Class PublicRefreshOAuth2AuthorizationCodeAuthenticationProvider
java.lang.Object
com.broadleafcommerce.auth.authorization.security.spring.PublicRefreshOAuth2AuthorizationCodeAuthenticationProvider
- All Implemented Interfaces:
org.springframework.core.Ordered,org.springframework.security.authentication.AuthenticationProvider
public final class PublicRefreshOAuth2AuthorizationCodeAuthenticationProvider
extends Object
implements org.springframework.security.authentication.AuthenticationProvider, org.springframework.core.Ordered
An
AuthenticationProvider implementation for the OAuth 2.0 Authorization Code Grant. This
is a customized version of the original Spring class
(OAuth2AuthorizationCodeAuthenticationProvider). The difference here is that we allow
public clients to also request refresh tokens in order to facilitate advanced use cases like
refresh token rotation for mobile client applications.-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classCopy of the class of the same name from Spring. -
Field Summary
Fields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE -
Constructor Summary
ConstructorsConstructorDescriptionPublicRefreshOAuth2AuthorizationCodeAuthenticationProvider(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService authorizationService, org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator<? extends org.springframework.security.oauth2.core.OAuth2Token> tokenGenerator, TokenProperties tokenProperties) Constructs anOAuth2AuthorizationCodeAuthenticationProviderusing the provided parameters. -
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.security.core.Authenticationauthenticate(org.springframework.security.core.Authentication authentication) intgetOrder()voidsetSessionRegistry(org.springframework.security.core.session.SessionRegistry sessionRegistry) Sets theSessionRegistryused to track OpenID Connect sessions.boolean
-
Constructor Details
-
PublicRefreshOAuth2AuthorizationCodeAuthenticationProvider
public PublicRefreshOAuth2AuthorizationCodeAuthenticationProvider(org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService authorizationService, org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator<? extends org.springframework.security.oauth2.core.OAuth2Token> tokenGenerator, TokenProperties tokenProperties) Constructs anOAuth2AuthorizationCodeAuthenticationProviderusing the provided parameters.- Parameters:
authorizationService- the authorization servicetokenGenerator- the token generator- Since:
- 0.2.3
-
-
Method Details
-
getOrder
public int getOrder()- Specified by:
getOrderin interfaceorg.springframework.core.Ordered
-
authenticate
public org.springframework.security.core.Authentication authenticate(org.springframework.security.core.Authentication authentication) throws org.springframework.security.core.AuthenticationException - Specified by:
authenticatein interfaceorg.springframework.security.authentication.AuthenticationProvider- Throws:
org.springframework.security.core.AuthenticationException
-
supports
- Specified by:
supportsin interfaceorg.springframework.security.authentication.AuthenticationProvider
-
setSessionRegistry
public void setSessionRegistry(org.springframework.security.core.session.SessionRegistry sessionRegistry) Sets theSessionRegistryused to track OpenID Connect sessions.- Parameters:
sessionRegistry- theSessionRegistryused to track OpenID Connect sessions- Since:
- 1.1
-