Package com.broadleafcommerce.auth.user.session

Class OAuth2SessionAuthenticationToken

java.lang.Object

org.springframework.security.authentication.AbstractAuthenticationToken

com.broadleafcommerce.auth.user.session.OAuth2SessionAuthenticationToken

All Implemented Interfaces:

Serializable, Principal, org.springframework.security.core.Authentication, org.springframework.security.core.CredentialsContainer

public class OAuth2SessionAuthenticationToken
extends org.springframework.security.authentication.AbstractAuthenticationToken

An Authentication implementation that is designed for simple presentation of an OAuth2 clientId, and JWT session token.

Author:

Nick Crum (ncrum)

See Also:

• OAuth2SessionAuthenticationProvider
• Serialized Form

Constructor Summary

Constructors

Constructor	Description
OAuth2SessionAuthenticationToken(OAuth2SessionToken sessionToken, Collection<? extends org.springframework.security.core.GrantedAuthority> authorities)	This constructor should only be used by AuthenticationManager or AuthenticationProvider implementations that are satisfied with producing a trusted (i.e.
OAuth2SessionAuthenticationToken(OAuth2SessionToken sessionToken, Collection<? extends org.springframework.security.core.GrantedAuthority> authorities, Object principal)	This constructor should only be used by AuthenticationManager or AuthenticationProvider implementations that are satisfied with producing a trusted (i.e.
OAuth2SessionAuthenticationToken(String clientId, String tokenValue)	This constructor can be safely used by any code that wishes to create a OAuth2ClientAuthenticationToken, as the AbstractAuthenticationToken.isAuthenticated() will return false.

Method Summary

Modifier and Type	Method	Description
String	getClientId()	The OAuth2 client ID.
Object	getCredentials()
Object	getPrincipal()
OAuth2SessionToken	getToken()	The JWT token from the BLSID-[client_id] session cookie.
String	getTokenValue()

Methods inherited from class org.springframework.security.authentication.AbstractAuthenticationToken

equals, eraseCredentials, getAuthorities, getDetails, getName, hashCode, isAuthenticated, setAuthenticated, setDetails, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface java.security.Principal

implies

Constructor Details

OAuth2SessionAuthenticationToken

public OAuth2SessionAuthenticationToken(String clientId,
 String tokenValue)

This constructor can be safely used by any code that wishes to create a OAuth2ClientAuthenticationToken, as the AbstractAuthenticationToken.isAuthenticated() will return false.

OAuth2SessionAuthenticationToken

public OAuth2SessionAuthenticationToken(OAuth2SessionToken sessionToken,
 Collection<? extends org.springframework.security.core.GrantedAuthority> authorities)

This constructor should only be used by AuthenticationManager or AuthenticationProvider implementations that are satisfied with producing a trusted (i.e. AbstractAuthenticationToken.isAuthenticated() = true) authentication token.

Parameters:

authorities -

OAuth2SessionAuthenticationToken

public OAuth2SessionAuthenticationToken(OAuth2SessionToken sessionToken,
 Collection<? extends org.springframework.security.core.GrantedAuthority> authorities,
 Object principal)

This constructor should only be used by AuthenticationManager or AuthenticationProvider implementations that are satisfied with producing a trusted (i.e. AbstractAuthenticationToken.isAuthenticated() = true) authentication token.

Parameters:

authorities -

Method Details

getTokenValue

public String getTokenValue()

getCredentials

public Object getCredentials()

getPrincipal

public Object getPrincipal()

getClientId

public String getClientId()

The OAuth2 client ID.

getToken

public OAuth2SessionToken getToken()

The JWT token from the BLSID-[client_id] session cookie.