Package com.broadleafcommerce.auth.authorization.security.rememberme.service

Class RememberMeCookieUtility

java.lang.Object
com.broadleafcommerce.auth.authorization.security.rememberme.service.RememberMeCookieUtility
public class RememberMeCookieUtility extends Object
Component centralizing operations on the 'remember-me' auto-login cookie.

  • Constructor Details

  • Method Details

    • getAutoLoginCookieName

      public String getAutoLoginCookieName(AuthorizedClient authorizedClient, AuthorizationServer authorizationServer)
      For the given client and server (expected to be related), return the name of the auto-login remember me cookie.
      Parameters:
      authorizedClient - the authorized client to get the auto-login cookie name for
      authorizationServer - the authorization server to get the auto-login cookie name for
      Returns:
      the name of the auto-login cookie

    • getPresentedAutoLoginCookie

      @Nullable public jakarta.servlet.http.Cookie getPresentedAutoLoginCookie(jakarta.servlet.http.HttpServletRequest request, AuthorizedClient authorizedClient, AuthorizationServer authorizationServer)

      Gets the presented auto-login remember me cookie corresponding to the given authorizedClient/authorizationServer.

      Adapted from extractRememberMeCookie() in AbstractRememberMeServices.

      Parameters:
      request - the request from which to find the auto-login cookie
      authorizedClient - the client for which to find a presented auto-login cookie
      authorizationServer - the server for which to find a presented auto-login cookie
      Returns:
      the found auto-login remember me cookie that corresponds to the given client/server, else null

    • buildAutoLoginCookie

      public jakarta.servlet.http.Cookie buildAutoLoginCookie(String cookieValue, int maxAge, AuthorizedClient authorizedClient, AuthorizationServer authorizationServer, jakarta.servlet.http.HttpServletRequest request)

      For the given client and server (expected to be related), build a response Cookie that establishes a new/updated auto-login remember me cookie.

      Largely adapted from setCookie() in AbstractRememberMeServices.

      Parameters:
      cookieValue - the value of the cookie to set
      maxAge - the Cookie.getMaxAge() to set. Usually the caller should set this value to match RememberMeLoginProperties.AutoLoginCookieProperties.getTokenValidityDuration().
      authorizedClient - the authorized client for which to build the cookie
      authorizationServer - the authorization server for which to build the cookie
      request - the request for which the cookie should be built
      Returns:
      an auto-login remember me cookie that can be issued in a response

    • buildAutoLoginRemovalCookie

      public jakarta.servlet.http.Cookie buildAutoLoginRemovalCookie(AuthorizedClient authorizedClient, AuthorizationServer authorizationServer, jakarta.servlet.http.HttpServletRequest request)

      For the given client and server (expected to be related), build a response Cookie that revokes a previously issued auto-login remember me cookie.

      Largely adapted from cancelCookie() in AbstractRememberMeServices.

      Parameters:
      authorizedClient - the authorized client for which to build the removal cookie
      authorizationServer - the authorization server for which to build the removal cookie
      request - the request for which the removal cookie should be built
      Returns:
      a response cookie that unsets a previously issued auto-login remember me cookie

    • getRememberMeLoginProperties

      protected RememberMeLoginProperties getRememberMeLoginProperties()