Class TokenProperties
java.lang.Object
com.broadleafcommerce.auth.authorization.TokenProperties
Configuration properties for refresh token rotation and authorization persistence cleanup
handling.
-
Field Summary
Modifier and TypeFieldDescriptionstatic final int
static final int
static final int
static final int
static final int
static final int
static final int
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected boolean
boolean
int
The quantity of expired authorizations to delete at one time.The max amount of pause time between batch expired authorization cleanup attempts.The min amount of pause time between batch expired authorization cleanup attempts.Namespace to use when getting the view for the camel cluster.Amount of time that a rotated refresh token is still valid for refresh attempts after it is initially rotated.int
hashCode()
boolean
If set to true, ALL_* permissions will be exploded into their CRUD equivalents in access tokens.boolean
Whether the system should clean up expired authorizations from the system.boolean
Whether refresh token rotation is supported.void
setCleanupBatchSize
(int cleanupBatchSize) The quantity of expired authorizations to delete at one time.void
setExplodePermissions
(boolean explodePermissions) If set to true, ALL_* permissions will be exploded into their CRUD equivalents in access tokens.void
setMaxTokenCleanupInterval
(Duration maxTokenCleanupInterval) The max amount of pause time between batch expired authorization cleanup attempts.void
setMinTokenCleanupInterval
(Duration minTokenCleanupInterval) The min amount of pause time between batch expired authorization cleanup attempts.void
setNamespace
(String namespace) Namespace to use when getting the view for the camel cluster.void
setRefreshTokenRotationInterval
(Duration refreshTokenRotationInterval) Amount of time that a rotated refresh token is still valid for refresh attempts after it is initially rotated.void
setSupportRefreshTokenCleanup
(boolean supportRefreshTokenCleanup) Whether the system should clean up expired authorizations from the system.void
setSupportRefreshTokenRotation
(boolean supportRefreshTokenRotation) Whether refresh token rotation is supported.toString()
-
Field Details
-
AUTH_CODE_TIMEOUT_SECONDS_DEFAULT
public static final int AUTH_CODE_TIMEOUT_SECONDS_DEFAULT- See Also:
-
REFRESH_TOKEN_TIMEOUT_SECONDS_DEFAULT
public static final int REFRESH_TOKEN_TIMEOUT_SECONDS_DEFAULT- See Also:
-
REFRESH_TOKEN_ROTATION_INTERVAL_SECONDS_DEFAULT
public static final int REFRESH_TOKEN_ROTATION_INTERVAL_SECONDS_DEFAULT- See Also:
-
TOKEN_TIMEOUT_SECONDS_DEFAULT
public static final int TOKEN_TIMEOUT_SECONDS_DEFAULT- See Also:
-
AUTHORIZATION_CLEANUP_INTERVAL_SECONDS_MAX_DEFAULT
public static final int AUTHORIZATION_CLEANUP_INTERVAL_SECONDS_MAX_DEFAULT- See Also:
-
AUTHORIZATION_CLEANUP_BATCH_SIZE_DEFAULT
public static final int AUTHORIZATION_CLEANUP_BATCH_SIZE_DEFAULT- See Also:
-
AUTHORIZATION_CLEANUP_INTERVAL_SECONDS_MIN_DEFAULT
public static final int AUTHORIZATION_CLEANUP_INTERVAL_SECONDS_MIN_DEFAULT- See Also:
-
-
Constructor Details
-
TokenProperties
public TokenProperties()
-
-
Method Details
-
getRefreshTokenRotationInterval
Amount of time that a rotated refresh token is still valid for refresh attempts after it is initially rotated. This allows for a small window where inadvertent issues (like poor mobile network quality) can be overcome with a refresh retry without failing. Once the interval is exceeded after an initial rotation, any attempt to refresh for a new auth token will fail. This value should be kept as small as possible to avoid opening a larger window for replay attack. -
isSupportRefreshTokenRotation
public boolean isSupportRefreshTokenRotation()Whether refresh token rotation is supported. If true, a refresh token is included with the access token when an access token is requested (note, the AuthorizedClient#getGrantTypes() must also include "refresh_token" for a refresh token to actually be emitted with the access token as a pair). When the access token expires, the refresh token may be used to request a new access token. The new access token will include a new refresh token (i.e. refresh token rotation) that may be used in the future. The rotated access token should not be used again and will quickly become invalid after TokenProperties#getRefreshTokenRotationInterval(). -
isSupportRefreshTokenCleanup
public boolean isSupportRefreshTokenCleanup()Whether the system should clean up expired authorizations from the system. This is highly recommended. -
getNamespace
Namespace to use when getting the view for the camel cluster. Default is "lock". -
getMaxTokenCleanupInterval
The max amount of pause time between batch expired authorization cleanup attempts. Default is 10 seconds. -
getMinTokenCleanupInterval
The min amount of pause time between batch expired authorization cleanup attempts. Default is 3 seconds. This value always wins, and you can set this value equal to or greater thanmaxTokenCleanupInterval
to achieve a constant, non-randomized value. -
getCleanupBatchSize
public int getCleanupBatchSize()The quantity of expired authorizations to delete at one time. Should be somewhat conservative to avoid overworking the database or causing the transaction log to spiral out of control. Default is 20000. -
isExplodePermissions
public boolean isExplodePermissions()If set to true, ALL_* permissions will be exploded into their CRUD equivalents in access tokens. For example, ALL_PRODUCT will be exploded into CREATE_PRODUCT, READ_PRODUCT, UPDATE_PRODUCT, and DELETE_PRODUCT. Default value is false. -
setRefreshTokenRotationInterval
Amount of time that a rotated refresh token is still valid for refresh attempts after it is initially rotated. This allows for a small window where inadvertent issues (like poor mobile network quality) can be overcome with a refresh retry without failing. Once the interval is exceeded after an initial rotation, any attempt to refresh for a new auth token will fail. This value should be kept as small as possible to avoid opening a larger window for replay attack. -
setSupportRefreshTokenRotation
public void setSupportRefreshTokenRotation(boolean supportRefreshTokenRotation) Whether refresh token rotation is supported. If true, a refresh token is included with the access token when an access token is requested (note, the AuthorizedClient#getGrantTypes() must also include "refresh_token" for a refresh token to actually be emitted with the access token as a pair). When the access token expires, the refresh token may be used to request a new access token. The new access token will include a new refresh token (i.e. refresh token rotation) that may be used in the future. The rotated access token should not be used again and will quickly become invalid after TokenProperties#getRefreshTokenRotationInterval(). -
setSupportRefreshTokenCleanup
public void setSupportRefreshTokenCleanup(boolean supportRefreshTokenCleanup) Whether the system should clean up expired authorizations from the system. This is highly recommended. -
setNamespace
Namespace to use when getting the view for the camel cluster. Default is "lock". -
setMaxTokenCleanupInterval
The max amount of pause time between batch expired authorization cleanup attempts. Default is 10 seconds. -
setMinTokenCleanupInterval
The min amount of pause time between batch expired authorization cleanup attempts. Default is 3 seconds. This value always wins, and you can set this value equal to or greater thanmaxTokenCleanupInterval
to achieve a constant, non-randomized value. -
setCleanupBatchSize
public void setCleanupBatchSize(int cleanupBatchSize) The quantity of expired authorizations to delete at one time. Should be somewhat conservative to avoid overworking the database or causing the transaction log to spiral out of control. Default is 20000. -
setExplodePermissions
public void setExplodePermissions(boolean explodePermissions) If set to true, ALL_* permissions will be exploded into their CRUD equivalents in access tokens. For example, ALL_PRODUCT will be exploded into CREATE_PRODUCT, READ_PRODUCT, UPDATE_PRODUCT, and DELETE_PRODUCT. Default value is false. -
equals
-
canEqual
-
hashCode
public int hashCode() -
toString
-