Class DefaultAuthorizedClientService<P extends AuthorizedClient,D extends com.broadleafcommerce.data.tracking.core.mapping.ModelMapperMappable & com.broadleafcommerce.data.tracking.core.mapping.BusinessTypeAware>
- All Implemented Interfaces:
AuthorizedClientService<P>
,org.springframework.beans.factory.Aware
,org.springframework.context.EnvironmentAware
-
Nested Class Summary
Modifier and TypeClassDescriptionprotected class
This leverages the lazy-initializer pattern to ensure the base-uri resolution logic for relative URLs (which may be expensive) is only engaged if needed, and won't perform computation more than once. -
Field Summary
-
Constructor Summary
ConstructorDescriptionDefaultAuthorizedClientService
(AuthorizationServerService<AuthorizationServer> serverService, AuthorizedClientRepository<D> repository, SimplePayloadMapper mapper, com.broadleafcommerce.data.tracking.core.mapping.validation.EntityValidatorManager validator, org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, TenantUrlResolver tenantUrlResolver) -
Method Summary
Modifier and TypeMethodDescriptionCreate a new authorized client.void
Delete an authorized client.void
deleteById
(String id) Delete an authorized client by ID.boolean
existsById
(String id) Check if an authorized client exists by its ID.findAdminClient
(String tenantId) Finds the authorized client for the admin within the given context.org.springframework.data.domain.Page<P>
findAll
(org.springframework.data.domain.Pageable pageable) Find all authorized clients.org.springframework.data.domain.Page<P>
findAllByServerId
(String serverId, org.springframework.data.domain.Pageable pageable) Finds all authorized clients within an authorization server.findApplicationClient
(String applicationId) Finds the authorized client for the application within the given context.findApplicationClient
(String applicationId, String tenantId) Finds the authorized client for the application within the given context.findByClientId
(String authorizedClientId) Find an authorized client by its client ID.Find an authorized client by its ID.protected String
formatWithLowercaseHostname
(@NonNull String url) Format the host portion of the URL as all lowercase here.fromRepositoryDomain
(Optional<D> optionalDomain) protected org.springframework.data.domain.Page<P>
fromRepositoryDomain
(org.springframework.data.domain.Page<D> page) protected String
generateAuthorizedClientId
(P authorizedClient) Generates a Base64, 16-bit string appended with the server name as the client ID for a newly created authorized client.AuthorizedClient.getClientSecret()
may not be persisted in the datastore and instead come from an application property.protected org.springframework.core.env.Environment
protected SimplePayloadMapper
protected org.springframework.security.crypto.password.PasswordEncoder
protected AuthorizedClientRepository<D>
protected AuthorizationServerService<AuthorizationServer>
protected TenantUrlResolver
protected com.broadleafcommerce.data.tracking.core.mapping.validation.EntityValidatorManager
getWithLowercaseHostnameVariants
(Set<String> absoluteUris) getWithTrailingSlashVariants
(Set<String> absoluteUris) org.springframework.security.oauth2.server.authorization.client.RegisteredClient
preProcessAndConvertToRegisteredClient
(AuthorizedClient authorizedClient) Pre-processes and subsequently converts the given instance into aRegisteredClient
.protected void
preProcessBeforeRegisteredClientConversion
(AuthorizedClient authorizedClient) Intended as a hook point to pre-process fields onAuthorizedClient
beforeAuthorizedClient.toRegisteredClient()
is invoked.protected void
preProcessRedirectUris
(AuthorizedClient authorizedClient) Replace an authorized client.resolveAbsolutePathForUri
(String uri, AuthorizedClient client) Resolves the absolute path for the string uri providedResolves the absolute path for the default redirect uri on the providedAuthorizedClient
Resolves the absolute path for the redirect uris on the providedAuthorizedClient
resolveAbsolutePathsForUris
(Set<String> uris, AuthorizedClient client) Resolves the absolute path for the string uris providedprotected Optional<org.springframework.web.util.UriComponentsBuilder>
resolveBaseUri
(AuthorizedClient client) Determines the base URI of the application or admin the client is used for.Save an authorized client.void
setEnvironment
(org.springframework.core.env.Environment environment) protected void
protected void
validateUniqueAdminClientPerTenant
(P authorizedClient, org.springframework.validation.Errors errors) protected void
validateUniqueClientPerApplication
(P authorizedClient, org.springframework.validation.Errors errors) protected void
validateUniqueClientPerClientId
(P authorizedClient, org.springframework.validation.Errors errors)
-
Field Details
-
CACHE_BY_AUTHORIZED_CLIENT
- See Also:
-
CLIENT_SECRET_ENVIRONMENT_KEY_TEMPLATE
- See Also:
-
-
Constructor Details
-
DefaultAuthorizedClientService
public DefaultAuthorizedClientService(AuthorizationServerService<AuthorizationServer> serverService, AuthorizedClientRepository<D> repository, SimplePayloadMapper mapper, com.broadleafcommerce.data.tracking.core.mapping.validation.EntityValidatorManager validator, org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, TenantUrlResolver tenantUrlResolver)
-
-
Method Details
-
setEnvironment
public void setEnvironment(org.springframework.core.env.Environment environment) - Specified by:
setEnvironment
in interfaceorg.springframework.context.EnvironmentAware
-
findAll
public org.springframework.data.domain.Page<P> findAll(org.springframework.data.domain.Pageable pageable) Description copied from interface:AuthorizedClientService
Find all authorized clients.- Specified by:
findAll
in interfaceAuthorizedClientService<P extends AuthorizedClient>
- Parameters:
pageable
- the pageable- Returns:
- a page of authorized client
-
findAllByServerId
public org.springframework.data.domain.Page<P> findAllByServerId(String serverId, org.springframework.data.domain.Pageable pageable) Description copied from interface:AuthorizedClientService
Finds all authorized clients within an authorization server.- Specified by:
findAllByServerId
in interfaceAuthorizedClientService<P extends AuthorizedClient>
- Parameters:
serverId
- the server IDpageable
- the pageable- Returns:
- a page of authorized client
-
findAdminClient
Description copied from interface:AuthorizedClientService
Finds the authorized client for the admin within the given context.- Specified by:
findAdminClient
in interfaceAuthorizedClientService<P extends AuthorizedClient>
- Returns:
- an optional of authorized client
-
findApplicationClient
Description copied from interface:AuthorizedClientService
Finds the authorized client for the application within the given context.- Specified by:
findApplicationClient
in interfaceAuthorizedClientService<P extends AuthorizedClient>
- Returns:
- an optional of authorized client
-
findApplicationClient
Description copied from interface:AuthorizedClientService
Finds the authorized client for the application within the given context.- Specified by:
findApplicationClient
in interfaceAuthorizedClientService<P extends AuthorizedClient>
- Returns:
- an optional of authorized client
-
existsById
Description copied from interface:AuthorizedClientService
Check if an authorized client exists by its ID.- Specified by:
existsById
in interfaceAuthorizedClientService<P extends AuthorizedClient>
- Parameters:
id
- the authorized client ID- Returns:
- whether or the not the authorized client exists
-
findById
Description copied from interface:AuthorizedClientService
Find an authorized client by its ID.- Specified by:
findById
in interfaceAuthorizedClientService<P extends AuthorizedClient>
- Parameters:
id
- the authorized client ID- Returns:
- an optional of authorized client
-
findByClientId
@Cacheable(cacheNames="authCacheByAuthorizedClient", key="#a0", condition="@cacheStateManager.isEnabled(#root.caches, #root.args)") public Optional<P> findByClientId(String authorizedClientId) Description copied from interface:AuthorizedClientService
Find an authorized client by its client ID.- Specified by:
findByClientId
in interfaceAuthorizedClientService<P extends AuthorizedClient>
- Parameters:
authorizedClientId
- the client ID of the authorization client- Returns:
- an optional of authorized client
-
create
Description copied from interface:AuthorizedClientService
Create a new authorized client.AuthorizedClient.getServerId()
must not be null.- Specified by:
create
in interfaceAuthorizedClientService<P extends AuthorizedClient>
- Parameters:
authorizedClient
- the authorized client to create- Returns:
- the created authorized client
-
generateAuthorizedClientId
Generates a Base64, 16-bit string appended with the server name as the client ID for a newly created authorized client.- Parameters:
authorizedClient
- the new authorized client- Returns:
- the client ID
-
save
Description copied from interface:AuthorizedClientService
Save an authorized client.- Specified by:
save
in interfaceAuthorizedClientService<P extends AuthorizedClient>
- Parameters:
authorizedClient
- the authorized client to save- Returns:
- the saved authorized client
-
replace
Description copied from interface:AuthorizedClientService
Replace an authorized client.- Specified by:
replace
in interfaceAuthorizedClientService<P extends AuthorizedClient>
- Parameters:
id
- the authorized client ID to replaceauthorizedClient
- the authorized client replacement- Returns:
- the created authorized client
-
delete
Description copied from interface:AuthorizedClientService
Delete an authorized client.- Specified by:
delete
in interfaceAuthorizedClientService<P extends AuthorizedClient>
- Parameters:
authorizedClient
- the authorized client to delete
-
deleteById
Description copied from interface:AuthorizedClientService
Delete an authorized client by ID.- Specified by:
deleteById
in interfaceAuthorizedClientService<P extends AuthorizedClient>
- Parameters:
id
- the ID of the authorized client to delete
-
resolveAbsolutePathsForRelativeDefaultRedirectUri
Description copied from interface:AuthorizedClientService
Resolves the absolute path for the default redirect uri on the providedAuthorizedClient
- Specified by:
resolveAbsolutePathsForRelativeDefaultRedirectUri
in interfaceAuthorizedClientService<P extends AuthorizedClient>
- Parameters:
client
- TheAuthorizedClient
to resolve the default redirect uri for- Returns:
- The absolute path for the default redirect uri on the provided
AuthorizedClient
if one is resolved else an emptyOptional
-
resolveAbsolutePathsForRelativeRedirectUris
Description copied from interface:AuthorizedClientService
Resolves the absolute path for the redirect uris on the providedAuthorizedClient
If this client has any relative URLs in its
AuthorizedClient.getRedirectUris()
, this method will get the base URL for the client's tenant or application. Each relative redirect URI will then be added to the path of the resolved base URL, and this new absolute URL will replace the original relative value.If resolution of the base URL fails, or if the value is not absolute even after being appended to the base, the relative URL will be omitted from the result. This ensures the OAuth specification's requirement of absolute redirect URIs is preserved for security.
- Specified by:
resolveAbsolutePathsForRelativeRedirectUris
in interfaceAuthorizedClientService<P extends AuthorizedClient>
- Parameters:
client
- TheAuthorizedClient
to resolve the redirect uris for- Returns:
- The absolute paths for the redirect uris on the provided
AuthorizedClient
that could be resolved
-
resolveAbsolutePathForUri
Description copied from interface:AuthorizedClientService
Resolves the absolute path for the string uri provided- Specified by:
resolveAbsolutePathForUri
in interfaceAuthorizedClientService<P extends AuthorizedClient>
- Parameters:
uri
- The uri to resolve the absolute path forclient
- TheAuthorizedClient
to use for finding the domain, host, etc.- Returns:
- The uri resolved to an absolute path if possible else an empty
Optional
-
resolveAbsolutePathsForUris
Description copied from interface:AuthorizedClientService
Resolves the absolute path for the string uris provided- Specified by:
resolveAbsolutePathsForUris
in interfaceAuthorizedClientService<P extends AuthorizedClient>
- Parameters:
uris
- The uris to resolve absolute paths forclient
- TheAuthorizedClient
to use for finding the domain, host, etc.- Returns:
- The uris that could be resolved to absolute paths
-
resolveBaseUri
protected Optional<org.springframework.web.util.UriComponentsBuilder> resolveBaseUri(AuthorizedClient client) Determines the base URI of the application or admin the client is used for.Delegates to
TenantUrlResolver
.To preserve best-effort for the remainder of the flow, this method will not throw exceptions. Errors will be gracefully logged, and
Optional.empty()
will be returned.- Parameters:
client
- the client whose admin or application base URI needs to be found- Returns:
- a
UriComponentsBuilder
representing the base URI if successfully found,Optional.empty()
otherwise
-
preProcessAndConvertToRegisteredClient
public org.springframework.security.oauth2.server.authorization.client.RegisteredClient preProcessAndConvertToRegisteredClient(AuthorizedClient authorizedClient) Description copied from interface:AuthorizedClientService
Pre-processes and subsequently converts the given instance into aRegisteredClient
.This is the preferred mechanism to convert an
AuthorizedClient
into aRegisteredClient
(so long as the mutation semantics are acceptable), as opposed to directly invokingAuthorizedClient.toRegisteredClient()
.- Specified by:
preProcessAndConvertToRegisteredClient
in interfaceAuthorizedClientService<P extends AuthorizedClient>
- Parameters:
authorizedClient
- the instance to mutate and convert to aRegisteredClient
- Returns:
- the
RegisteredClient
representation of the input
-
preProcessBeforeRegisteredClientConversion
Intended as a hook point to pre-process fields onAuthorizedClient
beforeAuthorizedClient.toRegisteredClient()
is invoked.- Parameters:
authorizedClient
- the client instance that should be mutated
-
preProcessRedirectUris
-
getWithLowercaseHostnameVariants
- Parameters:
absoluteUris
- absolute URIs for which lower-cased hostname variants should be generated- Returns:
- a new set containing all the original
absoluteUris
as well as variants of those URIs containing lower-cased hostnames
-
formatWithLowercaseHostname
Format the host portion of the URL as all lowercase here. If theurl
is relative, then nothing will be done.- Parameters:
url
- The url to format.- Returns:
- The formatted url.
-
getWithTrailingSlashVariants
- Parameters:
absoluteUris
- absolute URIs for which trailing slash variants should be generated- Returns:
- a new set containing all the original
absoluteUris
as well as variants of those URIs that contain/do-not-contain trailing slashes.
-
findRepositoryDomainById
-
fromRepositoryDomain
-
getClientSecretHashValueFromEnvironment
Description copied from interface:AuthorizedClientService
AuthorizedClient.getClientSecret()
may not be persisted in the datastore and instead come from an application property.This serves as a convenient utility method to get the value of that property from the environment for a particular client ID.
Note that the other methods in this class such as
AuthorizedClientService.findById(String)
almost always return theAuthorizedClient
with this value already populated inAuthorizedClient.getClientSecret()
(if present).- Specified by:
getClientSecretHashValueFromEnvironment
in interfaceAuthorizedClientService<P extends AuthorizedClient>
- Parameters:
clientId
- theAuthorizedClient.getClientId()
of the client whose client secret hash property value should be looked up- Returns:
- the client secret hash value if found in the environment, else null
-
fromRepositoryDomain
-
validate
-
validateUniqueClientPerApplication
protected void validateUniqueClientPerApplication(P authorizedClient, org.springframework.validation.Errors errors) -
validateUniqueClientPerClientId
protected void validateUniqueClientPerClientId(P authorizedClient, org.springframework.validation.Errors errors) -
validateUniqueAdminClientPerTenant
protected void validateUniqueAdminClientPerTenant(P authorizedClient, org.springframework.validation.Errors errors) -
getServerService
-
getRepository
-
getMapper
-
getValidator
protected com.broadleafcommerce.data.tracking.core.mapping.validation.EntityValidatorManager getValidator() -
getPasswordEncoder
protected org.springframework.security.crypto.password.PasswordEncoder getPasswordEncoder() -
getTenantUrlResolver
-
getEnvironment
protected org.springframework.core.env.Environment getEnvironment()
-