Class AuthorizationServer

java.lang.Object
com.broadleafcommerce.auth.server.domain.AuthorizationServer

public class AuthorizationServer extends Object
An authorization server responsible for authenticating users. Generally, there are at least two authorization servers per tenant: one for customer users and one for admin users.

Users belong to an authorization server and are authenticated against it.

In the majority of cases, there is a 1-1 relationship between an AuthorizationServer and AuthorizedClient, though this is not a requirement.

In the case that an authorization server has multiple clients, users are shared between clients. This allows, for example, a tenant with multiple store-fronts to share a single login across different storefronts.

Keep in mind that any unique user requirements, such as unique email addresses, usernames, etc. are unique to an authorization server.

See Also:
  • Constructor Details

    • AuthorizationServer

      public AuthorizationServer()
  • Method Details

    • getId

      public String getId()
      The primary ID of this server
    • getTenantId

      public String getTenantId()
      The ID of the tenant this authorization server is associated with. This value is not updatable.
    • getName

      public String getName()
      The unique name for this authorization server. This value is not updatable.
    • getFriendlyName

      public String getFriendlyName()
      The friendly name of this authorization server. Intended for display purposes.
    • getInactivityTimeoutSeconds

      public Integer getInactivityTimeoutSeconds()
      The period of time, in seconds, that the user's session will timeout if no action is taken.
    • getRequireLoginTimeoutSeconds

      public Integer getRequireLoginTimeoutSeconds()
      The maximum amount of time, in seconds, a user's session will persist before requiring re-login.
    • getTemplatePath

      public String getTemplatePath()
      The path on the classpath to the authorization servers templates. This should reference the folder within the `templates` folder. i.e. "admin" for the path `classpath:/templates/admin/`
    • isSsoEnabled

      public boolean isSsoEnabled()
      Whether or not SSO is enabled for this authorization server.
    • isCrossOrigin

      public boolean isCrossOrigin()
      Whether or not the user's session with this authorization server is active for cross-origin requests. If set to true, the session cookie will include a SameSite policy of "None", thereby allowing the session cookie for cross-origin requests. Defaults to false.
    • getDefaultUserRoles

      public Set<UserRoleRef> getDefaultUserRoles()
      The default roles a user is assigned when authenticating against this server.
    • getDefaultUserPermissions

      public Set<UserPermissionRef> getDefaultUserPermissions()
      The default permissions a user is assigned when authenticating against this server.
    • getAttributes

      public Map<String,Object> getAttributes()
      Additional attributes associated with this authorization server.
    • getDefaultRedirectUri

      public String getDefaultRedirectUri()
      The default redirect URI to use if a user accesses a login page without a valid redirect cookie
    • getFailedLoginAttemptsAllowed

      public Integer getFailedLoginAttemptsAllowed()
      How many failed login attempts are allowed before a user is locked out. Zero or null indicates unlimited login attempts.
    • getLockoutDurationMinutes

      public Long getLockoutDurationMinutes()
      The time, in minutes, a user is locked out if they exceed the allowed number of failed login attempts. Null indicates unlimited lockout duration.
    • getLoginFailDecayMinutes

      public Long getLoginFailDecayMinutes()
      How long, in minutes, it takes for failed login attempts to "decay". Failed login attempts that have decayed will not be taken into account when determining if a use should be locked out. Null indicates attempts never decay.
    • isEmbeddedLoginEnabled

      public boolean isEmbeddedLoginEnabled()
      Whether this server allows embedded login and registration submissions as opposed to only allowing Universal Login. Default is false.
      Returns:
      Whether this server allows embedded login and registration submissions as opposed to only allowing Universal Login.
    • getResetPasswordUnlocksUser

      public String getResetPasswordUnlocksUser()
      Will a successful reset password unlock this user if they're locked? See User.isLocked()
    • getLockedUserCanResetPassword

      public String getLockedUserCanResetPassword()
      Can a locked user initiate a password reset? See User.isLocked()
    • setId

      public void setId(String id)
      The primary ID of this server
    • setTenantId

      public void setTenantId(String tenantId)
      The ID of the tenant this authorization server is associated with. This value is not updatable.
    • setName

      public void setName(String name)
      The unique name for this authorization server. This value is not updatable.
    • setFriendlyName

      public void setFriendlyName(String friendlyName)
      The friendly name of this authorization server. Intended for display purposes.
    • setInactivityTimeoutSeconds

      public void setInactivityTimeoutSeconds(Integer inactivityTimeoutSeconds)
      The period of time, in seconds, that the user's session will timeout if no action is taken.
    • setRequireLoginTimeoutSeconds

      public void setRequireLoginTimeoutSeconds(Integer requireLoginTimeoutSeconds)
      The maximum amount of time, in seconds, a user's session will persist before requiring re-login.
    • setTemplatePath

      public void setTemplatePath(String templatePath)
      The path on the classpath to the authorization servers templates. This should reference the folder within the `templates` folder. i.e. "admin" for the path `classpath:/templates/admin/`
    • setSsoEnabled

      public void setSsoEnabled(boolean ssoEnabled)
      Whether or not SSO is enabled for this authorization server.
    • setCrossOrigin

      public void setCrossOrigin(boolean crossOrigin)
      Whether or not the user's session with this authorization server is active for cross-origin requests. If set to true, the session cookie will include a SameSite policy of "None", thereby allowing the session cookie for cross-origin requests. Defaults to false.
    • setDefaultUserRoles

      public void setDefaultUserRoles(Set<UserRoleRef> defaultUserRoles)
      The default roles a user is assigned when authenticating against this server.
    • setDefaultUserPermissions

      public void setDefaultUserPermissions(Set<UserPermissionRef> defaultUserPermissions)
      The default permissions a user is assigned when authenticating against this server.
    • setAttributes

      public void setAttributes(Map<String,Object> attributes)
      Additional attributes associated with this authorization server.
    • setDefaultRedirectUri

      public void setDefaultRedirectUri(String defaultRedirectUri)
      The default redirect URI to use if a user accesses a login page without a valid redirect cookie
    • setFailedLoginAttemptsAllowed

      public void setFailedLoginAttemptsAllowed(Integer failedLoginAttemptsAllowed)
      How many failed login attempts are allowed before a user is locked out. Zero or null indicates unlimited login attempts.
    • setLockoutDurationMinutes

      public void setLockoutDurationMinutes(Long lockoutDurationMinutes)
      The time, in minutes, a user is locked out if they exceed the allowed number of failed login attempts. Null indicates unlimited lockout duration.
    • setLoginFailDecayMinutes

      public void setLoginFailDecayMinutes(Long loginFailDecayMinutes)
      How long, in minutes, it takes for failed login attempts to "decay". Failed login attempts that have decayed will not be taken into account when determining if a use should be locked out. Null indicates attempts never decay.
    • setEmbeddedLoginEnabled

      public void setEmbeddedLoginEnabled(boolean embeddedLoginEnabled)
      Whether this server allows embedded login and registration submissions as opposed to only allowing Universal Login. Default is false.
      Parameters:
      embeddedLoginEnabled - Whether this server allows embedded login and registration submissions as opposed to only allowing Universal Login.
    • setResetPasswordUnlocksUser

      public void setResetPasswordUnlocksUser(String resetPasswordUnlocksUser)
      Will a successful reset password unlock this user if they're locked? See User.isLocked()
    • setLockedUserCanResetPassword

      public void setLockedUserCanResetPassword(String lockedUserCanResetPassword)
      Can a locked user initiate a password reset? See User.isLocked()
    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object
    • canEqual

      protected boolean canEqual(Object other)
    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object
    • toString

      public String toString()
      Overrides:
      toString in class Object