Class DefaultImpersonationRequestValidator
- java.lang.Object
-
- com.broadleafcommerce.auth.user.endpoint.DefaultImpersonationRequestValidator
-
- All Implemented Interfaces:
ImpersonationRequestValidator
public class DefaultImpersonationRequestValidator extends Object implements ImpersonationRequestValidator
Default implementation ofImpersonationRequestValidatorthat validates that the CSR has authority to impersonate, the impersonated target exists, and that the impersonated target has chosen to allow impersonation.- Author:
- Nick Crum (ncrum)
-
-
Field Summary
Fields Modifier and Type Field Description static StringDISABLED_USERstatic StringEXPIRED_USERstatic StringIMPERSONATION_DISABLEDstatic StringLOCKED_USERstatic StringNO_USERstatic StringNON_ADMIN_CLIENTstatic StringNON_APP_CLIENTstatic StringNOT_AUTHORIZED_FOR_APPstatic StringREQUEST_FIELD_BLANKstatic StringTENANT_MISMATCHstatic StringTOKEN_FIELD_BLANK
-
Constructor Summary
Constructors Constructor Description DefaultImpersonationRequestValidator(UserService<User> userService, AuthorizedClientService<AuthorizedClient> authorizedClientService, AuthorizationServerService<AuthorizationServer> authorizationServerService, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected AuthorizedClientgetCsrClient(String clientId)protected UsergetCsrUser(String userId)protected AuthorizedClientgetImpersonatedClient(OAuth2UserDetails impersonatedUser)protected AuthorizedClientgetImpersonatedClient(String clientId)protected booleanisNotAuthorizedForApplication(User user, String applicationId)protected booleanisNotSameTenant(AuthorizedClient impersonatedClient, AuthorizedClient csrClient)voidvalidateAnonymousImpersonation(ImpersonationRequest impersonationRequest, String impersonatedClientId, String csrUserId)Validates that the CSR can impersonate an anonymous user in the client.protected voidvalidateClientImpersonation(ImpersonationRequest impersonationRequest, AuthorizedClient impersonatedClient, String csrUserId)voidvalidateImpersonationRequest(ImpersonationRequest impersonationRequest)Validate that an impersonation request is valid.voidvalidateImpersonationRequestToken(ImpersonationRequestToken impersonationRequestToken)Validate that an impersonation request token is valid.voidvalidateUserImpersonation(ImpersonationRequest impersonationRequest, OAuth2UserDetails impersonatedUser, String csrUserId)Validates that the user requested to be impersonated is able to be impersonated.
-
-
-
Field Detail
-
NO_USER
public static final String NO_USER
- See Also:
- Constant Field Values
-
DISABLED_USER
public static final String DISABLED_USER
- See Also:
- Constant Field Values
-
EXPIRED_USER
public static final String EXPIRED_USER
- See Also:
- Constant Field Values
-
LOCKED_USER
public static final String LOCKED_USER
- See Also:
- Constant Field Values
-
IMPERSONATION_DISABLED
public static final String IMPERSONATION_DISABLED
- See Also:
- Constant Field Values
-
NON_APP_CLIENT
public static final String NON_APP_CLIENT
- See Also:
- Constant Field Values
-
NON_ADMIN_CLIENT
public static final String NON_ADMIN_CLIENT
- See Also:
- Constant Field Values
-
TENANT_MISMATCH
public static final String TENANT_MISMATCH
- See Also:
- Constant Field Values
-
NOT_AUTHORIZED_FOR_APP
public static final String NOT_AUTHORIZED_FOR_APP
- See Also:
- Constant Field Values
-
REQUEST_FIELD_BLANK
public static final String REQUEST_FIELD_BLANK
- See Also:
- Constant Field Values
-
TOKEN_FIELD_BLANK
public static final String TOKEN_FIELD_BLANK
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
DefaultImpersonationRequestValidator
public DefaultImpersonationRequestValidator(UserService<User> userService, AuthorizedClientService<AuthorizedClient> authorizedClientService, AuthorizationServerService<AuthorizationServer> authorizationServerService, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver)
-
-
Method Detail
-
validateUserImpersonation
public void validateUserImpersonation(ImpersonationRequest impersonationRequest, OAuth2UserDetails impersonatedUser, String csrUserId)
Description copied from interface:ImpersonationRequestValidatorValidates that the user requested to be impersonated is able to be impersonated. Validation includes various properties of a user, such as expired, locked, impersonation disabled, etc.- Specified by:
validateUserImpersonationin interfaceImpersonationRequestValidator- Parameters:
impersonationRequest- The impersonation request.impersonatedUser- The user to be impersonated.csrUserId- The user ID of the user initiating the impersonation request.
-
validateAnonymousImpersonation
public void validateAnonymousImpersonation(ImpersonationRequest impersonationRequest, String impersonatedClientId, String csrUserId)
Description copied from interface:ImpersonationRequestValidatorValidates that the CSR can impersonate an anonymous user in the client. Validation includes the access of the CSR to the requested client.- Specified by:
validateAnonymousImpersonationin interfaceImpersonationRequestValidator- Parameters:
impersonationRequest- The impersonation request.impersonatedClientId- The ID of client to impersonate incsrUserId- The user ID of the user initiating the impersonation request.
-
validateImpersonationRequest
public void validateImpersonationRequest(ImpersonationRequest impersonationRequest)
Description copied from interface:ImpersonationRequestValidatorValidate that an impersonation request is valid.- Specified by:
validateImpersonationRequestin interfaceImpersonationRequestValidator- Parameters:
impersonationRequest- This impersonation request.
-
validateImpersonationRequestToken
public void validateImpersonationRequestToken(ImpersonationRequestToken impersonationRequestToken)
Description copied from interface:ImpersonationRequestValidatorValidate that an impersonation request token is valid.- Specified by:
validateImpersonationRequestTokenin interfaceImpersonationRequestValidator- Parameters:
impersonationRequestToken- This impersonation request token.
-
validateClientImpersonation
protected void validateClientImpersonation(ImpersonationRequest impersonationRequest, AuthorizedClient impersonatedClient, String csrUserId)
-
getImpersonatedClient
protected AuthorizedClient getImpersonatedClient(OAuth2UserDetails impersonatedUser)
-
getImpersonatedClient
protected AuthorizedClient getImpersonatedClient(String clientId)
-
getCsrClient
protected AuthorizedClient getCsrClient(String clientId)
-
isNotSameTenant
protected boolean isNotSameTenant(AuthorizedClient impersonatedClient, AuthorizedClient csrClient)
-
-