Class DefaultClientRedirectService
java.lang.Object
com.broadleafcommerce.auth.server.service.DefaultClientRedirectService
- All Implemented Interfaces:
ClientRedirectService
-
Constructor Summary
ConstructorDescriptionDefaultClientRedirectService
(AuthorizedClientService<AuthorizedClient> clientService, AuthorizationServerService<AuthorizationServer> serverService) -
Method Summary
Modifier and TypeMethodDescriptionprotected AuthorizedClientService<AuthorizedClient>
getDefaultRedirectUrlForClientId
(String clientId) Used for returning the default redirect URL for the provided clientprotected Stream<org.springframework.web.util.UriComponents>
getPostAuthenticationSuccessRedirectUriComponents
(AuthorizedClient authorizedClient) protected AuthorizationServerService<AuthorizationServer>
boolean
isValidPostAuthenticationSuccessUrl
(String requestedRedirectUrl, AuthorizedClient authorizedClient) Similar toClientRedirectService.isValidPostAuthenticationSuccessUrl(String, String)
, but takes a pre-providedAuthorizedClient
for performing the validation.boolean
isValidPostAuthenticationSuccessUrl
(String requestedRedirectUrl, String clientId) Checks if the givenrequestedRedirectUrl
is valid when compared toAuthorizedClient.getPostAuthenticationSuccessRedirectUris()
.protected boolean
isValidPostAuthenticationSuccessUrlInternal
(String requestedRedirectUrl, Supplier<AuthorizedClient> authorizedClientSupplier) protected boolean
matchesWhitelistedPostAuthenticationSuccessRedirectUri
(org.springframework.web.util.UriComponents requested, org.springframework.web.util.UriComponents whitelisted) protected boolean
pathsEqual
(org.springframework.web.util.UriComponents uri1, org.springframework.web.util.UriComponents uri2) protected String
protected org.springframework.web.util.UriComponents
toUriComponents
(String uri)
-
Constructor Details
-
DefaultClientRedirectService
public DefaultClientRedirectService(AuthorizedClientService<AuthorizedClient> clientService, AuthorizationServerService<AuthorizationServer> serverService)
-
-
Method Details
-
getDefaultRedirectUrlForClientId
Description copied from interface:ClientRedirectService
Used for returning the default redirect URL for the provided client- Specified by:
getDefaultRedirectUrlForClientId
in interfaceClientRedirectService
- Parameters:
clientId
- The String id of the client to resolve the redirect URL for- Returns:
- The default redirect URL for the given client, if exists, or null
-
isValidPostAuthenticationSuccessUrl
Description copied from interface:ClientRedirectService
Checks if the givenrequestedRedirectUrl
is valid when compared toAuthorizedClient.getPostAuthenticationSuccessRedirectUris()
.By default, the validation is an exact match. If given a relative input, it must exactly match an existing relative whitelist value. If given an absolute input, it must exactly match an existing absolute whitelist value. Request parameters must also be an exact match.
Notably, at this time, Broadleaf does not use this method for redirects after standard login operations.
- Specified by:
isValidPostAuthenticationSuccessUrl
in interfaceClientRedirectService
- Parameters:
requestedRedirectUrl
- The URL to check. Can be absolute or relative.clientId
- The id of theAuthorizedClient
to use for validating the URL- Returns:
- True if the requested URL matches a value in
AuthorizedClient.getPostAuthenticationSuccessRedirectUris()
, false otherwise - See Also:
-
isValidPostAuthenticationSuccessUrl
public boolean isValidPostAuthenticationSuccessUrl(String requestedRedirectUrl, AuthorizedClient authorizedClient) Description copied from interface:ClientRedirectService
Similar toClientRedirectService.isValidPostAuthenticationSuccessUrl(String, String)
, but takes a pre-providedAuthorizedClient
for performing the validation.- Specified by:
isValidPostAuthenticationSuccessUrl
in interfaceClientRedirectService
- Parameters:
requestedRedirectUrl
- The URL to check. Can be absolute or relative.authorizedClient
- TheAuthorizedClient
to use for validating the URL- Returns:
- True if the requested URL matches a value in
AuthorizedClient.getPostAuthenticationSuccessRedirectUris()
, false otherwise - See Also:
-
isValidPostAuthenticationSuccessUrlInternal
protected boolean isValidPostAuthenticationSuccessUrlInternal(String requestedRedirectUrl, Supplier<AuthorizedClient> authorizedClientSupplier) -
getPostAuthenticationSuccessRedirectUriComponents
protected Stream<org.springframework.web.util.UriComponents> getPostAuthenticationSuccessRedirectUriComponents(AuthorizedClient authorizedClient) -
toUriComponents
-
matchesWhitelistedPostAuthenticationSuccessRedirectUri
protected boolean matchesWhitelistedPostAuthenticationSuccessRedirectUri(org.springframework.web.util.UriComponents requested, org.springframework.web.util.UriComponents whitelisted) -
pathsEqual
protected boolean pathsEqual(org.springframework.web.util.UriComponents uri1, org.springframework.web.util.UriComponents uri2) -
stripTrailingSlashIfPresent
-
getClientService
-
getServerService
-