All Classes and Interfaces

Class
Description
AbstractAuthenticationStrategyDelegate<T extends org.springframework.security.core.Authentication>
Abstract AuthenticationStrategyDelegate for converting Authentication to OAuth2UserDetails.
Properties can be updated at runtime (ex: from Broadleaf Config Server), and therefore it is important that all components who need a particular signing/verification key are using an instance that matches the latest property value for that key.
Abstract AuthenticationStrategyDelegate for converting OAuth2AuthenticationToken to OAuth2UserDetails.
Implementation of JwtAccessTokenEnhancer that has a request scoped UserContext that contains the current user to avoid repeated database reads.
Contains constants that are used as keys for token claims for access tokens in JwtAccessTokenEnhancers.
 
General cross-cutting claims.
 
 
 
 
 
 
Common functionality for evaluating account access
Responsible for validating and adding the "acct_id" claim to the token.
Exception thrown when an attempt reset password is blocked due to a user account being locked.
Spring cloud data channel description for messaging input.
Listens to AccountMemberRoleChangeRequest messages and delegates them to the AccountMemberRoleChangeRequestHandler.
Data about AccountMember role updates.
 
 
Methods to read and update AccountRoles.
Spring cloud data channel description for messaging input.
Listens to CustomerAccountUpdateRequest messages and delegates them to the AccountUpdateRequestHandler.
Specific messaging contract for sending in admin permission updates.
 
Spring cloud data channel description for messaging input.
Handles messages from the Persistence channel for AdminPermission data to update UserPermission.
Specific messaging contract for permission references by entities.
Specific messaging contract for restricted permission references by entities.
Specific messaging contract for restricted role references by entities.
Specific messaging contract for restriction references by entities.
Specific messaging contract for sending in admin role updates.
 
Spring cloud data channel description for messaging input.
Handles messages from the Persistence channel for AdminRole data to update UserRole.
Specific messaging contract for role references by entities.
Specific messaging contract for sending in user updates.
 
Spring cloud data channel description for messaging input.
Handles messages from the Persistence channel for AdminUser data to update User.
Utility methods for the OAuth 2.0 Configurers.
Token generator for refresh tokens.
 
Perform token re-use detection.
Projection domain representing a subset of information provided by Application.
A DTO intended to hold just the applicationId of a user-application relationship.
Handle persistence operations related to Applications
Perform CRUD operations using the Application projection domain.
 
Supply the anonymization related endpoint to the service.
Controls anonymization behavior for the auth service
Properties that influence cache settings for the auth service
Properties used for encrypted columns.
Spring cloud data channel description for messaging input.
Handles messages from the Persistence channel for other services that can impact the data in the authentication service, such as roles, permissions, and users.
 
Spring Boot default property overrides for this service
 
 
A message event dispatched after authentication events occur.
Class used for mapping an exception to a redirect URI.
 
Default AuthenticationEvent message types
 
Used by the DefaultSessionAuthenticationStrategy to convert Authentication from various sources into OAuth2UserDetails.
 
General exception handler registry for handlers not exclusive to a single controller.
Responsible for configuring the setup for internationalization support.
 
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see auth.starter.required.data.changelog.xml)
 
 
Configuration properties for AuthorizationRequestRepository/BroadleafAuthorizationRequestRepository.
A holder for OAuth2AuthorizationRequest data, with a field for the Broadleaf Client Id
 
An authorization server responsible for authenticating users.
Used in SpringAuthorizationServerComponentsConfiguration to add various authentication filters to the authorization server security filter chain.
 
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see auth.starter.required.data.changelog.xml)
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see auth.starter.required.data.changelog.xml)
 
 
 
 
 
 
 
 
 
Properties configuring the behavior of ContentSecurityPolicyConfigurer.
Represents the configuration for a particular 'directive' (ex: should 'default-src' be provided, and what should its value be?).
 
 
If enabled, this should be the value to use for the directive.
 
Service interface for managing authorization servers.
Used in SpringAuthorizationServerComponentsConfiguration to customize the OAuth2TokenGenerator.
 
This is used to persist a RegisteredClient which AuthenticationServices recognizes as registered with itself in its capacity as an authorization server.
 
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see auth.starter.required.data.changelog.xml)
 
Validator targeting AuthorizationServer
 
Service interface for managing AuthorizedClient.
 
Spring cloud data channel description for messaging input.
Configuration properties for special behavior on user registration.
Web configuration for the resource side of the auth server
Service responsible for creating authorization servers and clients when a new application is created.
Validator targeting AuthorizationServer
Configuration for engaging default Broadleaf support for Apache Ignite cache
Auth-specific configuration for entity validations.
 
Configures the common service layer that applies to both the resource and authorization server concerns
 
 
Autoconfiguration for the username/password login functionality
Handler for the AuthPersistenceConsumer channel that specializes in replicating persisted Application domain information into a subset of that information embodied in the Application domain.
Customization of default translation post mapper member to support translations in auth.
 
 
Simple implementation of a SavedRequest.
Save and load OAuth2AuthorizationRequest from a cookie.
This enhances the ClientRegistrationRepository interface to enable users to get all ClientRegistrations at once.
 
This is added to the OAuth2LoginAuthenticationToken and used by the DefaultSessionAuthenticationStrategy to create cookies after authentication.
Classes that implement this interface will be exposed to the Thymeleaf expression evaluation context.
 
 
Represents the data needed to send a notification after an account user submits a cart requiring approval.
Represents a summary of an Approver User.
Spring cloud data channel description for messaging input.
Component responsible for handling CartApprovalRequestEvents.
Spring cloud data channel description for messaging output.
This form backs the change password HTML form as a DTO.
Validator that runs through the fields in the ChangePasswordForm and ensures correctness.
 
 
Represents a request to remove a customer segment from multiple users.
Endpoint used for the discovery of authorized client details.
 
 
Properties for configuring identity providers for different clients, i.e., admin or commerce client, during a user authorization flow.
 
 
This filter helps with the 3rd Party OAuth Server functionality, where this app is acting as an OAuth2 Client to a 3rd party OAuth service.
This JwtAccessTokenEnhancer determines the set of all permissions available to a client-only principal specified in the given JwtTokenEnhancerContext.
 
 
Service used for returning redirects for a client and/or server
This service is intended to provide OAuthClientRegistrationWrapper objects built from OAuth2ClientProperties defined through application properties.
Provides claims "restrictions" and "restricted_authorities".
Indicates that a request was missing a client ID, the client could not be found, or the client does not allow the type of request received.
Establishes the default PkceParameterNames.CODE_CHALLENGE_METHOD (CodeChallengeMethod.S256) when PkceParameterNames.CODE_CHALLENGE is specified and no challenge method is provided.
Responsible for configuring Content Security Policy (CSP) for SecurityAutoConfiguration.
This interface is intended to encapsulate functionality for accessing client id and tenant id from the request context.
Utility class to assist with storing and retrieving request parameters from request attributes.
Alternative storage mechanism for an original destination before being redirected for login.
A subset of customer information that we're concerned with from Customer Service.
Links an account id to its parent account id.
 
Endpoint for reading account roles from a customer facing perspective.
Service for managing CustomerAccounts.
Data about the account status change
Enhances tokens with the "customer_context_ids" claim.
 
Enhances a token with the IDs of CustomerSegments that the User is a member of if they are present in the User attributes map.
Support persistence functions for JpaOAuth2Authorization.
Additional functionality necessary for RoleRepository.
Additional functionality necessary for UserPermissionRepository.
Additional functionality necessary for UserRepository.
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see auth.starter.required.data.changelog.xml)
 
Respond to AccountMemberRoleChangeRequest to update User roles when an Account Member's roles are updated.
DefaultAccountRoleService<P extends AccountRole,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
 
Process an CustomerAccountUpdateRequest to respond to updates of an account's status or parent.
DefaultApplicationService<P extends Application,D extends com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable & com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware>
 
A camel cluster service instance that will periodically execute CustomizedOAuth2AuthorizationRepository.cleanupBatch(String) calls against the datastore.
DefaultAuthorizationServerService<P extends AuthorizationServer,D extends com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable & com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware>
 
DefaultAuthorizedClientService<P extends AuthorizedClient,D extends com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable & com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware>
 
 
 
Default authorization server properties to use when creating an authorization server and authorized clients.
 
Provides ClientRegistration objects to the OAuth2 Client beans.
 
 
This service provides OAuthClientRegistrationWrapper objects built from OAuth2ClientProperties defined through application properties.
Leverages OAuth2AuthorizationCodeRequestAuthenticationToken to create an OAuth2AuthorizationCodeRequestAuthenticationToken from the request.
Leverages the OAuth2ClientCredentialsAuthenticationConverter to create an OAuth2ClientCredentialsAuthenticationToken from the request.
 
DefaultCustomerAccountService<P extends CustomerAccount,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
 
 
 
Default implementation of ImpersonationRequestValidator that validates that the CSR has authority to impersonate, the impersonated target exists, and that the impersonated target has chosen to allow impersonation.
 
An OAuth2TokenCustomizer for JwtEncodingContext that delegates to a list of JwtAccessTokenEnhancers.
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see auth.starter.required.data.changelog.xml)
Authorization Code Request validator that does not validate scopes.
Implementation of Spring's OAuth2AuthorizationService for datastore persistence of OAuth2Authorization instances.
 
 
This service stores an OAuth2AuthorizedClient as a Base64 encoded value in a cookie.
This class holds the necessary fields for saving and loading OAuth2AuthorizedClient.
Filter capable of adding default values for one or more OAuth2 related request params.
Manipulate request params supplied to the application.
An OAuth2SessionToken that holds the claims within a HashMap.
 
An OAuth2UserDetailsService implementation that uses the UserService for loading users by clientId and username.
Provides a BroadleafOAuthClientAuthenticationDetails to the OAuth2LoginAuthenticationFilter during authentication.
DefaultOAuthClientRegistrationPersistenceService<P extends OAuthClientRegistrationWrapper,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
Interacts with the OAuthClientRegistrationRepository to read domain objects and map them to the projection OAuthClientRegistrationWrapper
Basic implementation that will try to handle any OAuth2AuthenticationToken.
DefaultPasscodeService<P extends PasswordToken,U extends User,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
 
Default implementation of PasswordGenerator.
Note - ensure to keep DefaultPasswordGenerator aligned with any changes to validation here.
 
 
An intermediary data structure used internally by PrivilegeService to hold all the restrictions, flat permissions, restricted roles, and restricted permissions of a user entity and permissions from a server entity to prevent querying the data multiple times.
Implements RegisteredClientRepository through interactions with AuthorizedClientService and converts between RegisteredClient and AuthorizedClient.
 
 
Methods for filtering scopes and permissions from what is accessible to what is requested or relevant.
This is used to set the session cookie after successful authentication.
 
 
DefaultUserLoginAttemptService<P extends UserLoginAttempt,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
 
 
 
 
 
DefaultUserPasswordService<P extends PasswordToken,U extends User,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
 
DefaultUserPermissionService<P extends UserPermission,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
 
 
 
DefaultUserRoleService<P extends UserRole,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
 
DefaultUserService<P extends User,D extends com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware & com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable>
 
Default user types managed within this service
Responsible for configuring dispatcher type authorization in SecurityAutoConfiguration.
JWKSource is used by components like NimbusJwtEncoder to obtain JWK instances for operations.
This serves as a WebApplicationContext.SCOPE_REQUEST bean to hold a stable, consistent value for public and private keys during a request lifecycle.
This is a special 'smart key' bean that will always present the latest private key for AuthenticationServices based on AuthorizationServerProperties.OAuth2.getEncodedPrivateKey().
This is a special 'smart key' bean that will always present the latest public key for AuthenticationServices based on AuthorizationServerProperties.OAuth2.getEncodedPublicKey().
Customizer for an HttpSecurity to be applied before the default authentication security filter chain in AuthenticationSecurityConfiguration's security chain.
Customizer for an HttpSecurity to be applied before the default configuration in SpringAuthorizationServerSecurityConfiguration's security filter chain.
 
Represents a request to get an email with a link to reset a user's password.
Responsible for adding the EmbeddedLoginAuthenticationFilter to the authentication security filter chain in SecurityAutoConfiguration.
 
Processes an authentication form submission from an embedded login form.
An AuthenticationProvider that retrieves OAuth2UserDetails from a OAuth2UserDetailsService for use with embedded login.
Writes a One-Time Passcode to the response on Embedded Login success.
An Authentication implementation that is designed for simple presentation of an OAuth2 clientId, username, and password.
 
Convert a web request and parameters to EmbeddedLoginCodeAuthenticationToken.
Authenticates the user for the OAuth2TokenEndpointFilter based on a one-time passcode parameter.
Authentication Request Token for the OAuth2TokenEndpointFilter when using Embedded Login.
Indicates that there was an attempt to login a user using embedded login when the AuthorizationServer receiving the request did not allow embedded login.
Thrown if there is a problem writing the One-Time Passcode to the embedded login response.
 
 
REST controller for supporting embedded registration.
Indicates that there was an attempt to register a user using embedded registration when the AuthorizationServer receiving the request did not allow embedded registration.
Converter used to encrypt a string when persisted and decrypt it when read.
Runs as a Liquibase change set.
The default implementation of TenantUrlResolver, which makes external calls to the tenant service for URL resolution of applications and tenant admins.
Properties used by ExternalTenantUrlResolver to determine the paths at which to make requests for admin and application URL resolution.
Processes an authentication form submission for an OAuth2 Authorization Server for Universal Login.
An AuthenticationProvider that retrieves OAuth2UserDetails from a OAuth2UserDetailsService for use with Universal Login.
An Authentication implementation that is designed for simple presentation of an OAuth2 clientId, username, and password.
Maps OAuth2AuthenticationToken from Github to OAuth2UserDetails.
Maps OAuth2AuthenticationToken from Google to OAuth2UserDetails.
A JwtAccessTokenEnhancer that copies claims from the current CSR's session token.
Strategy for enhancing an OAuth2SessionToken claims before it is stored as an HTTP-only cookie.
 
 
 
The initial impersonation request.
The values resolved from an ImpersonationRequest after redirect and token validation.
Validation interface for validation the impersonation of a user in the ImpersonationEndpoint.
Service providing various methods related to the impersonation flow.
Exception that is thrown in the event that some operation is being performed with a user, but the application context is incompatible.
Exception that is thrown when an invalid application ID is supplied in an operation involving the user-application relationship.
Exception thrown when attempting to archive or delete a UserRole which has descendants still pointing to it as a parent.
 
 
An entity holding information about an application registered via the tenant service
Handle persistence operations related to JpaApplication
 
 
 
 
 
 
 
Additional functionality necessary for JpaRoleRepository.
Additional functionality necessary for JpaUserPermissionRepository.
 
Domain supporting Spring's OAuth2Authorization persistence.
Setup components for dealing with OAuth2Authorization JPA persistence.
Component responsible for computing the 'hash' values for certain fields on JpaOAuth2Authorization.
Handle persistence of JpaOAuth2Authorization, which is the counterpart for Spring's OAuth2Authorization.
JPA Representation of a ClientRegistration.ProviderDetails
JPA representation of a ClientRegistration with a tenant id.
 
 
 
JPA-specific repository for persisted counterparts of UserRole.
Persisted counterpart for a User.
Persistent version of UserHistoricalPassword.
 
 
 
JPA-specific repository for persisted counterparts of UserPermission.
 
 
 
 
 
Indicates classes that can participate in JWT Token customization for access tokens.
A wrapper for JwtEncodingContext that includes a map for additional context.
Utilities related to token signing keys
Customizer for an HttpSecurity to be applied after the default configuration in AuthenticationSecurityConfiguration's security chain.
Customizer for an HttpSecurity to be applied after the default configuration in SpringAuthorizationServerSecurityConfiguration's security filter chain.
 
Exception thrown by AbstractOAuthClientAuthenticationStrategyDelegate implementations when a required attribute is missing from OAuth2AuthenticationToken.
Provides a behavior consistent with http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest.
Handle persistence of Spring's OAuth2Authorization.
Used in SpringAuthorizationServerComponentsConfiguration to customize OAuth2AuthorizationServerConfigurer.
Configuration properties for OAuth2AuthorizedClientRepository/DefaultOAuth2AuthorizedClientRepository.
 
The sole purpose of this Template Engine is to add the current request's `client_id` param to the `resolutionAttributes` of the TemplateSpec.
 
Copy of the class of the same name from Spring.
Represents a configured identity provider to be shown as a model attribute in a Thymeleaf template.
Processes an OAuth2 client session Cookie to establish an authentication user.
An AuthenticationProvider that authenticates a user using a OAuth2SessionAuthenticationToken.
An Authentication implementation that is designed for simple presentation of an OAuth2 clientId, and JWT session token.
The holder of the claims associated with a user's session.
 
Configures the DefaultOAuth2UserDetailsService which is used for loading OAuth2UserDetails by clientId and username.
Core interface which loads user-specific data for a certain OAuth2 client.
Beans to support acting as an OAuth Client for 3rd party authentication
 
Beans to support our custom ClientRegistrationRepository backed by DefaultOAuthClientRegistrationPersistenceService
Configuration to support encrypting entity fields via EncryptedFieldConverter.
Override of the default LiquibaseAutoConfiguration.LiquibaseConfiguration to autowire the authClientPersistenceKey bean and set it to EncryptionMigrationTask.setSecretKey(javax.crypto.SecretKey).
 
Service responsible for CRUD operations related to OAuthClientRegistrationWrapper.
A wrapper for ClientRegistration.ProviderDetails to allow correspondence with a persistent version of the same.
 
 
A non-static wrapper around ClientRegistrations used to make testing easier.
Wrapper for ClientRegistration.
Validate that a OAuthClientRegistrationWrapper has a registration id, client id, and client secret
 
Handle retrieval of OAuth2Authorization by OID.
An AuthenticationProvider implementation for the OAuth 2.0 Refresh Token Grant.
Handles messages from the Persistence channel, asserting that they contain operation type, id, and timestamp information.
 
 
Thrown when there is an exception during Passcode consumption
This service provides methods for creating and consuming random passcodes.
Can be used for generating passwords.
This validator uses regex to validate new passwords for registration and password resets.
 
 
 
This validator performs various checks on the validity of a password token compared to that of a set of password tokens that belong to a user.
The result of validating a password against rules defined within PasswordRequestValidator
Any of the validations that use regex may be "disabled" by changing the regex to match anything: ^.*$ or nothing: ^$ (e.g., for whitespace or repeated characters)
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see auth.starter.required.data.changelog.xml)
 
 
 
 
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see auth.starter.required.data.changelog.xml)
 
Convenience methods used for processing permissions and authorities
 
A service that contains various utility functions related to Restriction, RestrictedRole, and RestrictedPermission.
A data structure used by DefaultOAuth2UserDetailsService and PrivilegeService to hold all the authorities, restrictions, and restricted authorities of a User.
An authenticator used for OAuth 2.0 Client Authentication, which authenticates the PkceParameterNames#CODE_VERIFIER code_verifier parameter.
An AuthenticationProvider implementation for the OAuth 2.0 Authorization Code Grant.
Copy of the class of the same name from Spring.
Attempts to extract the parameters from HttpServletRequest used for authenticating public clients using Proof Key for Code Exchange (PKCE) or refresh token.
An AuthenticationProvider implementation used for OAuth 2.0 Public Client Authentication, which authenticates the PkceParameterNames#CODE_VERIFIER code_verifier parameter, or the refresh_token and redirect_uri parameters.
 
 
Guarantees an overall unique access token value, even when generated in quick succession
Token enhancer that adds several registered JWT claims, such as issuer and audience, as well as a non-standard "max" claim that determines the maximum lifetime of a token.
 
Controller for supporting form-based registration for Universal Login.
 
Intended to be used within a JsonView to demarcate which properties are accepted in a request from external (e.g.
Exception to be used when a failure occurs somewhere in the reset password flow for a user.
This form backs the password reset HTML form as a DTO.
 
Interface for validation of a ResetPasswordForm.
Intended to be used within a JsonView to demarcate which properties serialized in the response from and endpoint
Represent a permission a user has access to only within specific segment(s) of data.
Represent a role a user has access to only within specific segment(s) of data.
A DTO used to represent a restriction on the data in which a user has access.
Revoke refresh token on logout if provided.
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see auth.starter.required.data.changelog.xml)
 
 
 
Repository for persisted counterparts of UserRole.
An AuthenticationProvider implementation for the OAuth 2.0 Authorization Code Request.
An AuthenticationProvider implementation for the OAuth 2.0 Client Credential Grant.
 
This is the main security configuration that engages Spring Authorization Server support and the authentication filters.
This configuration is specifically responsible for enabling authentication-related components.
This configuration is specifically responsible for enabling Spring Authorization Server and its related components.
 
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see auth.starter.required.data.changelog.xml)
Service used during the authorization flow to assess the privileges of the current user in order to filter the requested scopes or retrieve the permissions for an access token.
Auto-configuration that registers the DefaultSecurityService bean.
Spring cloud data channel description for messaging input.
Handles creation and deletes of customer segment/customer relationships.
Contains constants that are used as keys for token claims for session tokens.
Though these are used in OAuth2SessionToken, some of these claims are also used in access tokens.
Implementation of JpaOAuth2AuthorizationHashValueProvider that returns a SHA-512 digest hex string.
 
Configuration for components related to Spring Authorization Server.
Setup components for dealing with OAuth2Authorization persistence.
Contains properties dictating SSL verification.
Utility for JWT-based cookies - specifically those intended to drive stateless behavior, such as stateless sessions.
 
Properties to configure behavior of StatelessUtil/StatelessUtilImpl.
Token enhancer to add the values "tenant_access", "application_access", "tenant_id" and "application_ids" to the token, if they exist.
 
 
Responsible for resolving the base URL at which an application or admin is served given the ID of an application or tenant.
Configuration for the TenantUrlResolver.
An ObjectPostProcessor specifically intended to contribute additional top-level elements to the token response json.
 
Utility to consolidate common operations performed in JwtAccessTokenEnhancer.
Configuration properties for refresh token rotation and authorization persistence cleanup handling.
A generation strategy that generates a ULID for a primary key.
A DTO matching the expected structure of a URL resolution response from the tenant service.
Represents a user which can authenticate with this service.
Endpoint for retrieving information about the currently authenticated user
Token enhancer that puts various relevant user data into the token's claims.
Updates PII fields for the User domain.
 
Spring cloud data channel description for messaging input.
Listens to user claims request events and delegates them to the UserAttributesRequestHandler.
A request DTO to adjust the attributes on a particular User.
Add additional attributes to a User
Intended for use as a request scoped bean to be utilized by AccessTokenEnhancers that need to read the currently authenticated user.
A message event dispatched when a user is registered within the system.
 
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated in favor of liquibase insert pattern (see auth.starter.required.data.changelog.xml)
 
 
 
 
Endpoints for CRUD operations on User.
Represents a historical user password including useful metadata such as the date it was created to allow enforcing user password policies such as not allowing them to set a new password that is the same as one they used within the last three months.
Endpoint for retrieving information about the currently authenticated user
Optional properties when handling user lockout due to failed login attempts.
Service responsible for handling login attempts.
Represents a login attempt by a user
 
Service for managing user login attempts.
Properties for authentication controllers
Service for doing user authentication actions
 
 
 
This validator uses regex to validate usernames.
Thrown when login fails because the user is not marked as active.
The API domain that represents a scope and operation types a user has access to on that scope.
Payload describing the operations a user is allowed to perform.
Service API for UserOperation.
Used to convert a List of HistoricalPasswords to a serialized JSON object string representation for persistence and vice-versa.
Properties to configure certain password settings.
 
 
Endpoint for CRUD operations on UserPermissions
An alternative DTO object to use for the specific use case of being an element in collection fields of parent entities.
Repository for persisted counterparts of UserPermission.
Provides CRUD management operations on UserPermission.
Validations for UserPermission.
Representation of a registration from the frontend
Spring cloud data channel description for messaging output.
Registers new users into the user data store
Hook point for User.setType(String) when creating new users from the UserRegistrationService.
 
Token enhancer that includes user restrictions and restricted authorities within the token.
 
Returned by UserRoleAncestryHydrationService in response to hydration requests.
A UserRole can have ancestors, starting with its direct parent defined in UserRole.parentRoleId up to the top-level ancestor.
Endpoint for CRUD operations on UserRoles
An alternative DTO object to use for the specific use case of being an element in collection fields of parent entities.
 
Validations for UserRole.
UserService<P extends User>
Provides services for interacting with Users and JpaUsers
Default possible values for User.type.
Output channel used when a User update occurs.
Validations for User.
 
This filter is for verifying that there's a saved redirect cookie on the request for certain URIs.
Properties used for VerifyRedirectCookieFilter