Class StatelessUtilImpl
java.lang.Object
com.broadleafcommerce.auth.user.session.StatelessUtilImpl
- All Implemented Interfaces:
StatelessUtil
- Author:
- Jeff Fischer
- See Also:
-
Constructor Summary
ConstructorDescriptionStatelessUtilImpl
(AuthorizedClientService<AuthorizedClient> clientService, AuthorizationServerService<AuthorizationServer> serverService, KeyPair dynamicPropertyKeyPair, String issuer) -
Method Summary
Modifier and TypeMethodDescriptionorg.springframework.http.ResponseCookie
createSavedRequestCookie
(String requestUrl, String redirectUrl) Create a cookie containing a JWT token identifying an originating request url and a redirect url.org.springframework.http.ResponseCookie
Create a cookie that can be passed to the response to clear any existing saved request cookie in the browser.jakarta.servlet.http.Cookie
createSessionCookie
(OAuth2SessionToken sessionToken) Creates a cookie for theOAuth2SessionToken
.protected Supplier<? extends com.broadleafcommerce.data.tracking.core.exception.EntityMissingException>
entityMissing
(String msg) protected AuthorizedClient
findClient
(String clientId) protected AuthorizationServer
findServer
(AuthorizedClient client) com.nimbusds.jwt.SignedJWT
Generate a signed JWT with issuer and audience values as well as optional additional claims.getClientId
(String savedRequestToken) getCookieClaims
(String cookieValue) Get a Map of the claims from a SignedJWT cookie.protected String
getDecodedClaim
(jakarta.servlet.http.Cookie savedRequestCookie, String claim, String errorMessage) protected String
getDecodedClaim
(String token, String claim, String errorMessage) protected StatelessUtilProperties
protected List<RSAPublicKey>
getRedirectUrl
(jakarta.servlet.http.Cookie savedRequestCookie) Verify the JWT token contained in the cookie and then return the redirect url contained therein.org.springframework.http.ResponseCookie
getRemovalCookie
(jakarta.servlet.http.Cookie cookieToRemove) Returns a removal cookie for any arbitrary cookie.jakarta.servlet.http.Cookie
Create a cookie that can be passed to the response to clear any existing saved request cookie in the browser.jakarta.servlet.http.Cookie
getRemoveSessionCookie
(String clientId) Create a cookie that can be passed to the response to clear any existing session cookie in the browser.getRequestUrl
(jakarta.servlet.http.Cookie savedRequestCookie) Verify the JWT token contained in the cookie and then return the original request url contained therein.protected String
Gets the SameSite attribute value to use for the saved request cookies (createSavedRequestCookie(String, String)
andcreateSavedRequestRemovalCookie()
).jakarta.servlet.http.Cookie
getSavedRequestCookie
(String requestUrl, String redirectUrl) Create a cookie containing a JWT token identifying an originating request url and a redirect url.Get the standard name for a saved request cookiegetSavedRequestJwt
(String requestUrl, String redirectUrl) org.springframework.http.ResponseCookie
getSessionCookie
(OAuth2SessionToken sessionToken) Gets aResponseCookie
for theOAuth2SessionToken
.getSessionCookieName
(AuthorizedClient client, AuthorizationServer server) getSessionCookieName
(String clientId) Get the standard name for a session cookieorg.springframework.http.ResponseCookie
getSessionRemovalCookie
(String clientId) Gets aResponseCookie
for the removal of the session cookie.protected String
getSessionSameSiteAttribute
(AuthorizationServer authorizationServer) Gets the SameSite attribute value for the session cookie.getSessionToken
(String clientId, String userId, String subject, Map<String, Object> additionalClaims) Creates aOAuth2SessionToken
for the provided client ID and subject with the set of additional claims.protected com.nimbusds.jwt.JWTClaimsSet
getSessionTokenClaims
(String clientId, String userId, String subject, Map<String, Object> additionalClaims) protected com.nimbusds.jose.JWSSigner
Construct new instance for each invocation, since we need the signer to be in-sync with the dynamic nature of the private key value.refreshSessionToken
(OAuth2SessionToken sessionToken) Returns aOAuth2SessionToken
with a refreshed expiration time.void
setProperties
(StatelessUtilProperties properties) void
setPublicKeys
(List<RSAPublicKey> publicKeys) com.nimbusds.jwt.SignedJWT
Verify the signature of a signed JWT inside a cookieMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface com.broadleafcommerce.auth.user.session.StatelessUtil
isSessionCookiePresent
-
Constructor Details
-
StatelessUtilImpl
public StatelessUtilImpl(AuthorizedClientService<AuthorizedClient> clientService, AuthorizationServerService<AuthorizationServer> serverService, KeyPair dynamicPropertyKeyPair, String issuer)
-
-
Method Details
-
getSessionToken
public OAuth2SessionToken getSessionToken(String clientId, String userId, String subject, Map<String, Object> additionalClaims) Description copied from interface:StatelessUtil
Creates aOAuth2SessionToken
for the provided client ID and subject with the set of additional claims.- Specified by:
getSessionToken
in interfaceStatelessUtil
- Parameters:
clientId
- the client IDsubject
- the user subjectadditionalClaims
- the additional session claims- Returns:
-
getSigner
protected com.nimbusds.jose.JWSSigner getSigner()Construct new instance for each invocation, since we need the signer to be in-sync with the dynamic nature of the private key value.- Returns:
- a new signer instance matching the most current private key value
- See Also:
-
getSessionTokenClaims
-
refreshSessionToken
Description copied from interface:StatelessUtil
Returns aOAuth2SessionToken
with a refreshed expiration time.- Specified by:
refreshSessionToken
in interfaceStatelessUtil
- Parameters:
sessionToken
- the session token- Returns:
- the refreshed session token
-
generateSignedJwt
public com.nimbusds.jwt.SignedJWT generateSignedJwt(@Nullable String subject, @Nullable Map<String, Object> claims, @Nullable Long expiresInSeconds) Description copied from interface:StatelessUtil
Generate a signed JWT with issuer and audience values as well as optional additional claims.- Specified by:
generateSignedJwt
in interfaceStatelessUtil
- Parameters:
subject
- The subject of the JWTclaims
- Additional claims to add to the JWT- Returns:
- A signed JWT
-
getRedirectUrl
Description copied from interface:StatelessUtil
Verify the JWT token contained in the cookie and then return the redirect url contained therein.- Specified by:
getRedirectUrl
in interfaceStatelessUtil
- Parameters:
savedRequestCookie
- seeStatelessUtil.createSavedRequestCookie(String, String)
- Returns:
- a decoded URL set with
StatelessUtil.createSavedRequestCookie(String, String)
-
getRequestUrl
Description copied from interface:StatelessUtil
Verify the JWT token contained in the cookie and then return the original request url contained therein.- Specified by:
getRequestUrl
in interfaceStatelessUtil
- Parameters:
savedRequestCookie
- seeStatelessUtil.createSavedRequestCookie(String, String)
- Returns:
- a decoded URL set with
StatelessUtil.createSavedRequestCookie(String, String)
-
getClientId
- Specified by:
getClientId
in interfaceStatelessUtil
-
getDecodedClaim
-
getDecodedClaim
-
getCookieClaims
Description copied from interface:StatelessUtil
Get a Map of the claims from a SignedJWT cookie. The values of the map are Base64 encoded.- Specified by:
getCookieClaims
in interfaceStatelessUtil
- Returns:
-
createSessionCookie
Description copied from interface:StatelessUtil
Creates a cookie for theOAuth2SessionToken
.- Specified by:
createSessionCookie
in interfaceStatelessUtil
- Parameters:
sessionToken
- the session token- Returns:
- the session cookie
-
getRemoveSessionCookie
Description copied from interface:StatelessUtil
Create a cookie that can be passed to the response to clear any existing session cookie in the browser.- Specified by:
getRemoveSessionCookie
in interfaceStatelessUtil
- Returns:
- the newly created cookie
-
getSessionCookie
Description copied from interface:StatelessUtil
Gets aResponseCookie
for theOAuth2SessionToken
.- Specified by:
getSessionCookie
in interfaceStatelessUtil
- Parameters:
sessionToken
- the session token- Returns:
- the session cookie
-
getSessionRemovalCookie
Description copied from interface:StatelessUtil
Gets aResponseCookie
for the removal of the session cookie.- Specified by:
getSessionRemovalCookie
in interfaceStatelessUtil
- Parameters:
clientId
- the client ID- Returns:
- the session removal cookie
-
getSessionSameSiteAttribute
Gets the SameSite attribute value for the session cookie. This method should return one of the following values: "None", "Lax", or "Strict".Learn more about the SameSite attribute at: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
- Parameters:
authorizationServer
- the authorization server- Returns:
- the SameSite attribute value
-
getSavedRequestCookie
Description copied from interface:StatelessUtil
Create a cookie containing a JWT token identifying an originating request url and a redirect url. This information is used to forward the user to an authentication url. Once authenticated, the original request is completed.- Specified by:
getSavedRequestCookie
in interfaceStatelessUtil
- Parameters:
requestUrl
- the original request (e.g. /oauth/authorize)redirectUrl
- the uri to redirect to for authentication (e.g. /login)- Returns:
- a newly created session cookie
-
createSavedRequestCookie
public org.springframework.http.ResponseCookie createSavedRequestCookie(String requestUrl, String redirectUrl) Description copied from interface:StatelessUtil
Create a cookie containing a JWT token identifying an originating request url and a redirect url. This information is used to forward the user to an authentication url. Once authenticated, the original request is completed.- Specified by:
createSavedRequestCookie
in interfaceStatelessUtil
- Parameters:
requestUrl
- the original request (e.g. /oauth/authorize)redirectUrl
- the uri to redirect to for authentication (e.g. /login)- Returns:
- a newly created session cookie
-
getSameSiteAttributeForSavedRequestCookie
Gets the SameSite attribute value to use for the saved request cookies (createSavedRequestCookie(String, String)
andcreateSavedRequestRemovalCookie()
). This method should return one of the following values: "None", "Lax", or "Strict".Learn more about the SameSite attribute at: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
- Returns:
- the SameSite attribute value to use for the saved request cookies
-
getSavedRequestJwt
- Specified by:
getSavedRequestJwt
in interfaceStatelessUtil
-
getRemoveSavedRequestCookie
public jakarta.servlet.http.Cookie getRemoveSavedRequestCookie()Description copied from interface:StatelessUtil
Create a cookie that can be passed to the response to clear any existing saved request cookie in the browser.- Specified by:
getRemoveSavedRequestCookie
in interfaceStatelessUtil
- Returns:
- the newly created cookie
-
createSavedRequestRemovalCookie
public org.springframework.http.ResponseCookie createSavedRequestRemovalCookie()Description copied from interface:StatelessUtil
Create a cookie that can be passed to the response to clear any existing saved request cookie in the browser.- Specified by:
createSavedRequestRemovalCookie
in interfaceStatelessUtil
- Returns:
- the newly created cookie
- See Also:
-
verify
Description copied from interface:StatelessUtil
Verify the signature of a signed JWT inside a cookie- Specified by:
verify
in interfaceStatelessUtil
- Parameters:
token
- the cookie to verify- Returns:
- a verified and signed JWT token, or null if the given cookie has no value
-
getSessionCookieName
Description copied from interface:StatelessUtil
Get the standard name for a session cookie- Specified by:
getSessionCookieName
in interfaceStatelessUtil
- Returns:
- the cookie name used to store the session
- See Also:
-
getSessionCookieName
- Specified by:
getSessionCookieName
in interfaceStatelessUtil
-
getIssuer
- Specified by:
getIssuer
in interfaceStatelessUtil
-
getSavedRequestCookieName
Description copied from interface:StatelessUtil
Get the standard name for a saved request cookie- Specified by:
getSavedRequestCookieName
in interfaceStatelessUtil
- Returns:
- the saved request cookie name
- See Also:
-
getRemovalCookie
public org.springframework.http.ResponseCookie getRemovalCookie(jakarta.servlet.http.Cookie cookieToRemove) Description copied from interface:StatelessUtil
Returns a removal cookie for any arbitrary cookie.- Specified by:
getRemovalCookie
in interfaceStatelessUtil
- Parameters:
cookieToRemove
- The cookie to target for removal- Returns:
- A cookie that may be set on an
HttpServletResponse
to remove the supplied cookie.
-
findClient
-
findServer
-
entityMissing
-
getProperties
-
setProperties
-
getPublicKeys
-
setPublicKeys
-