Package com.xebialabs.platform.sso.oidc.web

Class CustomAuthorizationRequestResolver

  • All Implemented Interfaces:
    org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver
    public class CustomAuthorizationRequestResolver
extends java.lang.Object
implements org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver
    A PKCE add-on for DefaultOAuth2AuthorizationRequestResolver that attempts to resolve an OAuth2AuthorizationRequest from the provided HttpServletRequest using the default request URI pattern /oauth2/authorization/{registrationId}. By default for confidential clients, Spring-Security does not provide support for PKCE. It is default for public clients. Once https://github.com/spring-projects/spring-security/pull/7804 is merged, PKCE with confidential clients will be the default behavior. And this custom request resolver can be removed. Learn more about this custom class https://developer.okta.com/blog/2020/01/23/pkce-oauth2-spring-boot#making-pkce-work-for-confidential-clients-in-spring-security
    See Also:
    DefaultOAuth2AuthorizationRequestResolver, OAuth2AuthorizationRequestResolver, OAuth2AuthorizationRequestRedirectFilter

    • Constructor Summary

      Constructors 
      Constructor Description
      CustomAuthorizationRequestResolver​(org.springframework.security.oauth2.client.registration.ClientRegistrationRepository repo, java.lang.String authorizationRequestBaseUri)  
      CustomAuthorizationRequestResolver​(org.springframework.security.oauth2.client.registration.ClientRegistrationRepository repo, java.lang.String authorizationRequestBaseUri, java.util.Map<java.lang.String,​java.lang.Object> additionalParameters)  

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest resolve​(javax.servlet.http.HttpServletRequest servletRequest)  
      org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest resolve​(javax.servlet.http.HttpServletRequest servletRequest, java.lang.String clientRegistrationId)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • CustomAuthorizationRequestResolver

        public CustomAuthorizationRequestResolver​(org.springframework.security.oauth2.client.registration.ClientRegistrationRepository repo,
                                          java.lang.String authorizationRequestBaseUri,
                                          java.util.Map<java.lang.String,​java.lang.Object> additionalParameters)

      • CustomAuthorizationRequestResolver

        public CustomAuthorizationRequestResolver​(org.springframework.security.oauth2.client.registration.ClientRegistrationRepository repo,
                                          java.lang.String authorizationRequestBaseUri)

    • Method Detail

      • resolve

        public org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest resolve​(javax.servlet.http.HttpServletRequest servletRequest)
        Specified by:
        resolve in interface org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver

      • resolve

        public org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest resolve​(javax.servlet.http.HttpServletRequest servletRequest,
                                                                                            java.lang.String clientRegistrationId)
        Specified by:
        resolve in interface org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver