Class AuthorizationServer
java.lang.Object
com.broadleafcommerce.auth.server.domain.AuthorizationServer
An authorization server responsible for authenticating users. Generally, there are at least two
authorization servers per tenant: one for customer users and one for admin users.
Users
belong to an authorization server
and are authenticated against it.
In the majority of cases, there is a 1-1 relationship between an AuthorizationServer
and
AuthorizedClient
, though this is not a requirement.
In the case that an authorization server has multiple clients
, users are
shared between clients. This allows, for example, a tenant with multiple store-fronts to share a
single login across different storefronts.
Keep in mind that any unique user requirements, such as unique email addresses, usernames, etc. are unique to an authorization server.
- See Also:
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected boolean
boolean
Additional attributes associated with this authorization server.The default redirect URI to use if a user accesses a login page without a valid redirect cookieThe default permissions a user is assigned when authenticating against this server.The default roles a user is assigned when authenticating against this server.How many failed login attempts are allowed before a user is locked out.The friendly name of this authorization server.getId()
The primary ID of this serverThe period of time, in seconds, that the user's session will timeout if no action is taken.Can a locked user initiate a password reset? SeeUser.isLocked()
The time, in minutes, a user is locked out if they exceed the allowed number of failed login attempts.How long, in minutes, it takes for failed login attempts to "decay".getName()
The unique name for this authorization server.The maximum amount of time, in seconds, a user's session will persist before requiring re-login.Will a successful reset password unlock this user if they're locked? SeeUser.isLocked()
The path on the classpath to the authorization servers templates.The ID of the tenant this authorization server is associated with.int
hashCode()
boolean
Whether or not the user's session with this authorization server is active for cross-origin requests.boolean
Whether this server allows embedded login and registration submissions as opposed to only allowing Universal Login.boolean
Whether or not SSO is enabled for this authorization server.void
setAttributes
(Map<String, Object> attributes) Additional attributes associated with this authorization server.void
setCrossOrigin
(boolean crossOrigin) Whether or not the user's session with this authorization server is active for cross-origin requests.void
setDefaultRedirectUri
(String defaultRedirectUri) The default redirect URI to use if a user accesses a login page without a valid redirect cookievoid
setDefaultUserPermissions
(Set<UserPermissionRef> defaultUserPermissions) The default permissions a user is assigned when authenticating against this server.void
setDefaultUserRoles
(Set<UserRoleRef> defaultUserRoles) The default roles a user is assigned when authenticating against this server.void
setEmbeddedLoginEnabled
(boolean embeddedLoginEnabled) Whether this server allows embedded login and registration submissions as opposed to only allowing Universal Login.void
setFailedLoginAttemptsAllowed
(Integer failedLoginAttemptsAllowed) How many failed login attempts are allowed before a user is locked out.void
setFriendlyName
(String friendlyName) The friendly name of this authorization server.void
The primary ID of this servervoid
setInactivityTimeoutSeconds
(Integer inactivityTimeoutSeconds) The period of time, in seconds, that the user's session will timeout if no action is taken.void
setLockedUserCanResetPassword
(String lockedUserCanResetPassword) Can a locked user initiate a password reset? SeeUser.isLocked()
void
setLockoutDurationMinutes
(Long lockoutDurationMinutes) The time, in minutes, a user is locked out if they exceed the allowed number of failed login attempts.void
setLoginFailDecayMinutes
(Long loginFailDecayMinutes) How long, in minutes, it takes for failed login attempts to "decay".void
The unique name for this authorization server.void
setRequireLoginTimeoutSeconds
(Integer requireLoginTimeoutSeconds) The maximum amount of time, in seconds, a user's session will persist before requiring re-login.void
setResetPasswordUnlocksUser
(String resetPasswordUnlocksUser) Will a successful reset password unlock this user if they're locked? SeeUser.isLocked()
void
setSsoEnabled
(boolean ssoEnabled) Whether or not SSO is enabled for this authorization server.void
setTemplatePath
(String templatePath) The path on the classpath to the authorization servers templates.void
setTenantId
(String tenantId) The ID of the tenant this authorization server is associated with.toString()
-
Constructor Details
-
AuthorizationServer
public AuthorizationServer()
-
-
Method Details
-
getId
The primary ID of this server -
getTenantId
The ID of the tenant this authorization server is associated with. This value is not updatable. -
getName
The unique name for this authorization server. This value is not updatable. -
getFriendlyName
The friendly name of this authorization server. Intended for display purposes. -
getInactivityTimeoutSeconds
The period of time, in seconds, that the user's session will timeout if no action is taken. -
getRequireLoginTimeoutSeconds
The maximum amount of time, in seconds, a user's session will persist before requiring re-login. -
getTemplatePath
The path on the classpath to the authorization servers templates. This should reference the folder within the `templates` folder. i.e. "admin" for the path `classpath:/templates/admin/` -
isSsoEnabled
public boolean isSsoEnabled()Whether or not SSO is enabled for this authorization server. -
isCrossOrigin
public boolean isCrossOrigin()Whether or not the user's session with this authorization server is active for cross-origin requests. If set to true, the session cookie will include a SameSite policy of "None", thereby allowing the session cookie for cross-origin requests. Defaults to false. -
getDefaultUserRoles
The default roles a user is assigned when authenticating against this server. -
getDefaultUserPermissions
The default permissions a user is assigned when authenticating against this server. -
getAttributes
Additional attributes associated with this authorization server. -
getDefaultRedirectUri
The default redirect URI to use if a user accesses a login page without a valid redirect cookie -
getFailedLoginAttemptsAllowed
How many failed login attempts are allowed before a user is locked out. Zero or null indicates unlimited login attempts. -
getLockoutDurationMinutes
The time, in minutes, a user is locked out if they exceed the allowed number of failed login attempts. Null indicates unlimited lockout duration. -
getLoginFailDecayMinutes
How long, in minutes, it takes for failed login attempts to "decay". Failed login attempts that have decayed will not be taken into account when determining if a use should be locked out. Null indicates attempts never decay. -
isEmbeddedLoginEnabled
public boolean isEmbeddedLoginEnabled()Whether this server allows embedded login and registration submissions as opposed to only allowing Universal Login. Default is false.- Returns:
- Whether this server allows embedded login and registration submissions as opposed to only allowing Universal Login.
-
getResetPasswordUnlocksUser
Will a successful reset password unlock this user if they're locked? SeeUser.isLocked()
-
getLockedUserCanResetPassword
Can a locked user initiate a password reset? SeeUser.isLocked()
-
setId
The primary ID of this server -
setTenantId
The ID of the tenant this authorization server is associated with. This value is not updatable. -
setName
The unique name for this authorization server. This value is not updatable. -
setFriendlyName
The friendly name of this authorization server. Intended for display purposes. -
setInactivityTimeoutSeconds
The period of time, in seconds, that the user's session will timeout if no action is taken. -
setRequireLoginTimeoutSeconds
The maximum amount of time, in seconds, a user's session will persist before requiring re-login. -
setTemplatePath
The path on the classpath to the authorization servers templates. This should reference the folder within the `templates` folder. i.e. "admin" for the path `classpath:/templates/admin/` -
setSsoEnabled
public void setSsoEnabled(boolean ssoEnabled) Whether or not SSO is enabled for this authorization server. -
setCrossOrigin
public void setCrossOrigin(boolean crossOrigin) Whether or not the user's session with this authorization server is active for cross-origin requests. If set to true, the session cookie will include a SameSite policy of "None", thereby allowing the session cookie for cross-origin requests. Defaults to false. -
setDefaultUserRoles
The default roles a user is assigned when authenticating against this server. -
setDefaultUserPermissions
The default permissions a user is assigned when authenticating against this server. -
setAttributes
Additional attributes associated with this authorization server. -
setDefaultRedirectUri
The default redirect URI to use if a user accesses a login page without a valid redirect cookie -
setFailedLoginAttemptsAllowed
How many failed login attempts are allowed before a user is locked out. Zero or null indicates unlimited login attempts. -
setLockoutDurationMinutes
The time, in minutes, a user is locked out if they exceed the allowed number of failed login attempts. Null indicates unlimited lockout duration. -
setLoginFailDecayMinutes
How long, in minutes, it takes for failed login attempts to "decay". Failed login attempts that have decayed will not be taken into account when determining if a use should be locked out. Null indicates attempts never decay. -
setEmbeddedLoginEnabled
public void setEmbeddedLoginEnabled(boolean embeddedLoginEnabled) Whether this server allows embedded login and registration submissions as opposed to only allowing Universal Login. Default is false.- Parameters:
embeddedLoginEnabled
- Whether this server allows embedded login and registration submissions as opposed to only allowing Universal Login.
-
setResetPasswordUnlocksUser
Will a successful reset password unlock this user if they're locked? SeeUser.isLocked()
-
setLockedUserCanResetPassword
Can a locked user initiate a password reset? SeeUser.isLocked()
-
equals
-
canEqual
-
hashCode
public int hashCode() -
toString
-