Package com.broadleafcommerce.auth.authorization.security.autoconfigure

Class AuthorizationServerAuthenticationFilterConfigurationCustomizer

java.lang.Object

com.broadleafcommerce.auth.authorization.security.autoconfigure.AuthorizationServerAuthenticationFilterConfigurationCustomizer

public class AuthorizationServerAuthenticationFilterConfigurationCustomizer
extends Object

Used in SpringAuthorizationServerComponentsConfiguration to add various authentication filters to the authorization server security filter chain.

Constructor Summary

Constructors

Constructor	Description
AuthorizationServerAuthenticationFilterConfigurationCustomizer(OAuth2SessionAuthenticationFilter oAuth2SessionAuthenticationFilter)

Method Summary

Modifier and Type	Method	Description
protected void	applyOAuth2SessionAuthenticationFilter(OAuth2SessionAuthenticationFilter oAuth2SessionAuthenticationFilter, org.springframework.security.config.annotation.web.builders.HttpSecurity http)	This filter is responsible for obtaining the end-user (resource owner) authentication information in several OAuth flows.
void	customize(org.springframework.security.config.annotation.web.builders.HttpSecurity httpSecurity)	Add/customize authentication filters relevant for the authorization server security filter chain.
protected OAuth2SessionAuthenticationFilter	getOAuth2SessionAuthenticationFilter()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AuthorizationServerAuthenticationFilterConfigurationCustomizer

public AuthorizationServerAuthenticationFilterConfigurationCustomizer(OAuth2SessionAuthenticationFilter oAuth2SessionAuthenticationFilter)

Method Details

customize

public void customize(org.springframework.security.config.annotation.web.builders.HttpSecurity httpSecurity)

Add/customize authentication filters relevant for the authorization server security filter chain.

Parameters:

httpSecurity - the authorization server security filter chain builder on which to customize authentication filters

applyOAuth2SessionAuthenticationFilter

protected void applyOAuth2SessionAuthenticationFilter(OAuth2SessionAuthenticationFilter oAuth2SessionAuthenticationFilter,
 org.springframework.security.config.annotation.web.builders.HttpSecurity http)

This filter is responsible for obtaining the end-user (resource owner) authentication information in several OAuth flows. The Spring authentication filters expect that the end-user authentication is already available by the time they run, and thus this must apply before them.

The Spring authentication filters are registered in OAuth2AuthorizationEndpointConfigurer and they are ordered before AbstractPreAuthenticatedProcessingFilter.

The LogoutFilter is engaged before all authentication filters, and thus we use it as the reference point.

Parameters:

oAuth2SessionAuthenticationFilter - the OAuth2SessionAuthenticationFilter

http - the security filter chain builder

getOAuth2SessionAuthenticationFilter

protected OAuth2SessionAuthenticationFilter getOAuth2SessionAuthenticationFilter()