Package com.broadleafcommerce.auth.server.service

Class DefaultAuthorizedClientService<P extends AuthorizedClient,D extends com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable & com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware>

java.lang.Object
com.broadleafcommerce.auth.server.service.DefaultAuthorizedClientService<P,D>
All Implemented Interfaces:
AuthorizedClientService<P>, org.springframework.beans.factory.Aware, org.springframework.context.EnvironmentAware
public class DefaultAuthorizedClientService<P extends AuthorizedClient,D extends com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable & com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware> extends Object implements AuthorizedClientService<P>, org.springframework.context.EnvironmentAware

  • Field Details

  • Constructor Details

  • Method Details

    • setEnvironment

      public void setEnvironment(org.springframework.core.env.Environment environment)
      Specified by:
      setEnvironment in interface org.springframework.context.EnvironmentAware

    • findAll

      public org.springframework.data.domain.Page<P> findAll(org.springframework.data.domain.Pageable pageable)
      Description copied from interface: AuthorizedClientService
      Find all authorized clients.
      Specified by:
      findAll in interface AuthorizedClientService<P extends AuthorizedClient>
      Parameters:
      pageable - the pageable
      Returns:
      a page of authorized client

    • findAllByServerId

      public org.springframework.data.domain.Page<P> findAllByServerId(String serverId, org.springframework.data.domain.Pageable pageable)
      Description copied from interface: AuthorizedClientService
      Finds all authorized clients within an authorization server.
      Specified by:
      findAllByServerId in interface AuthorizedClientService<P extends AuthorizedClient>
      Parameters:
      serverId - the server ID
      pageable - the pageable
      Returns:
      a page of authorized client

    • findAdminClient

      public Optional<P> findAdminClient(String tenantId)
      Description copied from interface: AuthorizedClientService
      Finds the authorized client for the admin within the given context.
      Specified by:
      findAdminClient in interface AuthorizedClientService<P extends AuthorizedClient>
      Returns:
      an optional of authorized client

    • findApplicationClient

      public Optional<P> findApplicationClient(String applicationId, String tenantId)
      Description copied from interface: AuthorizedClientService
      Finds the authorized client for the application within the given context.
      Specified by:
      findApplicationClient in interface AuthorizedClientService<P extends AuthorizedClient>
      Returns:
      an optional of authorized client

    • findApplicationClient

      public Optional<P> findApplicationClient(String applicationId)
      Description copied from interface: AuthorizedClientService
      Finds the authorized client for the application within the given context.
      Specified by:
      findApplicationClient in interface AuthorizedClientService<P extends AuthorizedClient>
      Returns:
      an optional of authorized client

    • existsById

      public boolean existsById(String id)
      Description copied from interface: AuthorizedClientService
      Check if an authorized client exists by its ID.
      Specified by:
      existsById in interface AuthorizedClientService<P extends AuthorizedClient>
      Parameters:
      id - the authorized client ID
      Returns:
      whether or the not the authorized client exists

    • findById

      public Optional<P> findById(String id)
      Description copied from interface: AuthorizedClientService
      Find an authorized client by its ID.
      Specified by:
      findById in interface AuthorizedClientService<P extends AuthorizedClient>
      Parameters:
      id - the authorized client ID
      Returns:
      an optional of authorized client

    • findByClientId

      @Cacheable(cacheNames="authCacheByAuthorizedClient", key="#a0", condition="@cacheStateManager.isEnabled(#root.caches, #root.args)") public Optional<P> findByClientId(String authorizedClientId)
      Description copied from interface: AuthorizedClientService
      Find an authorized client by its client ID.
      Specified by:
      findByClientId in interface AuthorizedClientService<P extends AuthorizedClient>
      Parameters:
      authorizedClientId - the client ID of the authorization client
      Returns:
      an optional of authorized client

    • create

      public P create(P authorizedClient)
      Description copied from interface: AuthorizedClientService
      Create a new authorized client. AuthorizedClient.getServerId() must not be null.
      Specified by:
      create in interface AuthorizedClientService<P extends AuthorizedClient>
      Parameters:
      authorizedClient - the authorized client to create
      Returns:
      the created authorized client

    • generateAuthorizedClientId

      protected String generateAuthorizedClientId(P authorizedClient)
      Generates a Base64, 16-bit string appended with the server name as the client ID for a newly created authorized client.
      Parameters:
      authorizedClient - the new authorized client
      Returns:
      the client ID

    • save

      public P save(P authorizedClient)
      Description copied from interface: AuthorizedClientService
      Save an authorized client.
      Specified by:
      save in interface AuthorizedClientService<P extends AuthorizedClient>
      Parameters:
      authorizedClient - the authorized client to save
      Returns:
      the saved authorized client

    • replace

      public P replace(String id, P authorizedClient)
      Description copied from interface: AuthorizedClientService
      Replace an authorized client.
      Specified by:
      replace in interface AuthorizedClientService<P extends AuthorizedClient>
      Parameters:
      id - the authorized client ID to replace
      authorizedClient - the authorized client replacement
      Returns:
      the created authorized client

    • delete

      public void delete(P authorizedClient)
      Description copied from interface: AuthorizedClientService
      Delete an authorized client.
      Specified by:
      delete in interface AuthorizedClientService<P extends AuthorizedClient>
      Parameters:
      authorizedClient - the authorized client to delete

    • deleteById

      public void deleteById(String id)
      Description copied from interface: AuthorizedClientService
      Delete an authorized client by ID.
      Specified by:
      deleteById in interface AuthorizedClientService<P extends AuthorizedClient>
      Parameters:
      id - the ID of the authorized client to delete

    • resolveAbsolutePathsForRelativeDefaultRedirectUri

      public Optional<String> resolveAbsolutePathsForRelativeDefaultRedirectUri(AuthorizedClient client)
      Description copied from interface: AuthorizedClientService
      Resolves the absolute path for the default redirect uri on the provided AuthorizedClient
      Specified by:
      resolveAbsolutePathsForRelativeDefaultRedirectUri in interface AuthorizedClientService<P extends AuthorizedClient>
      Parameters:
      client - The AuthorizedClient to resolve the default redirect uri for
      Returns:
      The absolute path for the default redirect uri on the provided AuthorizedClient if one is resolved else an empty Optional

    • resolveAbsolutePathsForRelativeRedirectUris

      public Set<String> resolveAbsolutePathsForRelativeRedirectUris(AuthorizedClient client)
      Description copied from interface: AuthorizedClientService
      Resolves the absolute path for the redirect uris on the provided AuthorizedClient

      If this client has any relative URLs in its AuthorizedClient.getRedirectUris(), this method will get the base URL for the client's tenant or application. Each relative redirect URI will then be added to the path of the resolved base URL, and this new absolute URL will replace the original relative value.

      If resolution of the base URL fails, or if the value is not absolute even after being appended to the base, the relative URL will be omitted from the result. This ensures the OAuth specification's requirement of absolute redirect URIs is preserved for security.

      Specified by:
      resolveAbsolutePathsForRelativeRedirectUris in interface AuthorizedClientService<P extends AuthorizedClient>
      Parameters:
      client - The AuthorizedClient to resolve the redirect uris for
      Returns:
      The absolute paths for the redirect uris on the provided AuthorizedClient that could be resolved

    • resolveAbsolutePathForUri

      public Optional<String> resolveAbsolutePathForUri(String uri, AuthorizedClient client)
      Description copied from interface: AuthorizedClientService
      Resolves the absolute path for the string uri provided
      Specified by:
      resolveAbsolutePathForUri in interface AuthorizedClientService<P extends AuthorizedClient>
      Parameters:
      uri - The uri to resolve the absolute path for
      client - The AuthorizedClient to use for finding the domain, host, etc.
      Returns:
      The uri resolved to an absolute path if possible else an empty Optional

    • resolveAbsolutePathsForUris

      public Set<String> resolveAbsolutePathsForUris(Set<String> uris, AuthorizedClient client)
      Description copied from interface: AuthorizedClientService
      Resolves the absolute path for the string uris provided
      Specified by:
      resolveAbsolutePathsForUris in interface AuthorizedClientService<P extends AuthorizedClient>
      Parameters:
      uris - The uris to resolve absolute paths for
      client - The AuthorizedClient to use for finding the domain, host, etc.
      Returns:
      The uris that could be resolved to absolute paths

    • resolveBaseUri

      protected Optional<org.springframework.web.util.UriComponentsBuilder> resolveBaseUri(AuthorizedClient client)
      Determines the base URI of the application or admin the client is used for.

      Delegates to TenantUrlResolver.

      To preserve best-effort for the remainder of the flow, this method will not throw exceptions. Errors will be gracefully logged, and Optional.empty() will be returned.

      Parameters:
      client - the client whose admin or application base URI needs to be found
      Returns:
      a UriComponentsBuilder representing the base URI if successfully found, Optional.empty() otherwise

    • preProcessAndConvertToRegisteredClient

      public org.springframework.security.oauth2.server.authorization.client.RegisteredClient preProcessAndConvertToRegisteredClient(AuthorizedClient authorizedClient)
      Description copied from interface: AuthorizedClientService
      Pre-processes and subsequently converts the given instance into a RegisteredClient.

      This is the preferred mechanism to convert an AuthorizedClient into a RegisteredClient (so long as the mutation semantics are acceptable), as opposed to directly invoking AuthorizedClient.toRegisteredClient().

      Specified by:
      preProcessAndConvertToRegisteredClient in interface AuthorizedClientService<P extends AuthorizedClient>
      Parameters:
      authorizedClient - the instance to mutate and convert to a RegisteredClient
      Returns:
      the RegisteredClient representation of the input

    • preProcessBeforeRegisteredClientConversion

      protected void preProcessBeforeRegisteredClientConversion(AuthorizedClient authorizedClient)
      Intended as a hook point to pre-process fields on AuthorizedClient before AuthorizedClient.toRegisteredClient() is invoked.
      Parameters:
      authorizedClient - the client instance that should be mutated

    • preProcessRedirectUris

      protected void preProcessRedirectUris(AuthorizedClient authorizedClient)

    • getWithLowercaseHostnameVariants

      protected Set<String> getWithLowercaseHostnameVariants(Set<String> absoluteUris)
      Parameters:
      absoluteUris - absolute URIs for which lower-cased hostname variants should be generated
      Returns:
      a new set containing all the original absoluteUris as well as variants of those URIs containing lower-cased hostnames

    • formatWithLowercaseHostname

      protected String formatWithLowercaseHostname(@NonNull @NonNull String url)
      Format the host portion of the URL as all lowercase here. If the url is relative, then nothing will be done.
      Parameters:
      url - The url to format.
      Returns:
      The formatted url.

    • getWithTrailingSlashVariants

      protected Set<String> getWithTrailingSlashVariants(Set<String> absoluteUris)
      Parameters:
      absoluteUris - absolute URIs for which trailing slash variants should be generated
      Returns:
      a new set containing all the original absoluteUris as well as variants of those URIs that contain/do-not-contain trailing slashes.

    • findRepositoryDomainById

      protected Optional<D> findRepositoryDomainById(String id)

    • fromRepositoryDomain

      protected Optional<P> fromRepositoryDomain(Optional<D> optionalDomain)

    • getClientSecretHashValueFromEnvironment

      @Nullable public String getClientSecretHashValueFromEnvironment(String clientId)
      Description copied from interface: AuthorizedClientService
      AuthorizedClient.getClientSecret() may not be persisted in the datastore and instead come from an application property.

      This serves as a convenient utility method to get the value of that property from the environment for a particular client ID.

      Note that the other methods in this class such as AuthorizedClientService.findById(String) almost always return the AuthorizedClient with this value already populated in AuthorizedClient.getClientSecret() (if present).

      Specified by:
      getClientSecretHashValueFromEnvironment in interface AuthorizedClientService<P extends AuthorizedClient>
      Parameters:
      clientId - the AuthorizedClient.getClientId() of the client whose client secret hash property value should be looked up
      Returns:
      the client secret hash value if found in the environment, else null

    • fromRepositoryDomain

      protected org.springframework.data.domain.Page<P> fromRepositoryDomain(org.springframework.data.domain.Page<D> page)

    • validate

      protected void validate(P authorizedClient)

    • validateUniqueClientPerApplication

      protected void validateUniqueClientPerApplication(P authorizedClient, org.springframework.validation.Errors errors)

    • validateUniqueClientPerClientId

      protected void validateUniqueClientPerClientId(P authorizedClient, org.springframework.validation.Errors errors)

    • validateUniqueAdminClientPerTenant

      protected void validateUniqueAdminClientPerTenant(P authorizedClient, org.springframework.validation.Errors errors)

    • getServerService

      protected AuthorizationServerService<AuthorizationServer> getServerService()

    • getRepository

      protected AuthorizedClientRepository<D> getRepository()

    • getMapper

      protected SimplePayloadMapper getMapper()

    • getValidator

      protected com.broadleafcommerce.data.tracking.core.mapping.validation.EntityValidatorManager getValidator()

    • getPasswordEncoder

      protected org.springframework.security.crypto.password.PasswordEncoder getPasswordEncoder()

    • getTenantUrlResolver

      protected TenantUrlResolver getTenantUrlResolver()

    • getEnvironment

      protected org.springframework.core.env.Environment getEnvironment()