Class DefaultOAuth2AuthorizationService

java.lang.Object
com.broadleafcommerce.auth.authorization.service.DefaultOAuth2AuthorizationService
All Implemented Interfaces:
OidAwareOAuth2AuthorizationService, org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService

public class DefaultOAuth2AuthorizationService extends Object implements org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService, OidAwareOAuth2AuthorizationService
Implementation of Spring's OAuth2AuthorizationService for datastore persistence of OAuth2Authorization instances. Notably, also handles application of the OID value, as well as retrieval by OID. OID is an original ID value that relates all rotated refresh tokens to the original refresh token issue.
See Also:
  • Constructor Details

    • DefaultOAuth2AuthorizationService

      public DefaultOAuth2AuthorizationService(OAuth2AuthorizationRepository<JpaOAuth2Authorization> repository, org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository registeredClientRepository)
  • Method Details

    • save

      public void save(org.springframework.security.oauth2.server.authorization.OAuth2Authorization authorization)
      Specified by:
      save in interface org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService
    • remove

      @Transactional public void remove(org.springframework.security.oauth2.server.authorization.OAuth2Authorization authorization)
      Specified by:
      remove in interface org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService
    • findById

      @Transactional(readOnly=true) public org.springframework.security.oauth2.server.authorization.OAuth2Authorization findById(String id)
      Specified by:
      findById in interface org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService
    • findByOid

      @Transactional(readOnly=true) public org.springframework.security.oauth2.server.authorization.OAuth2Authorization findByOid(String oid)
      Specified by:
      findByOid in interface OidAwareOAuth2AuthorizationService
    • findByToken

      @Transactional(readOnly=true) public org.springframework.security.oauth2.server.authorization.OAuth2Authorization findByToken(String token, org.springframework.security.oauth2.server.authorization.OAuth2TokenType tokenType)
      Specified by:
      findByToken in interface org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService
    • validateRegisteredClientExists

      protected org.springframework.security.oauth2.server.authorization.client.RegisteredClient validateRegisteredClientExists(org.springframework.security.oauth2.server.authorization.OAuth2Authorization toValidate)
      This throws an error similar to JdbcOAuth2AuthorizationService.OAuth2AuthorizationRowMapper.mapRow(ResultSet, int) and ensures we fail to load authorizations for which the associated RegisteredClient is no longer present.
      Parameters:
      toValidate - the authorization whose registered client ID needs to be validated
      Returns:
      the RegisteredClient found in the datastore
      Throws:
      org.springframework.dao.DataRetrievalFailureException - thrown by default if no matching RegisteredClient was found
    • loadAssociatedRegisteredClient

      protected Optional<org.springframework.security.oauth2.server.authorization.client.RegisteredClient> loadAssociatedRegisteredClient(org.springframework.security.oauth2.server.authorization.OAuth2Authorization authorization)
    • getRepository

    • getRegisteredClientRepository

      protected org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository getRegisteredClientRepository()