Package com.broadleafcommerce.auth.user.session.token.enhancer

Class CustomerContextTokenEnhancer

  • All Implemented Interfaces:
    org.springframework.security.oauth2.provider.token.TokenEnhancer
    public class CustomerContextTokenEnhancer
extends AbstractUserTokenEnhancer
    Enhances tokens with the "customer_context_ids" claim. These are the customer context IDs that the user is eligible to read from.

    This mainly comes into play for UserType.ADMIN and UserType.CUSTOMER users. This allows us to validate that an Admin is able to read a particular customer or customers, and that a customer can only read data within their specific customer context.

    See Also:
    Application.getCustomerContextId()

    • Method Detail

      • enhance

        public org.springframework.security.oauth2.common.OAuth2AccessToken enhance​(org.springframework.security.oauth2.common.OAuth2AccessToken accessToken,
                                                                            org.springframework.security.oauth2.provider.OAuth2Authentication authentication)

      • isAssignedToApplication

        protected boolean isAssignedToApplication​(User user)

      • setCustomerContextIds

        protected void setCustomerContextIds​(Collection<String> customerContextIds,
                                     org.springframework.security.oauth2.common.DefaultOAuth2AccessToken enhanceableToken)

      • addCustomerContextIds

        protected void addCustomerContextIds​(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken enhanceableToken,
                                     Collection<String> customerContextIds)