Class PublicRefreshOAuth2AuthorizationCodeAuthenticationProvider
java.lang.Object
com.broadleafcommerce.auth.authorization.security.spring.PublicRefreshOAuth2AuthorizationCodeAuthenticationProvider
- All Implemented Interfaces:
org.springframework.core.Ordered
,org.springframework.security.authentication.AuthenticationProvider
public final class PublicRefreshOAuth2AuthorizationCodeAuthenticationProvider
extends Object
implements org.springframework.security.authentication.AuthenticationProvider, org.springframework.core.Ordered
An
AuthenticationProvider
implementation for the OAuth 2.0 Authorization Code Grant. This
is a customized version of the original Spring class
(OAuth2AuthorizationCodeAuthenticationProvider
). The difference here is that we allow
public clients to also request refresh tokens in order to facilitate advanced use cases like
refresh token rotation for mobile client applications.-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
Copy of the class of the same name from Spring. -
Field Summary
Fields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
-
Constructor Summary
ConstructorDescriptionPublicRefreshOAuth2AuthorizationCodeAuthenticationProvider
(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService authorizationService, org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator<? extends org.springframework.security.oauth2.core.OAuth2Token> tokenGenerator, TokenProperties tokenProperties) Constructs anOAuth2AuthorizationCodeAuthenticationProvider
using the provided parameters. -
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.security.core.Authentication
authenticate
(org.springframework.security.core.Authentication authentication) int
getOrder()
void
setSessionRegistry
(org.springframework.security.core.session.SessionRegistry sessionRegistry) Sets theSessionRegistry
used to track OpenID Connect sessions.boolean
-
Constructor Details
-
PublicRefreshOAuth2AuthorizationCodeAuthenticationProvider
public PublicRefreshOAuth2AuthorizationCodeAuthenticationProvider(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService authorizationService, org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator<? extends org.springframework.security.oauth2.core.OAuth2Token> tokenGenerator, TokenProperties tokenProperties) Constructs anOAuth2AuthorizationCodeAuthenticationProvider
using the provided parameters.- Parameters:
authorizationService
- the authorization servicetokenGenerator
- the token generator- Since:
- 0.2.3
-
-
Method Details
-
getOrder
public int getOrder()- Specified by:
getOrder
in interfaceorg.springframework.core.Ordered
-
authenticate
public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication) throws org.springframework.security.core.AuthenticationException - Specified by:
authenticate
in interfaceorg.springframework.security.authentication.AuthenticationProvider
- Throws:
org.springframework.security.core.AuthenticationException
-
supports
- Specified by:
supports
in interfaceorg.springframework.security.authentication.AuthenticationProvider
-
setSessionRegistry
public void setSessionRegistry(org.springframework.security.core.session.SessionRegistry sessionRegistry) Sets theSessionRegistry
used to track OpenID Connect sessions.- Parameters:
sessionRegistry
- theSessionRegistry
used to track OpenID Connect sessions- Since:
- 1.1
-