Package com.broadleafcommerce.auth.user.session

Interface StatelessUtil

All Known Implementing Classes:
StatelessUtilImpl
public interface StatelessUtil
Utility for JWT-based cookies - specifically those intended to drive stateless behavior, such as stateless sessions.
Author:
Jeff Fischer

  • Method Details

    • getSessionToken

      OAuth2SessionToken getSessionToken(String clientId, String userId, String subject, Map<String,Object> additionalClaims)
      Creates a OAuth2SessionToken for the provided client ID and subject with the set of additional claims.
      Parameters:
      clientId - the client ID
      userId -
      subject - the user subject
      additionalClaims - the additional session claims
      Returns:

    • refreshSessionToken

      OAuth2SessionToken refreshSessionToken(OAuth2SessionToken sessionToken)
      Returns a OAuth2SessionToken with a refreshed expiration time.
      Parameters:
      sessionToken - the session token
      Returns:
      the refreshed session token

    • getRedirectUrl

      String getRedirectUrl(jakarta.servlet.http.Cookie savedRequestCookie)
      Verify the JWT token contained in the cookie and then return the redirect url contained therein.
      Parameters:
      savedRequestCookie - see createSavedRequestCookie(String, String)
      Returns:
      a decoded URL set with createSavedRequestCookie(String, String)

    • getRequestUrl

      String getRequestUrl(jakarta.servlet.http.Cookie savedRequestCookie)
      Verify the JWT token contained in the cookie and then return the original request url contained therein.
      Parameters:
      savedRequestCookie - see createSavedRequestCookie(String, String)
      Returns:
      a decoded URL set with createSavedRequestCookie(String, String)

    • getClientId

      String getClientId(String savedRequestToken)

    • getCookieClaims

      Map<String,Object> getCookieClaims(String cookieValue)
      Get a Map of the claims from a SignedJWT cookie. The values of the map are Base64 encoded.
      Parameters:
      cookieValue -
      Returns:

    • createSessionCookie

      @Deprecated jakarta.servlet.http.Cookie createSessionCookie(OAuth2SessionToken sessionToken)
      Deprecated.
      in favor of getSessionCookie(OAuth2SessionToken)
      Creates a cookie for the OAuth2SessionToken.
      Parameters:
      sessionToken - the session token
      Returns:
      the session cookie

    • getRemoveSessionCookie

      @Deprecated jakarta.servlet.http.Cookie getRemoveSessionCookie(String clientId)
      Deprecated.
      in favor of getSessionRemovalCookie(String)
      Create a cookie that can be passed to the response to clear any existing session cookie in the browser.
      Parameters:
      clientId -
      Returns:
      the newly created cookie

    • getSessionCookie

      org.springframework.http.ResponseCookie getSessionCookie(OAuth2SessionToken sessionToken)
      Gets a ResponseCookie for the OAuth2SessionToken.
      Parameters:
      sessionToken - the session token
      Returns:
      the session cookie

    • getSessionRemovalCookie

      org.springframework.http.ResponseCookie getSessionRemovalCookie(String clientId)
      Gets a ResponseCookie for the removal of the session cookie.
      Parameters:
      clientId - the client ID
      Returns:
      the session removal cookie

    • getSavedRequestCookie

      @Deprecated jakarta.servlet.http.Cookie getSavedRequestCookie(String requestUrl, String redirectUrl)
      Deprecated.
      since 1.6, replaced by createSavedRequestCookie(String, String)
      Create a cookie containing a JWT token identifying an originating request url and a redirect url. This information is used to forward the user to an authentication url. Once authenticated, the original request is completed.
      Parameters:
      requestUrl - the original request (e.g. /oauth/authorize)
      redirectUrl - the uri to redirect to for authentication (e.g. /login)
      Returns:
      a newly created session cookie

    • createSavedRequestCookie

      org.springframework.http.ResponseCookie createSavedRequestCookie(String requestUrl, String redirectUrl)
      Create a cookie containing a JWT token identifying an originating request url and a redirect url. This information is used to forward the user to an authentication url. Once authenticated, the original request is completed.
      Parameters:
      requestUrl - the original request (e.g. /oauth/authorize)
      redirectUrl - the uri to redirect to for authentication (e.g. /login)
      Returns:
      a newly created session cookie

    • getSavedRequestJwt

      String getSavedRequestJwt(String requestUrl, String redirectUrl)

    • getRemoveSavedRequestCookie

      @Deprecated jakarta.servlet.http.Cookie getRemoveSavedRequestCookie()
      Deprecated.
      since 1.6, replaced by createSavedRequestRemovalCookie()
      Create a cookie that can be passed to the response to clear any existing saved request cookie in the browser.
      Returns:
      the newly created cookie

    • createSavedRequestRemovalCookie

      org.springframework.http.ResponseCookie createSavedRequestRemovalCookie()
      Create a cookie that can be passed to the response to clear any existing saved request cookie in the browser.
      Returns:
      the newly created cookie
      See Also:

    • verify

      com.nimbusds.jwt.SignedJWT verify(String token)
      Verify the signature of a signed JWT inside a cookie
      Parameters:
      token - the cookie to verify
      Returns:
      a verified and signed JWT token, or null if the given cookie has no value

    • generateSignedJwt

      com.nimbusds.jwt.SignedJWT generateSignedJwt(@Nullable String subject, @Nullable Map<String,Object> claims, @Nullable Long expiresInSeconds)
      Generate a signed JWT with issuer and audience values as well as optional additional claims.
      Parameters:
      subject - The subject of the JWT
      claims - Additional claims to add to the JWT
      Returns:
      A signed JWT

    • getSessionCookieName

      String getSessionCookieName(String clientId)
      Get the standard name for a session cookie
      Parameters:
      clientId -
      Returns:
      the cookie name used to store the session
      See Also:

    • getSessionCookieName

      String getSessionCookieName(AuthorizedClient client, AuthorizationServer server)

    • getIssuer

      String getIssuer()

    • getSavedRequestCookieName

      String getSavedRequestCookieName()
      Get the standard name for a saved request cookie
      Returns:
      the saved request cookie name
      See Also:

    • getRemovalCookie

      org.springframework.http.ResponseCookie getRemovalCookie(jakarta.servlet.http.Cookie cookieToRemove)
      Returns a removal cookie for any arbitrary cookie.
      Parameters:
      cookieToRemove - The cookie to target for removal
      Returns:
      A cookie that may be set on an HttpServletResponse to remove the supplied cookie.

    • isSessionCookiePresent

      default boolean isSessionCookiePresent(jakarta.servlet.http.HttpServletRequest request)
      Whether the session cookie is present on the given request/
      Parameters:
      request - The web request
      Returns:
      Whether the session cookie is present on the given request/