Package com.broadleafcommerce.auth.user.service

Class DefaultSessionAuthenticationStrategy

java.lang.Object

com.broadleafcommerce.auth.user.service.DefaultSessionAuthenticationStrategy

All Implemented Interfaces:

org.springframework.security.web.authentication.session.SessionAuthenticationStrategy

public class DefaultSessionAuthenticationStrategy
extends Object
implements org.springframework.security.web.authentication.session.SessionAuthenticationStrategy

This is used to set the session cookie after successful authentication. It is intended to be used for all authentication types. Each authentication flow should register its own AuthenticationStrategyDelegate to facilitate loading an OAuth2UserDetails from an Authentication.

Constructor Summary

Constructors

Constructor	Description
DefaultSessionAuthenticationStrategy(StatelessUtil statelessUtil, List<AuthenticationStrategyDelegate> authenticationStrategyDelegates)

Method Summary

Modifier and Type	Method	Description
protected List<AuthenticationStrategyDelegate>	getAuthenticationStrategyDelegates()
protected OAuth2UserDetails	getOAuth2UserDetails(@NonNull org.springframework.security.core.Authentication authentication)
protected StatelessUtil	getStatelessUtil()
void	onAuthentication(@NonNull org.springframework.security.core.Authentication authentication, @NonNull jakarta.servlet.http.HttpServletRequest request, @NonNull jakarta.servlet.http.HttpServletResponse response)
protected void	setSessionCookie(@NonNull jakarta.servlet.http.HttpServletResponse response, @NonNull OAuth2UserDetails oAuth2UserDetails)
protected boolean	shouldSetCookie(@NonNull org.springframework.security.core.Authentication authentication, @NonNull jakarta.servlet.http.HttpServletRequest request, @NonNull jakarta.servlet.http.HttpServletResponse response)	Determine if the session cookie should be set on the response.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

DefaultSessionAuthenticationStrategy

public DefaultSessionAuthenticationStrategy(StatelessUtil statelessUtil,
 List<AuthenticationStrategyDelegate> authenticationStrategyDelegates)

Method Details

onAuthentication

public void onAuthentication(@NonNull
 @NonNull org.springframework.security.core.Authentication authentication,
 @NonNull
 @NonNull jakarta.servlet.http.HttpServletRequest request,
 @NonNull
 @NonNull jakarta.servlet.http.HttpServletResponse response)
                      throws org.springframework.security.web.authentication.session.SessionAuthenticationException

Specified by:

onAuthentication in interface org.springframework.security.web.authentication.session.SessionAuthenticationStrategy

Throws:

org.springframework.security.web.authentication.session.SessionAuthenticationException

shouldSetCookie

protected boolean shouldSetCookie(@NonNull
 @NonNull org.springframework.security.core.Authentication authentication,
 @NonNull
 @NonNull jakarta.servlet.http.HttpServletRequest request,
 @NonNull
 @NonNull jakarta.servlet.http.HttpServletResponse response)

Determine if the session cookie should be set on the response.

Parameters:

authentication - The successful session authentication.

request - The web request

response - The web response

Returns:

True if the session cookie should be added to the response, false otherwise.

getOAuth2UserDetails

protected OAuth2UserDetails getOAuth2UserDetails(@NonNull
 @NonNull org.springframework.security.core.Authentication authentication)

setSessionCookie

protected void setSessionCookie(@NonNull
 @NonNull jakarta.servlet.http.HttpServletResponse response,
 @NonNull
 @NonNull OAuth2UserDetails oAuth2UserDetails)

getStatelessUtil

protected StatelessUtil getStatelessUtil()

getAuthenticationStrategyDelegates

protected List<AuthenticationStrategyDelegate> getAuthenticationStrategyDelegates()