Class OAuth2AuthenticationEntryPoint
java.lang.Object
org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
com.broadleafcommerce.auth.user.session.OAuth2AuthenticationEntryPoint
- All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean
,org.springframework.security.web.AuthenticationEntryPoint
public class OAuth2AuthenticationEntryPoint
extends org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
Provides a behavior consistent with
http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest. Specifically, inclusion of the
prompt=none
parameter. This implementation will detect the inclusion of the prompt
request param, and if detected to be none, will return an error response consistent with OIDC,
rather than redirect to the login page. This allows for silent authentication flows that are
suitable for SPA use cases.- Author:
- Jeff Fischer
-
Constructor Summary
ConstructorDescriptionOAuth2AuthenticationEntryPoint
(String loginFormUrl, org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository registeredClientRepository) OAuth2AuthenticationEntryPoint
(String loginFormUrl, org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository registeredClientRepository, org.springframework.security.web.RedirectStrategy redirectStrategy) -
Method Summary
Modifier and TypeMethodDescriptionprotected String
addParametersToRedirect
(String requestedRedirectUri, org.springframework.util.MultiValueMap<String, String> additionalParameters) Add the given map of parameters to the given redirect URI.protected void
addSilentAuthErrorParameters
(org.springframework.util.MultiValueMap<String, String> additionalParameters, org.springframework.security.core.AuthenticationException authException, jakarta.servlet.http.HttpServletRequest request) Gather parameters to add to the failed silent-auth redirect.protected String
buildSilentAuthorizationRedirect
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, String requestedRedirect, org.springframework.security.core.AuthenticationException authException) Add additional parameters to the failed silent-auth redirect.void
commence
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException authException) Determine if a request represents a silent authentication authorization request by checking the request for prompt=none, redirect URI, and valid client.protected String
determineUrlToUseForThisRequest
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException exception) Add the Client ID as a parameter on the redirect for non-silent-auth requests that are being redirected to the login page.protected org.springframework.security.web.RedirectStrategy
protected org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository
Methods inherited from class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
afterPropertiesSet, buildHttpsRedirectUrlForRequest, buildRedirectUrlToLoginPage, getLoginFormUrl, getPortMapper, getPortResolver, isForceHttps, isUseForward, setForceHttps, setPortMapper, setPortResolver, setUseForward
-
Constructor Details
-
OAuth2AuthenticationEntryPoint
public OAuth2AuthenticationEntryPoint(String loginFormUrl, org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository registeredClientRepository) -
OAuth2AuthenticationEntryPoint
public OAuth2AuthenticationEntryPoint(String loginFormUrl, org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository registeredClientRepository, org.springframework.security.web.RedirectStrategy redirectStrategy)
-
-
Method Details
-
commence
public void commence(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException authException) throws IOException, jakarta.servlet.ServletException Determine if a request represents a silent authentication authorization request by checking the request for prompt=none, redirect URI, and valid client. If this is a silent auth request, add error parameters to the request and redirect to the given redirect URI (instead of the login page).- Specified by:
commence
in interfaceorg.springframework.security.web.AuthenticationEntryPoint
- Overrides:
commence
in classorg.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- Parameters:
request
- that resulted in anAuthenticationException
.response
- to be redirected so that the user agent can begin authenticationauthException
- The original authentication exception- Throws:
IOException
- If there are errors setting the redirect.jakarta.servlet.ServletException
- If there are errors setting the redirect.
-
determineUrlToUseForThisRequest
protected String determineUrlToUseForThisRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException exception) Add the Client ID as a parameter on the redirect for non-silent-auth requests that are being redirected to the login page.- Overrides:
determineUrlToUseForThisRequest
in classorg.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
- Parameters:
request
- The request that failed authenticationresponse
- The response that is being redirected to the login page.exception
- The original exception that was thrown during authentication.- Returns:
- The login page url with the Client ID applied.
-
buildSilentAuthorizationRedirect
protected String buildSilentAuthorizationRedirect(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, String requestedRedirect, org.springframework.security.core.AuthenticationException authException) Add additional parameters to the failed silent-auth redirect.- Parameters:
request
- The silent-auth request that failed authentication.response
- The response that is being redirected back to the silent-auth URI.requestedRedirect
- The validated redirect parameter from the failed request.authException
- The original exception that was thrown during authentication.- Returns:
- The redirect URI with additional parameters.
-
addSilentAuthErrorParameters
protected void addSilentAuthErrorParameters(org.springframework.util.MultiValueMap<String, String> additionalParameters, org.springframework.security.core.AuthenticationException authException, jakarta.servlet.http.HttpServletRequest request) Gather parameters to add to the failed silent-auth redirect.- Parameters:
additionalParameters
- Map to hold parameters and values to be added to the redirect.authException
- The original exception that was thrown during authentication.request
- The silent-auth request that failed authentication.
-
addParametersToRedirect
protected String addParametersToRedirect(String requestedRedirectUri, org.springframework.util.MultiValueMap<String, String> additionalParameters) Add the given map of parameters to the given redirect URI.- Parameters:
requestedRedirectUri
- The URI to add parameters to.additionalParameters
- The parameters to add to the redirect URI.- Returns:
- An encoded redirect URI with the given map as request parameters.
-
getRegisteredClientRepository
protected org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository getRegisteredClientRepository() -
getRedirectStrategy
protected org.springframework.security.web.RedirectStrategy getRedirectStrategy()
-