Class BroadleafAuthorizationRequestRepository
java.lang.Object
com.broadleafcommerce.auth.client.web.repo.BroadleafAuthorizationRequestRepository
- All Implemented Interfaces:
org.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>
public class BroadleafAuthorizationRequestRepository
extends Object
implements org.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>
Save and load
OAuth2AuthorizationRequest
from a cookie.
The OAuth2AuthorizationRequest
is wrapped in an AuthorizationRequestWrapper
. Then
it is serialized, wrapped in a signed jwt token, and saved to a cookie. When the browser
redirects back to this app from the third party login, the AuthorizationRequestWrapper
is
read from the cookie, verified, and deserialized into an OAuth2AuthorizationRequest
.-
Field Summary
-
Constructor Summary
ConstructorDescriptionBroadleafAuthorizationRequestRepository
(StatelessUtil statelessUtil, ContextHelperService contextHelperService) -
Method Summary
Modifier and TypeMethodDescriptionprotected org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
buildOAuth2AuthorizationRequest
(AuthorizationRequestWrapper authorizationRequestWrapper) Build aOAuth2AuthorizationRequest
from aAuthorizationRequestWrapper
.protected AuthorizationRequestWrapper
deserializeCookie
(String cookie) Deserialize a cookie value into anAuthorizationRequestWrapper
.protected com.nimbusds.jwt.SignedJWT
getAuthorizationRequestWrapperAsSignedJwt
(AuthorizationRequestWrapper authorizationRequestWrapper) protected ContextHelperService
protected com.fasterxml.jackson.databind.ObjectMapper
protected AuthorizationRequestRepositoryProperties
@NotNull String
protected StatelessUtil
org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
loadAuthorizationRequest
(jakarta.servlet.http.HttpServletRequest request) Load a savedOAuth2AuthorizationRequest
from a cookie.protected AuthorizationRequestWrapper
readAuthRequestWrapperFromCookie
(jakarta.servlet.http.HttpServletRequest request) org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
removeAuthorizationRequest
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Set a blank cookie to delete the saved authorization request.void
saveAuthorizationRequest
(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Save aOAuth2AuthorizationRequest
to a cookie.protected @NotNull jakarta.servlet.http.Cookie
saveAuthRequestWrapper
(AuthorizationRequestWrapper authorizationRequestWrapper) Deprecated.protected @NotNull org.springframework.http.ResponseCookie
saveAuthRequestWrapperResponseCookie
(AuthorizationRequestWrapper authorizationRequestWrapper) protected String
serializeAuthRequest
(AuthorizationRequestWrapper authorizationRequestWrapper) Serialize the givenAuthorizationRequestWrapper
into a String.protected void
setObjectMapper
(com.fasterxml.jackson.databind.ObjectMapper objectMapper) void
protected AuthorizationRequestWrapper
wrapAuthorizationRequest
(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest, String clientId) Wrap aOAuth2AuthorizationRequest
in aAuthorizationRequestWrapper
with the current client idprotected AuthorizationRequestWrapper
wrapAuthRequest
(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest) Wrap the givenOAuth2AuthorizationRequest
into anAuthorizationRequestWrapper
TheAuthorizationRequestWrapper
includes a blcClientId field, which is set from a request parameter.
-
Field Details
-
SAVED_AUTH_REQUEST_COOKIE_NAME
- See Also:
-
AUTH_REQUEST_CLAIM_KEY
- See Also:
-
EXPIRES_IN_SECONDS
protected static final long EXPIRES_IN_SECONDS- See Also:
-
-
Constructor Details
-
BroadleafAuthorizationRequestRepository
public BroadleafAuthorizationRequestRepository(StatelessUtil statelessUtil, ContextHelperService contextHelperService)
-
-
Method Details
-
loadAuthorizationRequest
@Nullable public org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest loadAuthorizationRequest(jakarta.servlet.http.HttpServletRequest request) Load a savedOAuth2AuthorizationRequest
from a cookie. As a side-effect, this method will also set the clientId as a request attribute.- Specified by:
loadAuthorizationRequest
in interfaceorg.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>
- Parameters:
request
-- Returns:
-
saveAuthorizationRequest
public void saveAuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Save aOAuth2AuthorizationRequest
to a cookie.- Specified by:
saveAuthorizationRequest
in interfaceorg.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>
- Parameters:
authorizationRequest
-request
-response
-
-
removeAuthorizationRequest
public org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest removeAuthorizationRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Set a blank cookie to delete the saved authorization request.- Specified by:
removeAuthorizationRequest
in interfaceorg.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>
- Parameters:
request
-response
-- Returns:
-
saveAuthRequestWrapper
@NotNull @Deprecated protected @NotNull jakarta.servlet.http.Cookie saveAuthRequestWrapper(AuthorizationRequestWrapper authorizationRequestWrapper) Deprecated.since 1.6, replaced bysaveAuthRequestWrapperResponseCookie(AuthorizationRequestWrapper)
- Parameters:
authorizationRequestWrapper
- the authorization request wrapper to create a cookie for- Returns:
- the cookie containing the authorization request wrapper
-
saveAuthRequestWrapperResponseCookie
@NotNull protected @NotNull org.springframework.http.ResponseCookie saveAuthRequestWrapperResponseCookie(AuthorizationRequestWrapper authorizationRequestWrapper) -
getAuthorizationRequestWrapperAsSignedJwt
protected com.nimbusds.jwt.SignedJWT getAuthorizationRequestWrapperAsSignedJwt(AuthorizationRequestWrapper authorizationRequestWrapper) -
serializeAuthRequest
Serialize the givenAuthorizationRequestWrapper
into a String.- Parameters:
authorizationRequestWrapper
-- Returns:
-
readAuthRequestWrapperFromCookie
@Nullable protected AuthorizationRequestWrapper readAuthRequestWrapperFromCookie(jakarta.servlet.http.HttpServletRequest request) -
deserializeCookie
Deserialize a cookie value into anAuthorizationRequestWrapper
.- Parameters:
cookie
-- Returns:
-
wrapAuthRequest
protected AuthorizationRequestWrapper wrapAuthRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest) Wrap the givenOAuth2AuthorizationRequest
into anAuthorizationRequestWrapper
TheAuthorizationRequestWrapper
includes a blcClientId field, which is set from a request parameter.- Parameters:
authorizationRequest
-- Returns:
-
wrapAuthorizationRequest
protected AuthorizationRequestWrapper wrapAuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest, String clientId) Wrap aOAuth2AuthorizationRequest
in aAuthorizationRequestWrapper
with the current client id- Parameters:
authorizationRequest
-clientId
-- Returns:
-
buildOAuth2AuthorizationRequest
protected org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest buildOAuth2AuthorizationRequest(AuthorizationRequestWrapper authorizationRequestWrapper) Build aOAuth2AuthorizationRequest
from aAuthorizationRequestWrapper
.- Parameters:
authorizationRequestWrapper
-- Returns:
-
getSavedAuthRequestCookieName
-
getStatelessUtil
-
getContextHelperService
-
getObjectMapper
protected com.fasterxml.jackson.databind.ObjectMapper getObjectMapper() -
setObjectMapper
protected void setObjectMapper(com.fasterxml.jackson.databind.ObjectMapper objectMapper) -
getProperties
-
setProperties
-
saveAuthRequestWrapperResponseCookie(AuthorizationRequestWrapper)