Class AbstractUserTokenEnhancer
- java.lang.Object
-
- com.broadleafcommerce.auth.user.session.token.enhancer.AbstractUserTokenEnhancer
-
- All Implemented Interfaces:
org.springframework.security.oauth2.provider.token.TokenEnhancer
- Direct Known Subclasses:
CustomerContextTokenEnhancer,CustomerSegmentsTokenEnhancer,TenantPropertiesTokenEnhancer,UserRestrictionTokenEnhancer,UserTokenEnhancer
public abstract class AbstractUserTokenEnhancer extends Object implements org.springframework.security.oauth2.provider.token.TokenEnhancer
Implementation ofTokenEnhancerthat has a request scoped UserContext that contains the current user to avoid repeated database reads. TokenEnhancer implementations that require access to theUsershould extend this class and retrieve the user via thegetUser(OAuth2Authentication)method.
-
-
Constructor Summary
Constructors Constructor Description AbstractUserTokenEnhancer()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description UsergetUser(org.springframework.security.oauth2.provider.OAuth2Authentication authentication)Retrieve the current authenticatedUser.protected UserService<User>getUserService()protected booleanisAnonymousCsrImpersonation(org.springframework.security.oauth2.provider.OAuth2Authentication authentication)Check whether or not the current authentication is a CSR impersonation of an anonymous user.voidsetUserContext(UserContext userContext)voidsetUserService(UserService<User> userService)protected booleanshouldEnhance(org.springframework.security.oauth2.common.OAuth2AccessToken accessToken, org.springframework.security.oauth2.provider.OAuth2Authentication authentication)Whether or not the token should be enhanced.
-
-
-
Method Detail
-
getUser
public User getUser(org.springframework.security.oauth2.provider.OAuth2Authentication authentication)
Retrieve the current authenticatedUser. This method assumes that the user is logged in and exists. In other words,OAuth2Authentication.isClientOnly()should return false if this method is to be called.Note that the user is cached at the request scope. Any calls after the first call to this method during the same request will return the same user, regardless of the argument passed.
- Parameters:
authentication- TheOAuth2Authenticationobject passed toTokenEnhancer.enhance(OAuth2AccessToken, OAuth2Authentication)- Returns:
- The currently authenticated user.
- Throws:
com.broadleafcommerce.data.tracking.core.exception.EntityMissingException- ifUseris not found.- See Also:
TokenEnhancerUtil.readUserId(OAuth2Authentication)
-
isAnonymousCsrImpersonation
protected boolean isAnonymousCsrImpersonation(org.springframework.security.oauth2.provider.OAuth2Authentication authentication)
Check whether or not the current authentication is a CSR impersonation of an anonymous user.- Parameters:
authentication- TheOAuth2Authenticationobject passed toTokenEnhancer.enhance(OAuth2AccessToken, OAuth2Authentication)- Returns:
- Whether the current authentication is a CSR impersonation of an anonymous user
-
shouldEnhance
protected boolean shouldEnhance(org.springframework.security.oauth2.common.OAuth2AccessToken accessToken, org.springframework.security.oauth2.provider.OAuth2Authentication authentication)Whether or not the token should be enhanced.- Parameters:
accessToken- the current access token with its expiration and refresh tokenauthentication- TheOAuth2Authenticationobject passed toTokenEnhancer.enhance(OAuth2AccessToken, OAuth2Authentication)- Returns:
- Whether or not the token should be enhanced.
-
setUserService
@Autowired public void setUserService(@NonNull UserService<User> userService)
-
setUserContext
@Autowired public void setUserContext(UserContext userContext)
-
getUserService
protected UserService<User> getUserService()
-
-