Package com.broadleafcommerce.auth.user.service

Class DefaultRegisteredClientRepository

java.lang.Object
com.broadleafcommerce.auth.user.service.DefaultRegisteredClientRepository
All Implemented Interfaces:
org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository
public class DefaultRegisteredClientRepository extends Object implements org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository
Implements RegisteredClientRepository through interactions with AuthorizedClientService and converts between RegisteredClient and AuthorizedClient.

This component relates to the clients that AuthenticationServices recognizes as registered with itself in its capacity as an authorization server. It is distinct from ClientRegistrationRepository (and implementations), which is for scenarios where AuthenticationServices is acting as a client to other services.

  • Constructor Details

  • Method Details

    • save

      public void save(org.springframework.security.oauth2.server.authorization.client.RegisteredClient registeredClient)
      For scenarios where this is called to update an existing instance - it's fairly easy to just load the existing AuthorizedClient and just map over fields from RegisteredClient to update those fields, and then save.

      However, for scenarios where this method is used to create a new AuthorizedClient instance, complications arise from the fact that RegisteredClient does not contain all the information required for AuthorizedClient.

      At the time of writing, this method is called in ClientSecretAuthenticationProvider.authenticate(Authentication) to upgrade the existing encoding of RegisteredClient.getClientSecret() if necessary. It's also called in OidcClientRegistrationAuthenticationProvider to support OpenID Connect 1.0 Client Registration.

      By default, the OpenID Connect 1.0 Client Registration Endpoint is not enabled by Broadleaf, and thus the 'create' case should never be exercised through this method. We expect registration of new clients to occur through places like AuthorizedClientEndpoint.

      Specified by:
      save in interface org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository
      Parameters:
      registeredClient - the RegisteredClient to save

    • handleSaveCreateCase

      protected void handleSaveCreateCase(org.springframework.security.oauth2.server.authorization.client.RegisteredClient registeredClient)
      Handles the 'create-new' case for save(RegisteredClient).
      Parameters:
      registeredClient - the RegisteredClient that should be newly created in the datastore
      See Also:

    • handleSaveUpdateCase

      protected void handleSaveUpdateCase(org.springframework.security.oauth2.server.authorization.client.RegisteredClient toSave, AuthorizedClient foundExisting)
      Handles the 'update-existing' case for save(RegisteredClient).
      Parameters:
      toSave - the instance containing the requested changes
      foundExisting - the existing instance found in the datastore. This instance should be directly mutated/saved into the datastore.
      See Also:

    • mapClientFieldUpdates

      protected boolean mapClientFieldUpdates(org.springframework.security.oauth2.server.authorization.client.RegisteredClient toSave, AuthorizedClient foundExisting)
      Supports handleSaveUpdateCase(RegisteredClient, AuthorizedClient). This method is only responsible for mutating the target instance with the appropriate new values, and is not responsible for persistence.

      As discussed in save(RegisteredClient), we only support a select number of changes to AuthorizedClient with this method. This prevents unexpected side effects.

      Parameters:
      toSave - the instance containing the requested changes
      foundExisting - the found existing instance to mutate
      Returns:
      whether the target instance was mutated in any way

    • mapClientSecretUpdate

      protected boolean mapClientSecretUpdate(org.springframework.security.oauth2.server.authorization.client.RegisteredClient toSave, AuthorizedClient foundExisting)
      Maps applicable changes to AuthorizedClient.getClientSecret()
      Parameters:
      toSave - the instance containing the requested changes
      foundExisting - the found existing instance to mutate
      Returns:
      whether the client secret was mutated

    • findById

      public org.springframework.security.oauth2.server.authorization.client.RegisteredClient findById(String id)
      Specified by:
      findById in interface org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository

    • findByClientId

      public org.springframework.security.oauth2.server.authorization.client.RegisteredClient findByClientId(String clientId)
      Specified by:
      findByClientId in interface org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository

    • getAuthorizedClientService

      protected AuthorizedClientService<AuthorizedClient> getAuthorizedClientService()