Package com.broadleafcommerce.auth.user.session.token.enhancer

Class RegisteredClaimsTokenEnhancer

java.lang.Object

com.broadleafcommerce.auth.user.session.token.enhancer.RegisteredClaimsTokenEnhancer

All Implemented Interfaces:

org.springframework.security.oauth2.provider.token.TokenEnhancer

public class RegisteredClaimsTokenEnhancer
extends Object
implements org.springframework.security.oauth2.provider.token.TokenEnhancer

Token enhancer that adds several registered JWT claims, such as issuer and audience, as well as a non-standard "max" claim that determines the maximum lifetime of a token.

The max claim differs from "exp" in that it determines the maximum lifetime of a session. The default is 720 minutes (12 hours), but this may be configured via the property broadleaf.auth.session.maxDurationMinutes

Author:

Samarth Dhruva (samarthd)

Constructor Summary

Constructors

Constructor	Description
RegisteredClaimsTokenEnhancer(String issuer, List<String> audiences)
RegisteredClaimsTokenEnhancer(String issuer, List<String> audiences, int maxSessionDurationMinutes)

Method Summary

Modifier and Type	Method	Description
org.springframework.security.oauth2.common.OAuth2AccessToken	enhance(org.springframework.security.oauth2.common.OAuth2AccessToken accessToken, org.springframework.security.oauth2.provider.OAuth2Authentication authentication)	Places various claims into the additional information of the access token, including the issuer, audience, and max lifetime.
protected List<String>	getAudiences()
protected String	getIssuer()
protected Duration	getMaxSessionDurationMinutes()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

RegisteredClaimsTokenEnhancer

public RegisteredClaimsTokenEnhancer(String issuer,
 List<String> audiences,
 int maxSessionDurationMinutes)

RegisteredClaimsTokenEnhancer

public RegisteredClaimsTokenEnhancer(String issuer,
 List<String> audiences)

Method Details

enhance

public org.springframework.security.oauth2.common.OAuth2AccessToken enhance(org.springframework.security.oauth2.common.OAuth2AccessToken accessToken,
 org.springframework.security.oauth2.provider.OAuth2Authentication authentication)

Places various claims into the additional information of the access token, including the issuer, audience, and max lifetime.

Do note that "oauth2-resource" is placed into the audience claim, as OAuth2AuthenticationManager.authenticate(Authentication) explicitly checks for its presence as a resourceId when processing requests.

Specified by:

enhance in interface org.springframework.security.oauth2.provider.token.TokenEnhancer

getIssuer

protected String getIssuer()

getAudiences

protected List<String> getAudiences()

getMaxSessionDurationMinutes

protected Duration getMaxSessionDurationMinutes()