com.broadleafcommerce.auth.user.session.token.enhancer

Class CustomerContextTokenEnhancer

java.lang.Object

com.broadleafcommerce.auth.user.session.token.enhancer.AbstractUserTokenEnhancer

com.broadleafcommerce.auth.user.session.token.enhancer.CustomerContextTokenEnhancer

All Implemented Interfaces:

org.springframework.security.oauth2.provider.token.TokenEnhancer

public class CustomerContextTokenEnhancer
extends AbstractUserTokenEnhancer

Enhances tokens with the "customer_context_ids" claim. These are the customer context IDs that the user is eligible to read from.

This mainly comes into play for UserType.ADMIN and UserType.CUSTOMER users. This allows us to validate that an Admin is able to read a particular customer or customers, and that a customer can only read data within their specific customer context.

See Also:

Application.getCustomerContextId()

Constructor Summary

Constructors

Constructor and Description
CustomerContextTokenEnhancer(ApplicationService<Application> applicationService)

Method Summary

Modifier and Type	Method and Description
protected void	addCustomerContextIds(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken enhanceableToken, Collection<String> customerContextIds)
org.springframework.security.oauth2.common.OAuth2AccessToken	enhance(org.springframework.security.oauth2.common.OAuth2AccessToken accessToken, org.springframework.security.oauth2.provider.OAuth2Authentication authentication)
protected ApplicationService<Application>	getApplicationService()
protected boolean	isAssignedToApplication(User user)
protected void	setCustomerContextIds(Collection<String> customerContextIds, org.springframework.security.oauth2.common.DefaultOAuth2AccessToken enhanceableToken)

Methods inherited from class com.broadleafcommerce.auth.user.session.token.enhancer.AbstractUserTokenEnhancer

getUser, getUserService, isAnonymousCsrImpersonation, setUserContext, setUserService, shouldEnhance

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CustomerContextTokenEnhancer

public CustomerContextTokenEnhancer(ApplicationService<Application> applicationService)

Method Detail

enhance

public org.springframework.security.oauth2.common.OAuth2AccessToken enhance(org.springframework.security.oauth2.common.OAuth2AccessToken accessToken,
                                                                            org.springframework.security.oauth2.provider.OAuth2Authentication authentication)

isAssignedToApplication

protected boolean isAssignedToApplication(User user)

setCustomerContextIds

protected void setCustomerContextIds(Collection<String> customerContextIds,
                                     org.springframework.security.oauth2.common.DefaultOAuth2AccessToken enhanceableToken)

addCustomerContextIds

protected void addCustomerContextIds(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken enhanceableToken,
                                     Collection<String> customerContextIds)

getApplicationService

protected ApplicationService<Application> getApplicationService()