Package com.broadleafcommerce.auth.user.web.authentication.session

Class AbstractAuthenticationStrategyDelegate<T extends org.springframework.security.core.Authentication>

java.lang.Object
com.broadleafcommerce.auth.user.web.authentication.session.AbstractAuthenticationStrategyDelegate<T>
All Implemented Interfaces:
AuthenticationStrategyDelegate
Direct Known Subclasses:
AbstractOAuthClientAuthenticationStrategyDelegate
@Order(0) public abstract class AbstractAuthenticationStrategyDelegate<T extends org.springframework.security.core.Authentication> extends Object implements AuthenticationStrategyDelegate
Abstract AuthenticationStrategyDelegate for converting Authentication to OAuth2UserDetails. This class handles registering new users if necessary. Child classes should implement the abstract methods to map required fields from their specific Authentication token.
Author:
Cade Rea (cade-rea)

  • Constructor Details

  • Method Details

    • getClientId

      protected abstract String getClientId(T authentication)
      Get the Broadleaf Client ID from the authentication token.
      Parameters:
      authentication - The User's OAuth token issued by the third-party IDP.
      Returns:
      The Broadleaf Client ID from the authentication token.

    • getEmail

      protected abstract String getEmail(T authentication)
      Get the user's email address from the authentication token.
      Parameters:
      authentication - The User's OAuth token issued by the third-party IDP.
      Returns:
      The user's email address from the authentication token.

    • getName

      protected abstract String getName(T authentication)
      Get the user's name from the authentication token.
      Parameters:
      authentication - The User's OAuth token issued by the third-party IDP.
      Returns:
      The user's name from the authentication token.

    • buildUsername

      protected abstract String buildUsername(T authentication)
      Build a username from the authentication token.
      Parameters:
      authentication - The User's OAuth token issued by the third-party IDP.
      Returns:
      A username derived from the authentication token.

    • getOAuth2UserDetails

      public OAuth2UserDetails getOAuth2UserDetails(org.springframework.security.core.Authentication authentication, @Nullable AuthorizedClient client)
      Get the clientId and username from the token to load from the database. Register new users if necessary and allowed.
      Specified by:
      getOAuth2UserDetails in interface AuthenticationStrategyDelegate
      Parameters:
      authentication - The User's OAuth token issued by the third-party IDP.
      client - The AuthorizedClient the User is logging in with.
      Returns:
      An OAuth2UserDetails with user data and user authorities.

    • handleAdminLogin

      protected void handleAdminLogin(T authToken, @Nullable AuthorizedClient client, String username)
      Perform various checks to ensure this is an admin login before invoking the ExternalAdminUserHandler.
      Parameters:
      authToken - The User's OAuth token issued by the third-party IDP.
      client - The AuthorizedClient the User is logging in with.
      username - The username of the User being authenticated.

    • isThirdPartyAuth

      protected boolean isThirdPartyAuth(org.springframework.security.core.Authentication authentication)
      Determine if this is a third party authentication. Default implementation always returns true.
      Parameters:
      authentication - The authentication object
      Returns:
      true if this login originated from a third party, else false.

    • registerNewUser

      @Deprecated protected void registerNewUser(@NonNull T authentication, String clientId, String username)
      Deprecated.
      use registerNewUser(Authentication, AuthorizedClient, String, String)
      Register a new user if allowed.
      Parameters:
      authentication - The authentication token for the user
      clientId - The ID of the client to authenticate with
      username - The username of the user

    • registerNewUser

      protected void registerNewUser(@NonNull T authentication, @Nullable AuthorizedClient client, String username, String clientId)
      Register a new customer user or create an admin if allowed.
      Parameters:
      authentication - The authentication token for the user
      client - The authorized client
      username - The username of the user
      clientId - The ID of the client. This can be used for non-admin user registration if the client is null.

    • createAdminUser

      protected void createAdminUser(T authentication, AuthorizedClient client, String username)
      Invoke the ExternalAdminUserHandler to create a new admin user.
      Parameters:
      authentication - The authentication token for the user
      client - The authorized client
      username - The username of the user

    • isAutoRegister

      @Deprecated protected boolean isAutoRegister(String clientId)
      Deprecated.
      Use isAutoRegister(AuthorizedClient) instead.
      Check the client service and properties to determine if auto registration for new users is enabled.
      Parameters:
      clientId - ID of the AuthorizedClient a user is trying to authenticate with
      Returns:
      Whether the client allows auto-registering new users when they sign in.

    • isAutoRegister

      protected boolean isAutoRegister(AuthorizedClient client)
      Check the client service and properties to determine if auto registration for new users is enabled.
      Parameters:
      client - The authorized client
      Returns:
      Whether the client allows auto-registering new users when they sign in.

    • getAuthorizedClient

      protected AuthorizedClient getAuthorizedClient(String clientId)
      Fetches an AuthorizedClient for the given clientId.
      Parameters:
      clientId - The ID of the client to fetch
      Returns:
      The client matching clientId
      Throws:
      com.broadleafcommerce.data.tracking.core.exception.EntityMissingException - if no client is found

    • getUsername

      protected String getUsername(@NonNull T authentication, boolean emailAsUsername)
      Get the username from the authentication token. This could be a username or email address, depending on the emailAsUsername parameter
      Parameters:
      authentication - The user's Authentication.
      emailAsUsername - Whether the user's email is also the username
      Returns:
      The user's username

    • buildUserRegistration

      protected UserRegistration buildUserRegistration(@NonNull T authentication, String clientId, String username)
      Build a UserRegistration from the authentication token.
      Parameters:
      authentication - The user's Authentication.
      clientId - The ID of the client authenticated with
      username - The username of the user
      Returns:
      The UserRegistration for the user.

    • generateRandomPassword

      protected String generateRandomPassword()
      Create a random password for the User.
      Returns:
      a secure, random String

    • getUserType

      protected String getUserType(String clientId)
      Determines the appropriate type of user for the AuthorizedClient matching the given clientId.
      Parameters:
      clientId - The ID of the client to check the user's type against
      Returns:
      The type of the user given the type of the AuthorizedClient matching clientId.

    • getOAuth2UserDetailsService

      protected OAuth2UserDetailsService getOAuth2UserDetailsService()

    • getRegistrationService

      protected UserRegistrationService<User> getRegistrationService()

    • getRegistrationProperties

      protected AuthRegistrationProperties getRegistrationProperties()

    • getClientService

      protected AuthorizedClientService<AuthorizedClient> getClientService()

    • getClientProperties

      protected ClientIdentityProviderProperties getClientProperties()

    • getTypeFactory

      protected com.broadleafcommerce.common.extension.TypeFactory getTypeFactory()

    • getPasswordGenerator

      protected PasswordGenerator getPasswordGenerator()

    • setExternalAdminUserHandler

      public void setExternalAdminUserHandler(@Nullable ExternalAdminUserHandler<T> externalAdminUserHandler)
      The service responsible for creating admin users that have logged in via third party IDP. This is optional and only required if the delegate implementation handles third party admin login/creation.
      Parameters:
      externalAdminUserHandler - The external admin creation service to use when creating admins.

    • getExternalAdminUserHandler

      @Nullable protected ExternalAdminUserHandler<T> getExternalAdminUserHandler()
      The service responsible for creating admin users that have logged in via third party IDP. This is optional and only required if the delegate implementation handles third party admin login/creation.
      Returns:
      The external admin creation service to use when creating admins.