Class AuthenticationController
java.lang.Object
com.broadleafcommerce.auth.user.web.endpoint.AuthenticationController
- Author:
- Nathan Moore (nathanmoore).
-
Nested Class Summary
-
Field Summary
Modifier and TypeFieldDescriptionprotected static final String
static final String
protected static final String
protected static final String
protected final BroadleafClientRegistrationRepository
protected static final String
protected static final String
protected static final String
protected static final String
protected static final String
protected static final String
-
Constructor Summary
ConstructorDescriptionAuthenticationController
(UserPasswordService<PasswordToken, User> userPasswordService, ClientRedirectService redirectService, UserLoginService loginService, UserLoginProperties properties, AuthorizedClientService<AuthorizedClient> clientService, ClientIdentityProviderProperties clientProperties, BroadleafClientRegistrationRepository clientRegistrationRepository, com.broadleafcommerce.common.extension.TypeFactory typeFactory) -
Method Summary
Modifier and TypeMethodDescriptionprotected boolean
canRedirectToRequestedUrl
(String clientId, String requestedRedirectUrl) protected String
determineChangePasswordSuccessfulRedirectUrl
(ChangePasswordForm changePasswordForm, String requestedRedirectUrl) protected String
determineLoggedInReturnUrl
(String clientId, String redirectUrl) protected String
getAuthenticationProviderCacheKey
(@NonNull AuthorizedClient client) org.springframework.web.servlet.ModelAndView
getChangePasswordView
(org.springframework.ui.Model model, ChangePasswordForm changePasswordForm, String redirectUrl) protected ClientIdentityProviderProperties
getClientProps
(@NonNull AuthorizedClient client) protected BroadleafClientRegistrationRepository
protected AuthorizedClientService<AuthorizedClient>
protected String
getDefaultRedirectUrlForClient
(String clientId) getLoginErrorView
(org.springframework.ui.Model model, String clientId) protected UserLoginService
getLoginView
(org.springframework.ui.Model model, String clientId) protected Map<String,
List<OAuth2IdentityProvider>> Deprecated, for removal: This API element is subject to removal in a future version.protected List<OAuth2IdentityProvider>
getOath2AuthenticationProviders
(@NonNull ClientIdentityProviderProperties.ClientProperties properties, boolean isAdmin) Deprecated, for removal: This API element is subject to removal in a future version.in favor ofgetOauth2AuthenticationProviders(AuthorizedClient)
.protected Map<String,
List<OAuth2IdentityProvider>> Provides caching by the type of authorized client for the appropriateOAuth2IdentityProvider
for it.protected List<OAuth2IdentityProvider>
getOauth2AuthenticationProviders
(@NonNull AuthorizedClient client) Looks at theClientRegistrations
to determine which providers are configured and then cross-checks that with theClientIdentityProviderProperties.ClientProperties
for the appropriate type ofAuthorizedClient
that is making a request, either admin or commerce, to filter the registered identity providers that are appropriate to show the user.protected UserLoginProperties
getPwResetEmailView
(org.springframework.ui.Model model, String redirectUrl, boolean credentialsExpired, String clientId) protected ClientRedirectService
getResetPasswordSuccessView
(String clientId) org.springframework.web.servlet.ModelAndView
getResetPasswordView
(org.springframework.ui.Model model, String redirectUrl, String clientId) protected com.broadleafcommerce.common.extension.TypeFactory
protected UserPasswordService<PasswordToken,
User> protected boolean
isRequestedRedirectUrlValid
(String clientId, @NonNull String requestedRedirectUrl) org.springframework.web.servlet.ModelAndView
processChangePasswordRequest
(jakarta.servlet.http.HttpServletRequest request, ChangePasswordForm changePasswordForm, String redirectUrl, org.springframework.validation.BindingResult errors, org.springframework.ui.Model model, jakarta.servlet.http.HttpServletResponse httpServletResponse) processPwResetEmailRequest
(org.springframework.ui.Model model, String redirectUrl, String username, String clientId) org.springframework.web.servlet.ModelAndView
processResetPasswordRequest
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.ui.Model model, ResetPasswordForm resetPasswordForm, String redirectUrl, org.springframework.web.servlet.mvc.support.RedirectAttributes redirectAttributes, org.springframework.validation.BindingResult errors)
-
Field Details
-
REQUEST_PASSWORD_RESET_EMAIL_VIEW
- See Also:
-
LOGIN_VIEW
- See Also:
-
RESET_PASSWORD_VIEW
- See Also:
-
RESET_PASSWORD_SUCCESS_VIEW
- See Also:
-
CHANGE_PASSWORD_VIEW
- See Also:
-
CHANGE_PASSWORD_SUCCESS_VIEW
- See Also:
-
SENT_RESET_PASSWORD_VIEW
- See Also:
-
ADMIN_PROVIDERS_KEY
- See Also:
-
COMMERCE_PROVIDERS_KEY
- See Also:
-
AUTHORIZATION_REQUEST_BASE_URI
- See Also:
-
clientRegistrationRepository
-
-
Constructor Details
-
AuthenticationController
public AuthenticationController(UserPasswordService<PasswordToken, User> userPasswordService, ClientRedirectService redirectService, UserLoginService loginService, UserLoginProperties properties, AuthorizedClientService<AuthorizedClient> clientService, ClientIdentityProviderProperties clientProperties, BroadleafClientRegistrationRepository clientRegistrationRepository, com.broadleafcommerce.common.extension.TypeFactory typeFactory)
-
-
Method Details
-
getOath2AuthenticationProviders
@Deprecated(forRemoval=true, since="1.8.7") protected Map<String,List<OAuth2IdentityProvider>> getOath2AuthenticationProviders()Deprecated, for removal: This API element is subject to removal in a future version.in favor ofoauth2AuthenticationProviders
. (This method is misspelled.) -
getLoginView
-
getLoginErrorView
-
getPwResetEmailView
-
processPwResetEmailRequest
-
getResetPasswordSuccessView
-
getResetPasswordView
-
processResetPasswordRequest
@FrameworkPostMapping("/reset-password") public org.springframework.web.servlet.ModelAndView processResetPasswordRequest(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.ui.Model model, @ModelAttribute ResetPasswordForm resetPasswordForm, @RequestParam(value="returnTo",required=false) String redirectUrl, org.springframework.web.servlet.mvc.support.RedirectAttributes redirectAttributes, org.springframework.validation.BindingResult errors) -
getOauth2AuthenticationProviders
protected List<OAuth2IdentityProvider> getOauth2AuthenticationProviders(@NonNull @NonNull AuthorizedClient client) Looks at theClientRegistrations
to determine which providers are configured and then cross-checks that with theClientIdentityProviderProperties.ClientProperties
for the appropriate type ofAuthorizedClient
that is making a request, either admin or commerce, to filter the registered identity providers that are appropriate to show the user.- Parameters:
client
- The requestingAuthorizedClient
.- Returns:
- A list of
OAuth2IdentityProvider
to add to the request model. - See Also:
-
which is used for caching the result.
-
getClientProps
protected ClientIdentityProviderProperties.ClientProperties getClientProps(@NonNull @NonNull AuthorizedClient client) -
getAuthenticationProviderCacheKey
-
getOath2AuthenticationProviders
@Deprecated(forRemoval=true, since="1.8.7") protected List<OAuth2IdentityProvider> getOath2AuthenticationProviders(@NonNull @NonNull ClientIdentityProviderProperties.ClientProperties properties, boolean isAdmin) Deprecated, for removal: This API element is subject to removal in a future version.in favor ofgetOauth2AuthenticationProviders(AuthorizedClient)
. The new method takes the client id into account to ensure correct caching. Before, all commerce clients were using the same cache entry. -
determineLoggedInReturnUrl
-
canRedirectToRequestedUrl
-
isRequestedRedirectUrlValid
-
getDefaultRedirectUrlForClient
-
getChangePasswordView
@FrameworkGetMapping("/change-password") public org.springframework.web.servlet.ModelAndView getChangePasswordView(org.springframework.ui.Model model, @ModelAttribute ChangePasswordForm changePasswordForm, @RequestParam(value="returnTo",required=false) String redirectUrl) -
processChangePasswordRequest
@FrameworkPostMapping("/change-password") public org.springframework.web.servlet.ModelAndView processChangePasswordRequest(jakarta.servlet.http.HttpServletRequest request, @ModelAttribute ChangePasswordForm changePasswordForm, @RequestParam(value="returnTo",required=false) String redirectUrl, org.springframework.validation.BindingResult errors, org.springframework.ui.Model model, jakarta.servlet.http.HttpServletResponse httpServletResponse) -
determineChangePasswordSuccessfulRedirectUrl
protected String determineChangePasswordSuccessfulRedirectUrl(ChangePasswordForm changePasswordForm, String requestedRedirectUrl) -
getChangePasswordSuccessView
@FrameworkGetMapping(path="/change-password-confirmation") public String getChangePasswordSuccessView() -
getUserPasswordService
-
getRedirectService
-
getLoginService
-
getProperties
-
getClientService
-
getClientProperties
-
getClientRegistrationRepository
-
getTypeFactory
protected com.broadleafcommerce.common.extension.TypeFactory getTypeFactory() -
getOauth2AuthenticationProviders
Provides caching by the type of authorized client for the appropriateOAuth2IdentityProvider
for it.
-
oauth2AuthenticationProviders
.