Class DefaultClientScopeClientCredentialsRequestConverter

java.lang.Object
com.broadleafcommerce.auth.authorization.security.spring.DefaultClientScopeClientCredentialsRequestConverter
All Implemented Interfaces:
org.springframework.security.web.authentication.AuthenticationConverter

public class DefaultClientScopeClientCredentialsRequestConverter extends Object implements org.springframework.security.web.authentication.AuthenticationConverter
Leverages the OAuth2ClientCredentialsAuthenticationConverter to create an OAuth2ClientCredentialsAuthenticationToken from the request.

This implementation adds the ability to use default scopes if no scopes are requested. If there are no scopes on the request, then the scopes from the RegisteredClient will be used as requested scopes.

Scope validation and authorization is performed in ScopeNarrowingOAuth2ClientCredentialsAuthenticationProvider.getClientAccessibleScopes(OAuth2ClientCredentialsAuthenticationToken, RegisteredClient).

Author:
Cade Rea (cade-rea)
See Also:
  • Constructor Summary

    Constructors
  • Method Summary

    Modifier and Type
    Method
    Description
    protected org.springframework.security.oauth2.core.OAuth2AuthenticationException
    Prepare an OAuth2AuthenticationException to report an invalid client.
    org.springframework.security.core.Authentication
    convert(jakarta.servlet.http.HttpServletRequest request)
     
    protected Set<String>
    getClientScopes(org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientCredentialsAuthenticationToken clientCredentialsToken)
    Read the scopes from the RegisteredClient specified by the OAuth2ParameterNames.CLIENT_ID parameter.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Constructor Details

    • DefaultClientScopeClientCredentialsRequestConverter

      public DefaultClientScopeClientCredentialsRequestConverter()
  • Method Details

    • convert

      public org.springframework.security.core.Authentication convert(jakarta.servlet.http.HttpServletRequest request)
      Specified by:
      convert in interface org.springframework.security.web.authentication.AuthenticationConverter
    • getClientScopes

      protected Set<String> getClientScopes(org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientCredentialsAuthenticationToken clientCredentialsToken)
      Read the scopes from the RegisteredClient specified by the OAuth2ParameterNames.CLIENT_ID parameter.
      Parameters:
      clientCredentialsToken - The OAuth2ClientCredentialsAuthenticationToken that represents the client credentials request.
      Returns:
      The set of scopes specified on the AuthorizedClient.
      See Also:
    • clientIdException

      protected org.springframework.security.oauth2.core.OAuth2AuthenticationException clientIdException()
      Prepare an OAuth2AuthenticationException to report an invalid client.
      Returns:
      An OAuth2AuthenticationException describing the error.