Package org.springframework.security.oauth2.client.web

Class AuthenticatedPrincipalOAuth2AuthorizedClientRepository

java.lang.Object

org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository

All Implemented Interfaces:

OAuth2AuthorizedClientRepository

public final class AuthenticatedPrincipalOAuth2AuthorizedClientRepository
extends Object
implements OAuth2AuthorizedClientRepository

An implementation of an OAuth2AuthorizedClientRepository that delegates to the provided OAuth2AuthorizedClientService if the current Principal is authenticated, otherwise, to the default (or provided) OAuth2AuthorizedClientRepository if the current request is unauthenticated (or anonymous). The default OAuth2AuthorizedClientRepository is HttpSessionOAuth2AuthorizedClientRepository.

Since:

5.1

See Also:

• OAuth2AuthorizedClientRepository
• OAuth2AuthorizedClient
• OAuth2AuthorizedClientService
• HttpSessionOAuth2AuthorizedClientRepository

Constructor Summary

Constructors

Constructor	Description
AuthenticatedPrincipalOAuth2AuthorizedClientRepository(OAuth2AuthorizedClientService authorizedClientService)	Constructs a AuthenticatedPrincipalOAuth2AuthorizedClientRepository using the provided parameters.

Method Summary

Modifier and Type	Method	Description
<T extends OAuth2AuthorizedClient> T	loadAuthorizedClient(String clientRegistrationId, Authentication principal, jakarta.servlet.http.HttpServletRequest request)	Returns the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User Authentication (Resource Owner) or null if not available.
void	removeAuthorizedClient(String clientRegistrationId, Authentication principal, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)	Removes the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User Authentication (Resource Owner).
void	saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient, Authentication principal, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)	Saves the OAuth2AuthorizedClient associating it to the provided End-User Authentication (Resource Owner).
void	setAnonymousAuthorizedClientRepository(OAuth2AuthorizedClientRepository anonymousAuthorizedClientRepository)	Sets the OAuth2AuthorizedClientRepository used for requests that are unauthenticated (or anonymous).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AuthenticatedPrincipalOAuth2AuthorizedClientRepository

public AuthenticatedPrincipalOAuth2AuthorizedClientRepository(OAuth2AuthorizedClientService authorizedClientService)

Constructs a AuthenticatedPrincipalOAuth2AuthorizedClientRepository using the provided parameters.

Parameters:

authorizedClientService - the authorized client service

Method Details

setAnonymousAuthorizedClientRepository

public void setAnonymousAuthorizedClientRepository(OAuth2AuthorizedClientRepository anonymousAuthorizedClientRepository)

Sets the OAuth2AuthorizedClientRepository used for requests that are unauthenticated (or anonymous). The default is HttpSessionOAuth2AuthorizedClientRepository.

Parameters:

anonymousAuthorizedClientRepository - the repository used for requests that are unauthenticated (or anonymous)

loadAuthorizedClient

public <T extends OAuth2AuthorizedClient> T loadAuthorizedClient(String clientRegistrationId,
 Authentication principal,
 jakarta.servlet.http.HttpServletRequest request)

Description copied from interface: OAuth2AuthorizedClientRepository

Returns the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User Authentication (Resource Owner) or null if not available.

Specified by:

loadAuthorizedClient in interface OAuth2AuthorizedClientRepository

Type Parameters:

T - a type of OAuth2AuthorizedClient

Parameters:

clientRegistrationId - the identifier for the client's registration

principal - the End-User Authentication (Resource Owner)

request - the HttpServletRequest

Returns:

the OAuth2AuthorizedClient or null if not available

saveAuthorizedClient

public void saveAuthorizedClient(OAuth2AuthorizedClient authorizedClient,
 Authentication principal,
 jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response)

Description copied from interface: OAuth2AuthorizedClientRepository

Saves the OAuth2AuthorizedClient associating it to the provided End-User Authentication (Resource Owner).

Specified by:

saveAuthorizedClient in interface OAuth2AuthorizedClientRepository

Parameters:

authorizedClient - the authorized client

principal - the End-User Authentication (Resource Owner)

request - the HttpServletRequest

response - the HttpServletResponse

removeAuthorizedClient

public void removeAuthorizedClient(String clientRegistrationId,
 Authentication principal,
 jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response)

Description copied from interface: OAuth2AuthorizedClientRepository

Removes the OAuth2AuthorizedClient associated to the provided client registration identifier and End-User Authentication (Resource Owner).

Specified by:

removeAuthorizedClient in interface OAuth2AuthorizedClientRepository

Parameters:

clientRegistrationId - the identifier for the client's registration

principal - the End-User Authentication (Resource Owner)

request - the HttpServletRequest

response - the HttpServletResponse