Class DefaultRegisteredClientRepository
- All Implemented Interfaces:
org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository
RegisteredClientRepository
through interactions with
AuthorizedClientService
and converts between RegisteredClient
and
AuthorizedClient
.
This component relates to the clients that AuthenticationServices recognizes as
registered with itself in its capacity as an authorization server. It is distinct from
ClientRegistrationRepository
(and implementations), which is for scenarios where
AuthenticationServices is acting as a client to other services.
-
Constructor Summary
ConstructorDescriptionDefaultRegisteredClientRepository
(AuthorizedClientService<AuthorizedClient> authorizedClientService) -
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.security.oauth2.server.authorization.client.RegisteredClient
findByClientId
(String clientId) org.springframework.security.oauth2.server.authorization.client.RegisteredClient
protected AuthorizedClientService<AuthorizedClient>
protected void
handleSaveCreateCase
(org.springframework.security.oauth2.server.authorization.client.RegisteredClient registeredClient) Handles the 'create-new' case forsave(RegisteredClient)
.protected void
handleSaveUpdateCase
(org.springframework.security.oauth2.server.authorization.client.RegisteredClient toSave, AuthorizedClient foundExisting) Handles the 'update-existing' case forsave(RegisteredClient)
.protected boolean
mapClientFieldUpdates
(org.springframework.security.oauth2.server.authorization.client.RegisteredClient toSave, AuthorizedClient foundExisting) protected boolean
mapClientSecretUpdate
(org.springframework.security.oauth2.server.authorization.client.RegisteredClient toSave, AuthorizedClient foundExisting) Maps applicable changes toAuthorizedClient.getClientSecret()
void
save
(org.springframework.security.oauth2.server.authorization.client.RegisteredClient registeredClient) For scenarios where this is called to update an existing instance - it's fairly easy to just load the existingAuthorizedClient
and just map over fields fromRegisteredClient
to update those fields, and then save.
-
Constructor Details
-
DefaultRegisteredClientRepository
public DefaultRegisteredClientRepository(AuthorizedClientService<AuthorizedClient> authorizedClientService)
-
-
Method Details
-
save
public void save(org.springframework.security.oauth2.server.authorization.client.RegisteredClient registeredClient) For scenarios where this is called to update an existing instance - it's fairly easy to just load the existingAuthorizedClient
and just map over fields fromRegisteredClient
to update those fields, and then save.However, for scenarios where this method is used to create a new
AuthorizedClient
instance, complications arise from the fact thatRegisteredClient
does not contain all the information required forAuthorizedClient
.At the time of writing, this method is called in
ClientSecretAuthenticationProvider.authenticate(Authentication)
to upgrade the existing encoding ofRegisteredClient.getClientSecret()
if necessary. It's also called inOidcClientRegistrationAuthenticationProvider
to support OpenID Connect 1.0 Client Registration.By default, the OpenID Connect 1.0 Client Registration Endpoint is not enabled by Broadleaf, and thus the 'create' case should never be exercised through this method. We expect registration of new clients to occur through places like
AuthorizedClientEndpoint
.- Specified by:
save
in interfaceorg.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository
- Parameters:
registeredClient
- theRegisteredClient
to save
-
handleSaveCreateCase
protected void handleSaveCreateCase(org.springframework.security.oauth2.server.authorization.client.RegisteredClient registeredClient) Handles the 'create-new' case forsave(RegisteredClient)
.- Parameters:
registeredClient
- theRegisteredClient
that should be newly created in the datastore- See Also:
-
handleSaveUpdateCase
protected void handleSaveUpdateCase(org.springframework.security.oauth2.server.authorization.client.RegisteredClient toSave, AuthorizedClient foundExisting) Handles the 'update-existing' case forsave(RegisteredClient)
.- Parameters:
toSave
- the instance containing the requested changesfoundExisting
- the existing instance found in the datastore. This instance should be directly mutated/saved into the datastore.- See Also:
-
mapClientFieldUpdates
protected boolean mapClientFieldUpdates(org.springframework.security.oauth2.server.authorization.client.RegisteredClient toSave, AuthorizedClient foundExisting) SupportshandleSaveUpdateCase(RegisteredClient, AuthorizedClient)
. This method is only responsible for mutating the target instance with the appropriate new values, and is not responsible for persistence.As discussed in
save(RegisteredClient)
, we only support a select number of changes toAuthorizedClient
with this method. This prevents unexpected side effects.- Parameters:
toSave
- the instance containing the requested changesfoundExisting
- the found existing instance to mutate- Returns:
- whether the target instance was mutated in any way
-
mapClientSecretUpdate
protected boolean mapClientSecretUpdate(org.springframework.security.oauth2.server.authorization.client.RegisteredClient toSave, AuthorizedClient foundExisting) Maps applicable changes toAuthorizedClient.getClientSecret()
- Parameters:
toSave
- the instance containing the requested changesfoundExisting
- the found existing instance to mutate- Returns:
- whether the client secret was mutated
-
findById
public org.springframework.security.oauth2.server.authorization.client.RegisteredClient findById(String id) - Specified by:
findById
in interfaceorg.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository
-
findByClientId
public org.springframework.security.oauth2.server.authorization.client.RegisteredClient findByClientId(String clientId) - Specified by:
findByClientId
in interfaceorg.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository
-
getAuthorizedClientService
-