Interface StatelessUtil

All Known Implementing Classes:
StatelessUtilImpl

public interface StatelessUtil
Utility for JWT-based cookies - specifically those intended to drive stateless behavior, such as stateless sessions.
Author:
Jeff Fischer
  • Method Details

    • getSessionToken

      OAuth2SessionToken getSessionToken(String clientId, String userId, String subject, Map<String,Object> additionalClaims)
      Creates a OAuth2SessionToken for the provided client ID and subject with the set of additional claims.
      Parameters:
      clientId - the client ID
      userId -
      subject - the user subject
      additionalClaims - the additional session claims
      Returns:
    • refreshSessionToken

      OAuth2SessionToken refreshSessionToken(OAuth2SessionToken sessionToken)
      Returns a OAuth2SessionToken with a refreshed expiration time.
      Parameters:
      sessionToken - the session token
      Returns:
      the refreshed session token
    • getRedirectUrl

      String getRedirectUrl(jakarta.servlet.http.Cookie savedRequestCookie)
      Verify the JWT token contained in the cookie and then return the redirect url contained therein.
      Parameters:
      savedRequestCookie - see createSavedRequestCookie(String, String)
      Returns:
      a decoded URL set with createSavedRequestCookie(String, String)
    • getRequestUrl

      String getRequestUrl(jakarta.servlet.http.Cookie savedRequestCookie)
      Verify the JWT token contained in the cookie and then return the original request url contained therein.
      Parameters:
      savedRequestCookie - see createSavedRequestCookie(String, String)
      Returns:
      a decoded URL set with createSavedRequestCookie(String, String)
    • getClientId

      String getClientId(String savedRequestToken)
    • getCookieClaims

      Map<String,Object> getCookieClaims(String cookieValue)
      Get a Map of the claims from a SignedJWT cookie. The values of the map are Base64 encoded.
      Parameters:
      cookieValue -
      Returns:
    • createSessionCookie

      @Deprecated jakarta.servlet.http.Cookie createSessionCookie(OAuth2SessionToken sessionToken)
      Deprecated.
      Creates a cookie for the OAuth2SessionToken.
      Parameters:
      sessionToken - the session token
      Returns:
      the session cookie
    • getRemoveSessionCookie

      @Deprecated jakarta.servlet.http.Cookie getRemoveSessionCookie(String clientId)
      Deprecated.
      Create a cookie that can be passed to the response to clear any existing session cookie in the browser.
      Parameters:
      clientId -
      Returns:
      the newly created cookie
    • getSessionCookie

      org.springframework.http.ResponseCookie getSessionCookie(OAuth2SessionToken sessionToken)
      Gets a ResponseCookie for the OAuth2SessionToken.
      Parameters:
      sessionToken - the session token
      Returns:
      the session cookie
    • getSessionRemovalCookie

      org.springframework.http.ResponseCookie getSessionRemovalCookie(String clientId)
      Gets a ResponseCookie for the removal of the session cookie.
      Parameters:
      clientId - the client ID
      Returns:
      the session removal cookie
    • getSavedRequestCookie

      @Deprecated jakarta.servlet.http.Cookie getSavedRequestCookie(String requestUrl, String redirectUrl)
      Deprecated.
      Create a cookie containing a JWT token identifying an originating request url and a redirect url. This information is used to forward the user to an authentication url. Once authenticated, the original request is completed.
      Parameters:
      requestUrl - the original request (e.g. /oauth/authorize)
      redirectUrl - the uri to redirect to for authentication (e.g. /login)
      Returns:
      a newly created session cookie
    • createSavedRequestCookie

      org.springframework.http.ResponseCookie createSavedRequestCookie(String requestUrl, String redirectUrl)
      Create a cookie containing a JWT token identifying an originating request url and a redirect url. This information is used to forward the user to an authentication url. Once authenticated, the original request is completed.
      Parameters:
      requestUrl - the original request (e.g. /oauth/authorize)
      redirectUrl - the uri to redirect to for authentication (e.g. /login)
      Returns:
      a newly created session cookie
    • getSavedRequestJwt

      String getSavedRequestJwt(String requestUrl, String redirectUrl)
    • getRemoveSavedRequestCookie

      @Deprecated jakarta.servlet.http.Cookie getRemoveSavedRequestCookie()
      Deprecated.
      since 1.6, replaced by createSavedRequestRemovalCookie()
      Create a cookie that can be passed to the response to clear any existing saved request cookie in the browser.
      Returns:
      the newly created cookie
    • createSavedRequestRemovalCookie

      org.springframework.http.ResponseCookie createSavedRequestRemovalCookie()
      Create a cookie that can be passed to the response to clear any existing saved request cookie in the browser.
      Returns:
      the newly created cookie
      See Also:
    • verify

      com.nimbusds.jwt.SignedJWT verify(String token)
      Verify the signature of a signed JWT inside a cookie
      Parameters:
      token - the cookie to verify
      Returns:
      a verified and signed JWT token, or null if the given cookie has no value
    • generateSignedJwt

      com.nimbusds.jwt.SignedJWT generateSignedJwt(@Nullable String subject, @Nullable Map<String,Object> claims, @Nullable Long expiresInSeconds)
      Generate a signed JWT with issuer and audience values as well as optional additional claims.
      Parameters:
      subject - The subject of the JWT
      claims - Additional claims to add to the JWT
      Returns:
      A signed JWT
    • getSessionCookieName

      String getSessionCookieName(String clientId)
      Get the standard name for a session cookie
      Parameters:
      clientId -
      Returns:
      the cookie name used to store the session
      See Also:
    • getSessionCookieName

      String getSessionCookieName(AuthorizedClient client, AuthorizationServer server)
    • getIssuer

      String getIssuer()
    • getSavedRequestCookieName

      String getSavedRequestCookieName()
      Get the standard name for a saved request cookie
      Returns:
      the saved request cookie name
      See Also:
    • getRemovalCookie

      org.springframework.http.ResponseCookie getRemovalCookie(jakarta.servlet.http.Cookie cookieToRemove)
      Returns a removal cookie for any arbitrary cookie.
      Parameters:
      cookieToRemove - The cookie to target for removal
      Returns:
      A cookie that may be set on an HttpServletResponse to remove the supplied cookie.
    • isSessionCookiePresent

      default boolean isSessionCookiePresent(jakarta.servlet.http.HttpServletRequest request)
      Whether the session cookie is present on the given request/
      Parameters:
      request - The web request
      Returns:
      Whether the session cookie is present on the given request/