Interface StatelessUtil
- All Known Implementing Classes:
StatelessUtilImpl
public interface StatelessUtil
Utility for JWT-based cookies - specifically those intended to drive stateless behavior, such as
stateless sessions.
- Author:
- Jeff Fischer
-
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.http.ResponseCookie
createSavedRequestCookie
(String requestUrl, String redirectUrl) Create a cookie containing a JWT token identifying an originating request url and a redirect url.org.springframework.http.ResponseCookie
Create a cookie that can be passed to the response to clear any existing saved request cookie in the browser.jakarta.servlet.http.Cookie
createSessionCookie
(OAuth2SessionToken sessionToken) Deprecated.com.nimbusds.jwt.SignedJWT
Generate a signed JWT with issuer and audience values as well as optional additional claims.getClientId
(String savedRequestToken) getCookieClaims
(String cookieValue) Get a Map of the claims from a SignedJWT cookie.getRedirectUrl
(jakarta.servlet.http.Cookie savedRequestCookie) Verify the JWT token contained in the cookie and then return the redirect url contained therein.org.springframework.http.ResponseCookie
getRemovalCookie
(jakarta.servlet.http.Cookie cookieToRemove) Returns a removal cookie for any arbitrary cookie.jakarta.servlet.http.Cookie
Deprecated.since 1.6, replaced bycreateSavedRequestRemovalCookie()
jakarta.servlet.http.Cookie
getRemoveSessionCookie
(String clientId) Deprecated.in favor ofgetSessionRemovalCookie(String)
getRequestUrl
(jakarta.servlet.http.Cookie savedRequestCookie) Verify the JWT token contained in the cookie and then return the original request url contained therein.jakarta.servlet.http.Cookie
getSavedRequestCookie
(String requestUrl, String redirectUrl) Deprecated.since 1.6, replaced bycreateSavedRequestCookie(String, String)
Get the standard name for a saved request cookiegetSavedRequestJwt
(String requestUrl, String redirectUrl) org.springframework.http.ResponseCookie
getSessionCookie
(OAuth2SessionToken sessionToken) Gets aResponseCookie
for theOAuth2SessionToken
.getSessionCookieName
(AuthorizedClient client, AuthorizationServer server) getSessionCookieName
(String clientId) Get the standard name for a session cookieorg.springframework.http.ResponseCookie
getSessionRemovalCookie
(String clientId) Gets aResponseCookie
for the removal of the session cookie.getSessionToken
(String clientId, String userId, String subject, Map<String, Object> additionalClaims) Creates aOAuth2SessionToken
for the provided client ID and subject with the set of additional claims.default boolean
isSessionCookiePresent
(jakarta.servlet.http.HttpServletRequest request) Whether the session cookie is present on the givenrequest
/refreshSessionToken
(OAuth2SessionToken sessionToken) Returns aOAuth2SessionToken
with a refreshed expiration time.com.nimbusds.jwt.SignedJWT
Verify the signature of a signed JWT inside a cookie
-
Method Details
-
getSessionToken
OAuth2SessionToken getSessionToken(String clientId, String userId, String subject, Map<String, Object> additionalClaims) Creates aOAuth2SessionToken
for the provided client ID and subject with the set of additional claims.- Parameters:
clientId
- the client IDuserId
-subject
- the user subjectadditionalClaims
- the additional session claims- Returns:
-
refreshSessionToken
Returns aOAuth2SessionToken
with a refreshed expiration time.- Parameters:
sessionToken
- the session token- Returns:
- the refreshed session token
-
getRedirectUrl
Verify the JWT token contained in the cookie and then return the redirect url contained therein.- Parameters:
savedRequestCookie
- seecreateSavedRequestCookie(String, String)
- Returns:
- a decoded URL set with
createSavedRequestCookie(String, String)
-
getRequestUrl
Verify the JWT token contained in the cookie and then return the original request url contained therein.- Parameters:
savedRequestCookie
- seecreateSavedRequestCookie(String, String)
- Returns:
- a decoded URL set with
createSavedRequestCookie(String, String)
-
getClientId
-
getCookieClaims
Get a Map of the claims from a SignedJWT cookie. The values of the map are Base64 encoded.- Parameters:
cookieValue
-- Returns:
-
createSessionCookie
Deprecated.in favor ofgetSessionCookie(OAuth2SessionToken)
Creates a cookie for theOAuth2SessionToken
.- Parameters:
sessionToken
- the session token- Returns:
- the session cookie
-
getRemoveSessionCookie
Deprecated.in favor ofgetSessionRemovalCookie(String)
Create a cookie that can be passed to the response to clear any existing session cookie in the browser.- Parameters:
clientId
-- Returns:
- the newly created cookie
-
getSessionCookie
Gets aResponseCookie
for theOAuth2SessionToken
.- Parameters:
sessionToken
- the session token- Returns:
- the session cookie
-
getSessionRemovalCookie
Gets aResponseCookie
for the removal of the session cookie.- Parameters:
clientId
- the client ID- Returns:
- the session removal cookie
-
getSavedRequestCookie
@Deprecated jakarta.servlet.http.Cookie getSavedRequestCookie(String requestUrl, String redirectUrl) Deprecated.since 1.6, replaced bycreateSavedRequestCookie(String, String)
Create a cookie containing a JWT token identifying an originating request url and a redirect url. This information is used to forward the user to an authentication url. Once authenticated, the original request is completed.- Parameters:
requestUrl
- the original request (e.g. /oauth/authorize)redirectUrl
- the uri to redirect to for authentication (e.g. /login)- Returns:
- a newly created session cookie
-
createSavedRequestCookie
org.springframework.http.ResponseCookie createSavedRequestCookie(String requestUrl, String redirectUrl) Create a cookie containing a JWT token identifying an originating request url and a redirect url. This information is used to forward the user to an authentication url. Once authenticated, the original request is completed.- Parameters:
requestUrl
- the original request (e.g. /oauth/authorize)redirectUrl
- the uri to redirect to for authentication (e.g. /login)- Returns:
- a newly created session cookie
-
getSavedRequestJwt
-
getRemoveSavedRequestCookie
Deprecated.since 1.6, replaced bycreateSavedRequestRemovalCookie()
Create a cookie that can be passed to the response to clear any existing saved request cookie in the browser.- Returns:
- the newly created cookie
-
createSavedRequestRemovalCookie
org.springframework.http.ResponseCookie createSavedRequestRemovalCookie()Create a cookie that can be passed to the response to clear any existing saved request cookie in the browser.- Returns:
- the newly created cookie
- See Also:
-
verify
Verify the signature of a signed JWT inside a cookie- Parameters:
token
- the cookie to verify- Returns:
- a verified and signed JWT token, or null if the given cookie has no value
-
generateSignedJwt
com.nimbusds.jwt.SignedJWT generateSignedJwt(@Nullable String subject, @Nullable Map<String, Object> claims, @Nullable Long expiresInSeconds) Generate a signed JWT with issuer and audience values as well as optional additional claims.- Parameters:
subject
- The subject of the JWTclaims
- Additional claims to add to the JWT- Returns:
- A signed JWT
-
getSessionCookieName
Get the standard name for a session cookie- Parameters:
clientId
-- Returns:
- the cookie name used to store the session
- See Also:
-
getSessionCookieName
-
getIssuer
String getIssuer() -
getSavedRequestCookieName
String getSavedRequestCookieName()Get the standard name for a saved request cookie- Returns:
- the saved request cookie name
- See Also:
-
getRemovalCookie
org.springframework.http.ResponseCookie getRemovalCookie(jakarta.servlet.http.Cookie cookieToRemove) Returns a removal cookie for any arbitrary cookie.- Parameters:
cookieToRemove
- The cookie to target for removal- Returns:
- A cookie that may be set on an
HttpServletResponse
to remove the supplied cookie.
-
isSessionCookiePresent
default boolean isSessionCookiePresent(jakarta.servlet.http.HttpServletRequest request) Whether the session cookie is present on the givenrequest
/- Parameters:
request
- The web request- Returns:
- Whether the session cookie is present on the given
request
/
-
getSessionCookie(OAuth2SessionToken)