Package com.broadleafcommerce.auth.client.web.repo

Class BroadleafAuthorizationRequestRepository

java.lang.Object
com.broadleafcommerce.auth.client.web.repo.BroadleafAuthorizationRequestRepository
All Implemented Interfaces:
org.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>
public class BroadleafAuthorizationRequestRepository extends Object implements org.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>
Save and load OAuth2AuthorizationRequest from a cookie. The OAuth2AuthorizationRequest is wrapped in an AuthorizationRequestWrapper. Then it is serialized, wrapped in a signed jwt token, and saved to a cookie. When the browser redirects back to this app from the third party login, the AuthorizationRequestWrapper is read from the cookie, verified, and deserialized into an OAuth2AuthorizationRequest.

  • Field Details

  • Constructor Details

  • Method Details

    • loadAuthorizationRequest

      @Nullable public org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest loadAuthorizationRequest(jakarta.servlet.http.HttpServletRequest request)
      Load a saved OAuth2AuthorizationRequest from a cookie. As a side-effect, this method will also set the clientId as a request attribute.
      Specified by:
      loadAuthorizationRequest in interface org.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>
      Parameters:
      request -
      Returns:

    • saveAuthorizationRequest

      public void saveAuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Save a OAuth2AuthorizationRequest to a cookie.
      Specified by:
      saveAuthorizationRequest in interface org.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>
      Parameters:
      authorizationRequest -
      request -
      response -

    • removeAuthorizationRequest

      public org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest removeAuthorizationRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Set a blank cookie to delete the saved authorization request.
      Specified by:
      removeAuthorizationRequest in interface org.springframework.security.oauth2.client.web.AuthorizationRequestRepository<org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest>
      Parameters:
      request -
      response -
      Returns:

    • saveAuthRequestWrapper

      @NotNull @Deprecated protected @NotNull jakarta.servlet.http.Cookie saveAuthRequestWrapper(AuthorizationRequestWrapper authorizationRequestWrapper)
      Deprecated.
      since 1.6, replaced by saveAuthRequestWrapperResponseCookie(AuthorizationRequestWrapper)
      Parameters:
      authorizationRequestWrapper - the authorization request wrapper to create a cookie for
      Returns:
      the cookie containing the authorization request wrapper

    • saveAuthRequestWrapperResponseCookie

      @NotNull protected @NotNull org.springframework.http.ResponseCookie saveAuthRequestWrapperResponseCookie(AuthorizationRequestWrapper authorizationRequestWrapper)

    • getAuthorizationRequestWrapperAsSignedJwt

      protected com.nimbusds.jwt.SignedJWT getAuthorizationRequestWrapperAsSignedJwt(AuthorizationRequestWrapper authorizationRequestWrapper)

    • serializeAuthRequest

      protected String serializeAuthRequest(AuthorizationRequestWrapper authorizationRequestWrapper)
      Serialize the given AuthorizationRequestWrapper into a String.
      Parameters:
      authorizationRequestWrapper -
      Returns:

    • readAuthRequestWrapperFromCookie

      @Nullable protected AuthorizationRequestWrapper readAuthRequestWrapperFromCookie(jakarta.servlet.http.HttpServletRequest request)

    • deserializeCookie

      protected AuthorizationRequestWrapper deserializeCookie(String cookie)
      Deserialize a cookie value into an AuthorizationRequestWrapper.
      Parameters:
      cookie -
      Returns:

    • wrapAuthRequest

      protected AuthorizationRequestWrapper wrapAuthRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest)
      Wrap the given OAuth2AuthorizationRequest into an AuthorizationRequestWrapper The AuthorizationRequestWrapper includes a blcClientId field, which is set from a request parameter.
      Parameters:
      authorizationRequest -
      Returns:

    • wrapAuthorizationRequest

      protected AuthorizationRequestWrapper wrapAuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest authorizationRequest, String clientId)
      Wrap a OAuth2AuthorizationRequest in a AuthorizationRequestWrapper with the current client id
      Parameters:
      authorizationRequest -
      clientId -
      Returns:

    • buildOAuth2AuthorizationRequest

      protected org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest buildOAuth2AuthorizationRequest(AuthorizationRequestWrapper authorizationRequestWrapper)
      Build a OAuth2AuthorizationRequest from a AuthorizationRequestWrapper.
      Parameters:
      authorizationRequestWrapper -
      Returns:

    • getSavedAuthRequestCookieName

      @NotNull public @NotNull String getSavedAuthRequestCookieName()

    • getStatelessUtil

      protected StatelessUtil getStatelessUtil()

    • getContextHelperService

      protected ContextHelperService getContextHelperService()

    • getObjectMapper

      protected com.fasterxml.jackson.databind.ObjectMapper getObjectMapper()

    • setObjectMapper

      protected void setObjectMapper(com.fasterxml.jackson.databind.ObjectMapper objectMapper)

    • getProperties

      protected AuthorizationRequestRepositoryProperties getProperties()

    • setProperties

      @Autowired public void setProperties(AuthorizationRequestRepositoryProperties properties)