Package com.broadleafcommerce.auth.user.service

Class DefaultSessionAuthenticationStrategy

java.lang.Object
com.broadleafcommerce.auth.user.service.DefaultSessionAuthenticationStrategy
All Implemented Interfaces:
org.springframework.security.web.authentication.session.SessionAuthenticationStrategy
public class DefaultSessionAuthenticationStrategy extends Object implements org.springframework.security.web.authentication.session.SessionAuthenticationStrategy
This is used to set the session cookie after successful authentication. It is intended to be used for all authentication types. Each authentication flow should register its own AuthenticationStrategyDelegate to facilitate loading an OAuth2UserDetails from an Authentication.

  • Constructor Details

  • Method Details

    • onAuthentication

      public void onAuthentication(@NonNull @NonNull org.springframework.security.core.Authentication authentication, @NonNull @NonNull jakarta.servlet.http.HttpServletRequest request, @NonNull @NonNull jakarta.servlet.http.HttpServletResponse response) throws org.springframework.security.web.authentication.session.SessionAuthenticationException
      Specified by:
      onAuthentication in interface org.springframework.security.web.authentication.session.SessionAuthenticationStrategy
      Throws:
      org.springframework.security.web.authentication.session.SessionAuthenticationException

    • shouldSetCookie

      protected boolean shouldSetCookie(@NonNull @NonNull org.springframework.security.core.Authentication authentication, @NonNull @NonNull jakarta.servlet.http.HttpServletRequest request, @NonNull @NonNull jakarta.servlet.http.HttpServletResponse response)
      Determine if the session cookie should be set on the response.
      Parameters:
      authentication - The successful session authentication.
      request - The web request
      response - The web response
      Returns:
      True if the session cookie should be added to the response, false otherwise.

    • getSupportingAuthenticationStrategyDelegate

      protected AuthenticationStrategyDelegate getSupportingAuthenticationStrategyDelegate(@NonNull @NonNull org.springframework.security.core.Authentication authentication, @Nullable AuthorizedClient authorizedClient)

    • getOAuth2UserDetails

      protected OAuth2UserDetails getOAuth2UserDetails(@NonNull @NonNull AuthenticationStrategyDelegate delegate, @NonNull @NonNull org.springframework.security.core.Authentication authentication, @Nullable AuthorizedClient client)

    • getClient

      @Nullable protected AuthorizedClient getClient(org.springframework.security.core.Authentication authentication)

    • setSessionCookie

      protected void setSessionCookie(@NonNull @NonNull jakarta.servlet.http.HttpServletResponse response, @NonNull @NonNull AuthenticationStrategyDelegate delegate, @NonNull @NonNull org.springframework.security.core.Authentication authentication, @Nullable AuthorizedClient authorizedClient, @NonNull @NonNull OAuth2UserDetails oAuth2UserDetails)

    • populateThirdPartyLoginClaimsIfApplicable

      protected void populateThirdPartyLoginClaimsIfApplicable(@NonNull @NonNull AuthenticationStrategyDelegate delegate, @NonNull @NonNull org.springframework.security.core.Authentication authentication, @Nullable AuthorizedClient authorizedClient, @NonNull @NonNull OAuth2UserDetails oAuth2UserDetails, Map<String,Object> destinationClaimsMap)
      If this is a session token issued after successful third party login, set additional claims on the session token.
      Parameters:
      delegate - the AuthenticationStrategyDelegate that was determined to support this authentication
      authentication - the Authentication that was just successfully authenticated. For third-party login, this is usually OAuth2AuthenticationToken
      authorizedClient - (optional) the Broadleaf AuthorizedClient this authentication was for
      oAuth2UserDetails - the user details that were built for the current authentication by delegate
      destinationClaimsMap - the map of claims this method will populate. These will go on the final session token.

    • populateRememberMeLoginClaimsIfApplicable

      protected void populateRememberMeLoginClaimsIfApplicable(@NonNull @NonNull org.springframework.security.core.Authentication authentication, Map<String,Object> destinationClaimsMap)
      If this is a session token issued after successful remember-me auto-login, set additional claims on the session token.
      Parameters:
      authentication - the Authentication that was just successfully authenticated. If auto-login was performed, this is usually RememberMeAuthenticationToken
      destinationClaimsMap - the map of claims this method will populate. These will go on the final session token.

    • getStatelessUtil

      protected StatelessUtil getStatelessUtil()

    • getAuthenticationStrategyDelegates

      protected List<AuthenticationStrategyDelegate> getAuthenticationStrategyDelegates()

    • getClientService

      protected AuthorizedClientService<AuthorizedClient> getClientService()