com.broadleafcommerce.auth.user.endpoint

Class DefaultImpersonationRequestValidator

java.lang.Object

com.broadleafcommerce.auth.user.endpoint.DefaultImpersonationRequestValidator

All Implemented Interfaces:

ImpersonationRequestValidator

public class DefaultImpersonationRequestValidator
extends Object
implements ImpersonationRequestValidator

Default implementation of ImpersonationRequestValidator that validates that the CSR has authority to impersonate, the impersonated target exists, and that the impersonated target has chosen to allow impersonation.

Author:

Nick Crum (ncrum)

Field Summary

Fields

Modifier and Type	Field and Description
static String	DISABLED_USER
static String	EXPIRED_USER
static String	IMPERSONATION_DISABLED
static String	LOCKED_USER
static String	NO_USER
static String	NON_ADMIN_CLIENT
static String	NON_APP_CLIENT
static String	NOT_AUTHORIZED_FOR_APP
static String	REQUEST_FIELD_BLANK
static String	TENANT_MISMATCH
static String	TOKEN_FIELD_BLANK

Constructor Summary

Constructors

Constructor and Description
DefaultImpersonationRequestValidator(UserService<User> userService, AuthorizedClientService<AuthorizedClient> authorizedClientService, AuthorizationServerService<AuthorizationServer> authorizationServerService, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver)

Method Summary

Modifier and Type	Method and Description
protected AuthorizedClient	getCsrClient(String clientId)
protected User	getCsrUser(String userId)
protected AuthorizedClient	getImpersonatedClient(OAuth2UserDetails impersonatedUser)
protected AuthorizedClient	getImpersonatedClient(String clientId)
protected boolean	isNotAuthorizedForApplication(User user, String applicationId)
protected boolean	isNotSameTenant(AuthorizedClient impersonatedClient, AuthorizedClient csrClient)
void	validateAnonymousImpersonation(ImpersonationRequest impersonationRequest, String impersonatedClientId, String csrUserId) Validates that the CSR can impersonate an anonymous user in the client.
protected void	validateClientImpersonation(ImpersonationRequest impersonationRequest, AuthorizedClient impersonatedClient, String csrUserId)
void	validateImpersonationRequest(ImpersonationRequest impersonationRequest) Validate that an impersonation request is valid.
void	validateImpersonationRequestToken(ImpersonationRequestToken impersonationRequestToken) Validate that an impersonation request token is valid.
void	validateUserImpersonation(ImpersonationRequest impersonationRequest, OAuth2UserDetails impersonatedUser, String csrUserId) Validates that the user requested to be impersonated is able to be impersonated.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

NO_USER

public static final String NO_USER

See Also:

Constant Field Values

DISABLED_USER

public static final String DISABLED_USER

See Also:

Constant Field Values

EXPIRED_USER

public static final String EXPIRED_USER

See Also:

Constant Field Values

LOCKED_USER

public static final String LOCKED_USER

See Also:

Constant Field Values

IMPERSONATION_DISABLED

public static final String IMPERSONATION_DISABLED

See Also:

Constant Field Values

NON_APP_CLIENT

public static final String NON_APP_CLIENT

See Also:

Constant Field Values

NON_ADMIN_CLIENT

public static final String NON_ADMIN_CLIENT

See Also:

Constant Field Values

TENANT_MISMATCH

public static final String TENANT_MISMATCH

See Also:

Constant Field Values

NOT_AUTHORIZED_FOR_APP

public static final String NOT_AUTHORIZED_FOR_APP

See Also:

Constant Field Values

REQUEST_FIELD_BLANK

public static final String REQUEST_FIELD_BLANK

See Also:

Constant Field Values

TOKEN_FIELD_BLANK

public static final String TOKEN_FIELD_BLANK

See Also:

Constant Field Values

Constructor Detail

DefaultImpersonationRequestValidator

public DefaultImpersonationRequestValidator(UserService<User> userService,
                                            AuthorizedClientService<AuthorizedClient> authorizedClientService,
                                            AuthorizationServerService<AuthorizationServer> authorizationServerService,
                                            org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService,
                                            org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver)

Method Detail

validateUserImpersonation

public void validateUserImpersonation(ImpersonationRequest impersonationRequest,
                                      OAuth2UserDetails impersonatedUser,
                                      String csrUserId)

Description copied from interface: ImpersonationRequestValidator

Validates that the user requested to be impersonated is able to be impersonated. Validation includes various properties of a user, such as expired, locked, impersonation disabled, etc.

Specified by:

validateUserImpersonation in interface ImpersonationRequestValidator

Parameters:

impersonationRequest - The impersonation request.

impersonatedUser - The user to be impersonated.

csrUserId - The user ID of the user initiating the impersonation request.

validateAnonymousImpersonation

public void validateAnonymousImpersonation(ImpersonationRequest impersonationRequest,
                                           String impersonatedClientId,
                                           String csrUserId)

Description copied from interface: ImpersonationRequestValidator

Validates that the CSR can impersonate an anonymous user in the client. Validation includes the access of the CSR to the requested client.

Specified by:

validateAnonymousImpersonation in interface ImpersonationRequestValidator

Parameters:

impersonationRequest - The impersonation request.

impersonatedClientId - The ID of client to impersonate in

csrUserId - The user ID of the user initiating the impersonation request.

validateImpersonationRequest

public void validateImpersonationRequest(ImpersonationRequest impersonationRequest)

Description copied from interface: ImpersonationRequestValidator

Validate that an impersonation request is valid.

Specified by:

validateImpersonationRequest in interface ImpersonationRequestValidator

Parameters:

impersonationRequest - This impersonation request.

validateImpersonationRequestToken

public void validateImpersonationRequestToken(ImpersonationRequestToken impersonationRequestToken)

Description copied from interface: ImpersonationRequestValidator

Validate that an impersonation request token is valid.

Specified by:

validateImpersonationRequestToken in interface ImpersonationRequestValidator

Parameters:

impersonationRequestToken - This impersonation request token.

validateClientImpersonation

protected void validateClientImpersonation(ImpersonationRequest impersonationRequest,
                                           AuthorizedClient impersonatedClient,
                                           String csrUserId)

getCsrUser

protected User getCsrUser(String userId)

getImpersonatedClient

protected AuthorizedClient getImpersonatedClient(OAuth2UserDetails impersonatedUser)

getImpersonatedClient

protected AuthorizedClient getImpersonatedClient(String clientId)

getCsrClient

protected AuthorizedClient getCsrClient(String clientId)

isNotSameTenant

protected boolean isNotSameTenant(AuthorizedClient impersonatedClient,
                                  AuthorizedClient csrClient)

isNotAuthorizedForApplication

protected boolean isNotAuthorizedForApplication(User user,
                                                String applicationId)