter

    extractAccessToken, setClientIdAttribute, setIncludeGrantType, setScopeAttribute, setUserTokenConverter

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • SecurityServiceAccessTokenConverter

      public SecurityServiceAccessTokenConverter(SecurityService securityService)

  • Method Details

    • convertAccessToken

      public Map<String,?> convertAccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken token, org.springframework.security.oauth2.provider.OAuth2Authentication authentication)
      Specified by:
      convertAccessToken in interface org.springframework.security.oauth2.provider.token.AccessTokenConverter
      Overrides:
      convertAccessToken in class org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter

    • extractAuthentication

      public org.springframework.security.oauth2.provider.OAuth2Authentication extractAuthentication(Map<String,?> map)
      If an account claim is in the given map, add that claim as a request parameter.
      Specified by:
      extractAuthentication in interface org.springframework.security.oauth2.provider.token.AccessTokenConverter
      Overrides:
      extractAuthentication in class org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter
      Parameters:
      map - information decoded from an access token
      Returns:
      an authentication representing the client and user (if there is one)