Package com.broadleafcommerce.auth.user.session

Class OAuth2AuthenticationEntryPoint

java.lang.Object

org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

com.broadleafcommerce.auth.user.session.OAuth2AuthenticationEntryPoint

All Implemented Interfaces:

org.springframework.beans.factory.InitializingBean, org.springframework.security.web.AuthenticationEntryPoint

public class OAuth2AuthenticationEntryPoint
extends org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

Provides a behavior consistent with http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest. Specifically, inclusion of the prompt=none parameter. This implementation will detect the inclusion of the prompt request param, and if detected to be none, will return an error response consistent with OIDC, rather than redirect to the login page. This allows for silent authentication flows that are suitable for SPA use cases.

Author:

Jeff Fischer

Constructor Summary

Constructors

Constructor	Description
OAuth2AuthenticationEntryPoint(String loginFormUrl, org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository registeredClientRepository)
OAuth2AuthenticationEntryPoint(String loginFormUrl, org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository registeredClientRepository, org.springframework.security.web.RedirectStrategy redirectStrategy)

Method Summary

Modifier and Type	Method	Description
protected String	addParametersToRedirect(String requestedRedirectUri, org.springframework.util.MultiValueMap<String,String> additionalParameters)	Add the given map of parameters to the given redirect URI.
protected void	addSilentAuthErrorParameters(org.springframework.util.MultiValueMap<String,String> additionalParameters, org.springframework.security.core.AuthenticationException authException, jakarta.servlet.http.HttpServletRequest request)	Gather parameters to add to the failed silent-auth redirect.
protected String	buildSilentAuthorizationRedirect(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, String requestedRedirect, org.springframework.security.core.AuthenticationException authException)	Add additional parameters to the failed silent-auth redirect.
void	commence(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException authException)	Determine if a request represents a silent authentication authorization request by checking the request for prompt=none, redirect URI, and valid client.
protected String	determineUrlToUseForThisRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException exception)	Add the Client ID as a parameter on the redirect for non-silent-auth requests that are being redirected to the login page.
protected org.springframework.security.web.RedirectStrategy	getRedirectStrategy()
protected org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository	getRegisteredClientRepository()

Methods inherited from class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

afterPropertiesSet, buildHttpsRedirectUrlForRequest, buildRedirectUrlToLoginPage, getLoginFormUrl, getPortMapper, getPortResolver, isForceHttps, isUseForward, setForceHttps, setPortMapper, setPortResolver, setUseForward

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

OAuth2AuthenticationEntryPoint

public OAuth2AuthenticationEntryPoint(String loginFormUrl,
 org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository registeredClientRepository)

OAuth2AuthenticationEntryPoint

public OAuth2AuthenticationEntryPoint(String loginFormUrl,
 org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository registeredClientRepository,
 org.springframework.security.web.RedirectStrategy redirectStrategy)

Method Details

commence

public void commence(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 org.springframework.security.core.AuthenticationException authException)
              throws IOException,
jakarta.servlet.ServletException

Determine if a request represents a silent authentication authorization request by checking the request for prompt=none, redirect URI, and valid client. If this is a silent auth request, add error parameters to the request and redirect to the given redirect URI (instead of the login page).

Specified by:

commence in interface org.springframework.security.web.AuthenticationEntryPoint

Overrides:

commence in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

Parameters:

request - that resulted in an AuthenticationException.

response - to be redirected so that the user agent can begin authentication

authException - The original authentication exception

Throws:

IOException - If there are errors setting the redirect.

jakarta.servlet.ServletException - If there are errors setting the redirect.

determineUrlToUseForThisRequest

protected String determineUrlToUseForThisRequest(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 org.springframework.security.core.AuthenticationException exception)

Add the Client ID as a parameter on the redirect for non-silent-auth requests that are being redirected to the login page.

Overrides:

determineUrlToUseForThisRequest in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

Parameters:

request - The request that failed authentication

response - The response that is being redirected to the login page.

exception - The original exception that was thrown during authentication.

Returns:

The login page url with the Client ID applied.

buildSilentAuthorizationRedirect

protected String buildSilentAuthorizationRedirect(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 String requestedRedirect,
 org.springframework.security.core.AuthenticationException authException)

Add additional parameters to the failed silent-auth redirect.

Parameters:

request - The silent-auth request that failed authentication.

response - The response that is being redirected back to the silent-auth URI.

requestedRedirect - The validated redirect parameter from the failed request.

authException - The original exception that was thrown during authentication.

Returns:

The redirect URI with additional parameters.

addSilentAuthErrorParameters

protected void addSilentAuthErrorParameters(org.springframework.util.MultiValueMap<String,String> additionalParameters,
 org.springframework.security.core.AuthenticationException authException,
 jakarta.servlet.http.HttpServletRequest request)

Gather parameters to add to the failed silent-auth redirect.

Parameters:

additionalParameters - Map to hold parameters and values to be added to the redirect.

authException - The original exception that was thrown during authentication.

request - The silent-auth request that failed authentication.

addParametersToRedirect

protected String addParametersToRedirect(String requestedRedirectUri,
 org.springframework.util.MultiValueMap<String,String> additionalParameters)

Add the given map of parameters to the given redirect URI.

Parameters:

requestedRedirectUri - The URI to add parameters to.

additionalParameters - The parameters to add to the redirect URI.

Returns:

An encoded redirect URI with the given map as request parameters.

getRegisteredClientRepository

protected org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository getRegisteredClientRepository()

getRedirectStrategy

protected org.springframework.security.web.RedirectStrategy getRedirectStrategy()