Class OAuth2AuthenticationEntryPoint

java.lang.Object
org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
com.broadleafcommerce.auth.user.session.OAuth2AuthenticationEntryPoint
All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean, org.springframework.security.web.AuthenticationEntryPoint

public class OAuth2AuthenticationEntryPoint extends org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
Provides a behavior consistent with http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest. Specifically, inclusion of the prompt=none parameter. This implementation will detect the inclusion of the prompt request param, and if detected to be none, will return an error response consistent with OIDC, rather than redirect to the login page. This allows for silent authentication flows that are suitable for SPA use cases.
Author:
Jeff Fischer
  • Constructor Summary

    Constructors
    Constructor
    Description
    OAuth2AuthenticationEntryPoint(String loginFormUrl, org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository registeredClientRepository)
     
    OAuth2AuthenticationEntryPoint(String loginFormUrl, org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository registeredClientRepository, org.springframework.security.web.RedirectStrategy redirectStrategy)
     
  • Method Summary

    Modifier and Type
    Method
    Description
    protected String
    addParametersToRedirect(String requestedRedirectUri, org.springframework.util.MultiValueMap<String,String> additionalParameters)
    Add the given map of parameters to the given redirect URI.
    protected void
    addSilentAuthErrorParameters(org.springframework.util.MultiValueMap<String,String> additionalParameters, org.springframework.security.core.AuthenticationException authException, jakarta.servlet.http.HttpServletRequest request)
    Gather parameters to add to the failed silent-auth redirect.
    protected String
    buildSilentAuthorizationRedirect(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, String requestedRedirect, org.springframework.security.core.AuthenticationException authException)
    Add additional parameters to the failed silent-auth redirect.
    void
    commence(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException authException)
    Determine if a request represents a silent authentication authorization request by checking the request for prompt=none, redirect URI, and valid client.
    protected String
    determineUrlToUseForThisRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException exception)
    Add the Client ID as a parameter on the redirect for non-silent-auth requests that are being redirected to the login page.
    protected org.springframework.security.web.RedirectStrategy
     
    protected org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository
     

    Methods inherited from class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint

    afterPropertiesSet, buildHttpsRedirectUrlForRequest, buildRedirectUrlToLoginPage, getLoginFormUrl, getPortMapper, getPortResolver, isForceHttps, isUseForward, setForceHttps, setPortMapper, setPortResolver, setUseForward

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Constructor Details

    • OAuth2AuthenticationEntryPoint

      public OAuth2AuthenticationEntryPoint(String loginFormUrl, org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository registeredClientRepository)
    • OAuth2AuthenticationEntryPoint

      public OAuth2AuthenticationEntryPoint(String loginFormUrl, org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository registeredClientRepository, org.springframework.security.web.RedirectStrategy redirectStrategy)
  • Method Details

    • commence

      public void commence(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException authException) throws IOException, jakarta.servlet.ServletException
      Determine if a request represents a silent authentication authorization request by checking the request for prompt=none, redirect URI, and valid client. If this is a silent auth request, add error parameters to the request and redirect to the given redirect URI (instead of the login page).
      Specified by:
      commence in interface org.springframework.security.web.AuthenticationEntryPoint
      Overrides:
      commence in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
      Parameters:
      request - that resulted in an AuthenticationException.
      response - to be redirected so that the user agent can begin authentication
      authException - The original authentication exception
      Throws:
      IOException - If there are errors setting the redirect.
      jakarta.servlet.ServletException - If there are errors setting the redirect.
    • determineUrlToUseForThisRequest

      protected String determineUrlToUseForThisRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException exception)
      Add the Client ID as a parameter on the redirect for non-silent-auth requests that are being redirected to the login page.
      Overrides:
      determineUrlToUseForThisRequest in class org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
      Parameters:
      request - The request that failed authentication
      response - The response that is being redirected to the login page.
      exception - The original exception that was thrown during authentication.
      Returns:
      The login page url with the Client ID applied.
    • buildSilentAuthorizationRedirect

      protected String buildSilentAuthorizationRedirect(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, String requestedRedirect, org.springframework.security.core.AuthenticationException authException)
      Add additional parameters to the failed silent-auth redirect.
      Parameters:
      request - The silent-auth request that failed authentication.
      response - The response that is being redirected back to the silent-auth URI.
      requestedRedirect - The validated redirect parameter from the failed request.
      authException - The original exception that was thrown during authentication.
      Returns:
      The redirect URI with additional parameters.
    • addSilentAuthErrorParameters

      protected void addSilentAuthErrorParameters(org.springframework.util.MultiValueMap<String,String> additionalParameters, org.springframework.security.core.AuthenticationException authException, jakarta.servlet.http.HttpServletRequest request)
      Gather parameters to add to the failed silent-auth redirect.
      Parameters:
      additionalParameters - Map to hold parameters and values to be added to the redirect.
      authException - The original exception that was thrown during authentication.
      request - The silent-auth request that failed authentication.
    • addParametersToRedirect

      protected String addParametersToRedirect(String requestedRedirectUri, org.springframework.util.MultiValueMap<String,String> additionalParameters)
      Add the given map of parameters to the given redirect URI.
      Parameters:
      requestedRedirectUri - The URI to add parameters to.
      additionalParameters - The parameters to add to the redirect URI.
      Returns:
      An encoded redirect URI with the given map as request parameters.
    • getRegisteredClientRepository

      protected org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository getRegisteredClientRepository()
    • getRedirectStrategy

      protected org.springframework.security.web.RedirectStrategy getRedirectStrategy()