All Classes and Interfaces
Class
Description
AbstractAuthenticationStrategyDelegate<T extends org.springframework.security.core.Authentication>
Properties can be updated at runtime (ex: from Broadleaf Config Server), and therefore it is
important that all components who need a particular signing/verification key are using an
instance that matches the latest property value for that key.
Abstract
AuthenticationStrategyDelegate
for converting OAuth2AuthenticationToken
to OAuth2UserDetails
.Implementation of
JwtAccessTokenEnhancer
that has a request scoped UserContext that
contains the current user to avoid repeated database reads.Contains constants that are used as keys for token claims for access tokens in
JwtAccessTokenEnhancers
.General cross-cutting claims.
Common functionality for evaluating account access
Responsible for validating and adding the "acct_id" claim to the token.
Exception thrown when an attempt reset password is blocked due to a user account being locked.
Spring cloud data channel description for messaging input.
Listens to
AccountMemberRoleChangeRequest
messages and delegates them to the
AccountMemberRoleChangeRequestHandler
.Data about AccountMember role updates.
Handles
AccountMemberRoleChangeRequest
.Methods to read and update
AccountRoles
.Spring cloud data channel description for messaging input.
Listens to
CustomerAccountUpdateRequest
messages and delegates them to the
AccountUpdateRequestHandler
.Handle
CustomerAccountUpdateRequest
messages.Specific messaging contract for sending in admin permission updates.
Spring cloud data channel description for messaging input.
Handles messages from the Persistence channel for
AdminPermission
data to update
UserPermission
.Specific messaging contract for permission references by entities.
Specific messaging contract for restricted permission references by entities.
Specific messaging contract for restricted role references by entities.
Specific messaging contract for restriction references by entities.
Specific messaging contract for sending in admin role updates.
Spring cloud data channel description for messaging input.
Specific messaging contract for role references by entities.
Specific messaging contract for sending in user updates.
Spring cloud data channel description for messaging input.
Utility methods for the OAuth 2.0 Configurers.
Token generator for refresh tokens.
Perform token re-use detection.
Projection domain representing a subset of information provided by
Application
.A DTO intended to hold just the applicationId of a user-application relationship.
Handle persistence operations related to
Applications
Perform CRUD operations using the
Application
projection domain.Supply the anonymization related endpoint to the service.
Controls anonymization behavior for the auth service
Properties that influence cache settings for the auth service
Properties used for encrypted columns.
Spring cloud data channel description for messaging input.
Handles messages from the Persistence channel for other services that can impact the data in the
authentication service, such as roles, permissions, and users.
Spring Boot default property overrides for this service
A message event dispatched after authentication events occur.
Class used for mapping an exception to a redirect URI.
Default
AuthenticationEvent
message typesUsed by the
DefaultSessionAuthenticationStrategy
to convert Authentication
from
various sources into OAuth2UserDetails
.General exception handler registry for handlers not exclusive to a single controller.
Responsible for configuring the setup for internationalization support.
A
JwtAccessTokenEnhancer
to add the "authorities"
claim.Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see
auth.starter.required.data.changelog.xml)
Configuration properties for
AuthorizationRequestRepository
/BroadleafAuthorizationRequestRepository
.A holder for
OAuth2AuthorizationRequest
data, with a field for the Broadleaf Client IdAn authorization server responsible for authenticating users.
Used in
SpringAuthorizationServerComponentsConfiguration
to add various authentication
filters to the authorization server security filter chain.Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see
auth.starter.required.data.changelog.xml)
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see
auth.starter.required.data.changelog.xml)
Properties configuring the behavior of
ContentSecurityPolicyConfigurer
.Represents the configuration for a particular 'directive' (ex: should 'default-src' be
provided, and what should its value be?).
If enabled, this should be the value to use for the directive.
Service interface for managing authorization servers.
Used in
SpringAuthorizationServerComponentsConfiguration
to customize the
OAuth2TokenGenerator
.This is used to persist a
RegisteredClient
which AuthenticationServices recognizes as
registered with itself in its capacity as an authorization server.Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see
auth.starter.required.data.changelog.xml)
Validator targeting
AuthorizationServer
Service interface for managing
AuthorizedClient
.
Spring cloud data channel description for messaging input.
Configuration properties for special behavior on user registration.
Web configuration for the resource side of the auth server
Service responsible for creating
authorization servers
and
clients
when a new application
is created.Validator targeting
AuthorizationServer
Configuration for engaging default Broadleaf support for Apache Ignite cache
Auth-specific configuration for entity validations.
Configures the common service layer that applies to both the resource and authorization server
concerns
Autoconfiguration for the username/password login functionality
Handler for the
AuthPersistenceConsumer
channel that specializes in replicating persisted
Application
domain information
into a subset of that information embodied in the Application
domain.Customization of default translation post mapper member to support translations in auth.
Simple implementation of a
SavedRequest
.Save and load
OAuth2AuthorizationRequest
from a cookie.This enhances the
ClientRegistrationRepository
interface to enable users to get all
ClientRegistrations at once.This is added to the
OAuth2LoginAuthenticationToken
and used by the
DefaultSessionAuthenticationStrategy
to create cookies after authentication.Classes that implement this interface will be exposed to the Thymeleaf expression evaluation
context.
Represents the data needed to send a notification after an account user submits a cart requiring
approval.
Represents a summary of an Approver User.
Spring cloud data channel description for messaging input.
Component responsible for handling
CartApprovalRequestEvents
.Spring cloud data channel description for messaging output.
This form backs the change password HTML form as a DTO.
Validator that runs through the fields in the
ChangePasswordForm
and ensures correctness.Represents a request to remove a customer segment from multiple users.
Endpoint used for the discovery of authorized client details.
Properties for configuring identity providers for different clients, i.e., admin or commerce
client, during a user authorization flow.
This filter helps with the 3rd Party OAuth Server functionality, where this app is acting as an
OAuth2 Client to a 3rd party OAuth service.
This
JwtAccessTokenEnhancer
determines the set of all permissions available to a
client-only principal specified in the given JwtTokenEnhancerContext
.Service used for returning redirects for a client and/or server
This service is intended to provide
OAuthClientRegistrationWrapper
objects built from
OAuth2ClientProperties
defined through application properties.Provides claims "restrictions" and "restricted_authorities".
Indicates that a request was missing a client ID, the client could not be found, or the client
does not allow the type of request received.
Establishes the default
PkceParameterNames.CODE_CHALLENGE_METHOD
(CodeChallengeMethod.S256
) when
PkceParameterNames.CODE_CHALLENGE
is specified and no challenge method is provided.Responsible for configuring Content Security Policy (CSP) for
SecurityAutoConfiguration
.This interface is intended to encapsulate functionality for accessing client id and tenant id
from the request context.
Utility class to assist with storing and retrieving request parameters from request attributes.
Alternative storage mechanism for an original destination before being redirected for login.
Basic cookie functionality shared by
DefaultOAuth2AuthorizedClientRepository
and
BroadleafAuthorizationRequestRepository
A subset of customer information that we're concerned with from Customer Service.
Links an account id to its parent account id.
Endpoint for reading account roles from a customer facing perspective.
Service for managing
CustomerAccounts
.Data about the account status change
Enhances tokens with the "customer_context_ids" claim.
Enhances a token with the IDs of CustomerSegments that the User is a member of if they are
present in the User attributes map.
Support persistence functions for
JpaOAuth2Authorization
.Additional functionality necessary for
RoleRepository
.Additional functionality necessary for
UserPermissionRepository
.Additional functionality necessary for
UserRepository
.Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see
auth.starter.required.data.changelog.xml)
Respond to
AccountMemberRoleChangeRequest
to update User roles when an Account Member's
roles are updated.DefaultAccountRoleService<P extends AccountRole,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
Process an
CustomerAccountUpdateRequest
to respond to updates of an account's status or
parent.DefaultApplicationService<P extends Application,D extends com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable & com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware>
A camel cluster service instance that will periodically execute
CustomizedOAuth2AuthorizationRepository.cleanupBatch(String)
calls against the datastore.DefaultAuthorizationServerService<P extends AuthorizationServer,D extends com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable & com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware>
DefaultAuthorizedClientService<P extends AuthorizedClient,D extends com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable & com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware>
Default authorization server properties to use when creating an authorization server and
authorized clients.
Provides
ClientRegistration
objects to the OAuth2 Client beans.This service provides
OAuthClientRegistrationWrapper
objects built from
OAuth2ClientProperties
defined through application properties.Leverages
OAuth2AuthorizationCodeRequestAuthenticationToken
to create an
OAuth2AuthorizationCodeRequestAuthenticationToken
from the request.Leverages the
OAuth2ClientCredentialsAuthenticationConverter
to create an
OAuth2ClientCredentialsAuthenticationToken
from the request.DefaultCustomerAccountService<P extends CustomerAccount,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
Default implementation of
ImpersonationRequestValidator
that validates that the CSR has
authority to impersonate, the impersonated target exists, and that the impersonated target has
chosen to allow impersonation.An
OAuth2TokenCustomizer
for JwtEncodingContext
that delegates to a list of
JwtAccessTokenEnhancers
.Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see
auth.starter.required.data.changelog.xml)
Authorization Code Request validator that does not validate scopes.
Implementation of Spring's
OAuth2AuthorizationService
for datastore persistence of
OAuth2Authorization
instances.This service stores an
OAuth2AuthorizedClient
as a Base64 encoded value in a cookie.This class holds the necessary fields for saving and loading
OAuth2AuthorizedClient
.Filter capable of adding default values for one or more OAuth2 related request params.
Manipulate request params supplied to the application.
An
OAuth2SessionToken
that holds the claims within a HashMap
.An
OAuth2UserDetailsService
implementation that uses the UserService
for loading
users by clientId and username.Provides a
BroadleafOAuthClientAuthenticationDetails
to the
OAuth2LoginAuthenticationFilter
during authentication.DefaultOAuthClientRegistrationPersistenceService<P extends OAuthClientRegistrationWrapper,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
Interacts with the
OAuthClientRegistrationRepository
to read domain objects and map them
to the projection OAuthClientRegistrationWrapper
Basic implementation that will try to handle any
OAuth2AuthenticationToken
.DefaultPasscodeService<P extends PasswordToken,U extends User,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
Default implementation of
PasswordGenerator
.Note - ensure to keep
DefaultPasswordGenerator
aligned with any changes to validation
here.An intermediary data structure used internally by
PrivilegeService
to hold all the
restrictions, flat permissions, restricted roles, and restricted permissions of a user entity
and permissions from a server entity
to prevent
querying the data multiple times.Implements
RegisteredClientRepository
through interactions with
AuthorizedClientService
and converts between RegisteredClient
and
AuthorizedClient
.Methods for filtering scopes and permissions from what is accessible to what is requested or
relevant.
This is used to set the session cookie after successful authentication.
DefaultUserLoginAttemptService<P extends UserLoginAttempt,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
DefaultUserPasswordService<P extends PasswordToken,U extends User,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
DefaultUserPermissionService<P extends UserPermission,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
DefaultUserRoleService<P extends UserRole,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
DefaultUserService<P extends User,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
Default user types managed within this service
Responsible for configuring dispatcher type authorization in
SecurityAutoConfiguration
.JWKSource
is used by components like NimbusJwtEncoder
to obtain JWK
instances for operations.This serves as a
WebApplicationContext.SCOPE_REQUEST
bean to hold a stable, consistent
value for public and private keys during a request lifecycle.This is a special 'smart key' bean that will always present the latest private key for
AuthenticationServices based on
AuthorizationServerProperties.OAuth2.getEncodedPrivateKey()
.This is a special 'smart key' bean that will always present the latest public key for
AuthenticationServices based on
AuthorizationServerProperties.OAuth2.getEncodedPublicKey()
.Customizer for an
HttpSecurity
to be applied before the default authentication security
filter chain in AuthenticationSecurityConfiguration's
security chain.Customizer for an
HttpSecurity
to be applied before the default configuration in
SpringAuthorizationServerSecurityConfiguration's
security filter chain.Represents a request to get an email with a link to reset a user's password.
Responsible for adding the
EmbeddedLoginAuthenticationFilter
to the authentication
security filter chain in SecurityAutoConfiguration
.Processes an authentication form submission from an embedded login form.
An
AuthenticationProvider
that retrieves OAuth2UserDetails
from a
OAuth2UserDetailsService
for use with embedded login.Writes a One-Time Passcode to the response on Embedded Login success.
An
Authentication
implementation that is designed for simple presentation of an OAuth2
clientId, username, and password.Convert a web request and parameters to
EmbeddedLoginCodeAuthenticationToken
.Authenticates the user for the
OAuth2TokenEndpointFilter
based on a one-time passcode parameter.Authentication Request Token for the
OAuth2TokenEndpointFilter
when using Embedded Login.Indicates that there was an attempt to login a user using embedded login when the
AuthorizationServer
receiving the request did not allow embedded login.Thrown if there is a problem writing the One-Time Passcode to the embedded login response.
REST controller for supporting embedded registration.
Indicates that there was an attempt to register a user using embedded registration when the
AuthorizationServer
receiving the request did not allow embedded registration.Converter used to encrypt a string when persisted and decrypt it when read.
Runs as a Liquibase change set.
The default implementation of
TenantUrlResolver
, which makes external calls to the tenant
service for URL resolution of applications and tenant admins.Properties used by
ExternalTenantUrlResolver
to determine the paths at which to make
requests for admin and application URL resolution.Processes an authentication form submission for an OAuth2 Authorization Server for Universal
Login.
An
AuthenticationProvider
that retrieves OAuth2UserDetails
from a
OAuth2UserDetailsService
for use with Universal Login.An
Authentication
implementation that is designed for simple presentation of an OAuth2
clientId, username, and password.Maps
OAuth2AuthenticationToken
from Github to OAuth2UserDetails
.Maps
OAuth2AuthenticationToken
from Google to OAuth2UserDetails
.A
JwtAccessTokenEnhancer
that copies claims from the current CSR's session token.Strategy for enhancing an
OAuth2SessionToken
claims before it is stored as an HTTP-only
cookie.The initial impersonation request.
The values resolved from an
ImpersonationRequest
after redirect and token validation.Validation interface for validation the impersonation of a user in the
ImpersonationEndpoint
.Service providing various methods related to the impersonation flow.
Exception that is thrown in the event that some operation is being performed with a user, but the
application context is incompatible.
Exception that is thrown when an invalid application ID is supplied in an operation involving the
user-application relationship.
Exception thrown when attempting to archive or delete a
UserRole
which has descendants
still pointing to it as a parent.An entity holding information about an application registered via the tenant service
Handle persistence operations related to
JpaApplication
Additional functionality necessary for
JpaRoleRepository
.Additional functionality necessary for
JpaUserPermissionRepository
.Domain supporting Spring's
OAuth2Authorization
persistence.Setup components for dealing with
OAuth2Authorization
JPA persistence.Component responsible for computing the 'hash' values for certain fields on
JpaOAuth2Authorization
.Handle persistence of
JpaOAuth2Authorization
, which is the counterpart for Spring's
OAuth2Authorization
.JPA Representation of a
ClientRegistration.ProviderDetails
JPA representation of a
ClientRegistration
with a tenant id.JPA-specific repository for persisted counterparts of
UserRole
.Persisted counterpart for a
User
.Persistent version of
UserHistoricalPassword
.JPA-specific repository for persisted counterparts of
UserPermission
.Indicates classes that can participate in JWT Token customization for access tokens.
A wrapper for
JwtEncodingContext
that includes a map for additional context.Utilities related to token signing keys
Customizer for an
HttpSecurity
to be applied after the default configuration in
AuthenticationSecurityConfiguration's
security chain.Customizer for an
HttpSecurity
to be applied after the default configuration in
SpringAuthorizationServerSecurityConfiguration's
security filter chain.Exception thrown by
AbstractOAuthClientAuthenticationStrategyDelegate
implementations
when a required attribute is missing from OAuth2AuthenticationToken
.Provides a behavior consistent with
http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest.
Handle persistence of Spring's
OAuth2Authorization
.Used in
SpringAuthorizationServerComponentsConfiguration
to customize
OAuth2AuthorizationServerConfigurer
.Configuration properties for
OAuth2AuthorizedClientRepository
/DefaultOAuth2AuthorizedClientRepository
.The sole purpose of this Template Engine is to add the current request's `client_id` param to the
`resolutionAttributes` of the
TemplateSpec
.Copy of the class of the same name from Spring.
Represents a configured identity provider to be shown as a model attribute in a Thymeleaf
template.
Processes an OAuth2 client session
Cookie
to establish an authentication user.An
AuthenticationProvider
that authenticates a user using a
OAuth2SessionAuthenticationToken
.An
Authentication
implementation that is designed for simple presentation of an OAuth2
clientId, and JWT session token.The holder of the claims associated with a user's session.
Configures the
DefaultOAuth2UserDetailsService
which is used for loading
OAuth2UserDetails
by clientId and username.Core interface which loads user-specific data for a certain OAuth2 client.
Beans to support acting as an OAuth Client for 3rd party authentication
Beans to support our custom
ClientRegistrationRepository
backed by
DefaultOAuthClientRegistrationPersistenceService
Configuration to support encrypting entity fields via
EncryptedFieldConverter
.Override of the default
LiquibaseAutoConfiguration.LiquibaseConfiguration
to autowire the
authClientPersistenceKey bean and set it to
EncryptionMigrationTask.setSecretKey(javax.crypto.SecretKey)
.Service responsible for CRUD operations related to
OAuthClientRegistrationWrapper
.A wrapper for
ClientRegistration.ProviderDetails
to allow correspondence with a
persistent version of the same.A non-static wrapper around
ClientRegistrations
used to make testing easier.Wrapper for
ClientRegistration
.Validate that a
OAuthClientRegistrationWrapper
has a registration id, client id, and
client secretHandle retrieval of
OAuth2Authorization
by OID.An
AuthenticationProvider
implementation for the OAuth 2.0 Refresh Token Grant.Handles messages from the Persistence channel, asserting that they contain operation type, id,
and timestamp information.
Thrown when there is an exception during Passcode consumption
This service provides methods for creating and consuming random passcodes.
Can be used for generating passwords.
This validator uses regex to validate new passwords for registration and password resets.
This validator performs various checks on the validity of a password token compared to that of a
set of password tokens that belong to a user.
The result of validating a password against rules defined within
PasswordRequestValidator
Any of the validations that use regex may be "disabled" by changing the regex to match anything:
^.*$
or nothing: ^$
(e.g., for whitespace or repeated characters)Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see
auth.starter.required.data.changelog.xml)
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see
auth.starter.required.data.changelog.xml)
Convenience methods used for processing permissions and authorities
A service that contains various utility functions related to
Restriction
,
RestrictedRole
, and RestrictedPermission
.A data structure used by
DefaultOAuth2UserDetailsService
and PrivilegeService
to
hold all the authorities, restrictions, and restricted authorities of a User
.An authenticator used for OAuth 2.0 Client Authentication, which authenticates the
PkceParameterNames#CODE_VERIFIER code_verifier
parameter.An
AuthenticationProvider
implementation for the OAuth 2.0 Authorization Code Grant.Copy of the class of the same name from Spring.
Attempts to extract the parameters from
HttpServletRequest
used for authenticating public
clients using Proof Key for Code Exchange (PKCE) or refresh token.An
AuthenticationProvider
implementation used for OAuth 2.0 Public Client Authentication,
which authenticates the PkceParameterNames#CODE_VERIFIER code_verifier
parameter, or the
refresh_token
and redirect_uri
parameters.Guarantees an overall unique access token value, even when generated in quick succession
Token enhancer that adds several
registered JWT claims, such as
issuer and audience, as well as a non-standard "max" claim that determines the maximum lifetime
of a token.
Controller for supporting form-based registration for Universal Login.
Intended to be used within a
JsonView
to demarcate which properties are accepted in a
request from external (e.g.Exception to be used when a failure occurs somewhere in the reset password flow for a user.
This form backs the password reset HTML form as a DTO.
Interface for validation of a
ResetPasswordForm
.Intended to be used within a
JsonView
to demarcate which properties serialized in the
response from and endpointRepresent a permission a user has access to only within specific segment(s) of data.
Represent a role a user has access to only within specific segment(s) of data.
A DTO used to represent a restriction on the data in which a user has access.
Revoke refresh token on logout if provided.
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see
auth.starter.required.data.changelog.xml)
Repository for persisted counterparts of
UserRole
.An
AuthenticationProvider
implementation for the OAuth 2.0 Authorization Code Request.An
AuthenticationProvider
implementation for the OAuth 2.0 Client Credential Grant.This is the main security configuration that engages Spring Authorization Server support and the
authentication filters.
This configuration is specifically responsible for enabling authentication-related
components.
This configuration is specifically responsible for enabling Spring Authorization Server and
its related components.
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see
auth.starter.required.data.changelog.xml)
Service used during the authorization flow to assess the privileges of the current user in order
to filter the requested scopes or retrieve the permissions for an access token.
Auto-configuration that registers the
DefaultSecurityService
bean.
Spring cloud data channel description for messaging input.
Handles creation and deletes of customer segment/customer relationships.
Contains constants that are used as keys for token claims for session tokens.
Though these are used in
OAuth2SessionToken
, some of these claims are also used in
access tokens.Implementation of
JpaOAuth2AuthorizationHashValueProvider
that returns a SHA-512 digest
hex string.Configuration for components related to Spring Authorization Server.
Setup components for dealing with
OAuth2Authorization
persistence.Contains properties dictating SSL verification.
Utility for JWT-based cookies - specifically those intended to drive stateless behavior, such as
stateless sessions.
Properties to configure behavior of
StatelessUtil
/StatelessUtilImpl
.Token enhancer to add the values "tenant_access", "application_access", "tenant_id" and
"application_ids" to the token, if they exist.
Responsible for resolving the base URL at which an application or admin is served given the ID of
an application or tenant.
Configuration for the
TenantUrlResolver
.An
ObjectPostProcessor
specifically intended to contribute additional top-level elements
to the token response json.Utility to consolidate common operations performed in
JwtAccessTokenEnhancer
.Configuration properties for refresh token rotation and authorization persistence cleanup
handling.
A generation strategy that generates a ULID for a primary key.
A DTO matching the expected structure of a URL resolution response from the tenant service.
Represents a user which can authenticate with this service.
Endpoint for retrieving information about the currently authenticated user
Token enhancer that puts various relevant user data into the token's claims.
Updates PII fields for the
User
domain.Spring cloud data channel description for messaging input.
Listens to user claims request events and delegates them to the
UserAttributesRequestHandler
.A request DTO to adjust the attributes on a particular
User
.Add additional attributes to a
User
Intended for use as a request scoped bean to be utilized by
AccessTokenEnhancers
that need to read the currently authenticated user.A message event dispatched when a user is registered within the system.
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see
auth.starter.required.data.changelog.xml)
Endpoints for CRUD operations on User.
Represents a historical user password including useful metadata such as the date it was created
to allow enforcing user password policies such as not allowing them to set a new password that is
the same as one they used within the last three months.
Endpoint for retrieving information about the currently authenticated user
Optional properties when handling user lockout due to failed login attempts.
Service responsible for handling login attempts.
Represents a login attempt by a user
Service for managing user login attempts.
Properties for authentication controllers
Service for doing user authentication actions
This validator uses regex to validate usernames.
Thrown when login fails because the user is not marked as active.
The API domain that represents a scope and operation types a user has access to on that scope.
Payload describing the
operations
a user is allowed to perform.Service API for
UserOperation
.Used to convert a
List
of HistoricalPasswords
to a
serialized JSON object string representation for persistence and vice-versa.Properties to configure certain password settings.
Endpoint for CRUD operations on UserPermissions
An alternative DTO object to use for the specific use case of being an element in collection
fields of parent entities.
Repository for persisted counterparts of
UserPermission
.Provides CRUD management operations on
UserPermission
.Validations for
UserPermission
.Representation of a registration from the frontend
Spring cloud data channel description for messaging output.
Registers new users into the user data store
Hook point for
User.setType(String)
when creating new users from the
UserRegistrationService
.Token enhancer that includes user restrictions and restricted authorities within the token.
Returned by
UserRoleAncestryHydrationService
in response to hydration requests.A
UserRole
can have ancestors, starting with its direct parent defined in
UserRole.parentRoleId
up to the top-level ancestor.Endpoint for CRUD operations on UserRoles
An alternative DTO object to use for the specific use case of being an element in collection
fields of parent entities.
Validations for
UserRole
.Default possible values for
User.type
.Output channel used when a
User
update occurs.Validations for
User
.This filter is for verifying that there's a saved redirect cookie on the request for certain
URIs.
Properties used for
VerifyRedirectCookieFilter