Class EmbeddedLoginCodeAuthenticationProvider

java.lang.Object
com.broadleafcommerce.auth.authorization.security.embedded.code.EmbeddedLoginCodeAuthenticationProvider
All Implemented Interfaces:
org.springframework.core.Ordered, org.springframework.security.authentication.AuthenticationProvider

public final class EmbeddedLoginCodeAuthenticationProvider extends Object implements org.springframework.security.authentication.AuthenticationProvider, org.springframework.core.Ordered
Authenticates the user for the OAuth2TokenEndpointFilter based on a one-time passcode parameter.

This class is generally patterned after PublicRefreshOAuth2AuthorizationCodeAuthenticationProvider, to ensure that the access and refresh tokens are created correctly. However, since Embedded Login combines some of the standard OAuth steps, this provider has logic borrowed from various places like the session authentication provider and auth code authentication provider.

Author:
Cade Rea (cade-rea)
See Also:
  • Constructor Details

    • EmbeddedLoginCodeAuthenticationProvider

      public EmbeddedLoginCodeAuthenticationProvider(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService authorizationService, org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator<? extends org.springframework.security.oauth2.core.OAuth2Token> tokenGenerator, TokenProperties tokenProperties, SecurityService securityService, PasscodeService<PasswordToken,User> passcodeService, OAuth2UserDetailsService userDetailsService, UserService<User> userService)
  • Method Details

    • supports

      public boolean supports(Class<?> authentication)
      Specified by:
      supports in interface org.springframework.security.authentication.AuthenticationProvider
    • getOrder

      public int getOrder()
      Specified by:
      getOrder in interface org.springframework.core.Ordered
    • authenticate

      public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication) throws org.springframework.security.core.AuthenticationException
      Specified by:
      authenticate in interface org.springframework.security.authentication.AuthenticationProvider
      Throws:
      org.springframework.security.core.AuthenticationException
    • setSessionRegistry

      public void setSessionRegistry(org.springframework.security.core.session.SessionRegistry sessionRegistry)
      Sets the SessionRegistry used to track OpenID Connect sessions.
      Parameters:
      sessionRegistry - the SessionRegistry used to track OpenID Connect sessions
      Since:
      1.1