Class DefaultSecurityService
java.lang.Object
com.broadleafcommerce.auth.security.service.DefaultSecurityService
- All Implemented Interfaces:
SecurityService
Default implementation of the security service that utilizes the security context and various
repositories in order to assess the user's privileges.
- Author:
- Nick Crum (ncrum)
-
Constructor Summary
ConstructorDescriptionDefaultSecurityService
(PermissionRepository permissionRepository, ScopeRepository scopeRepository) -
Method Summary
Modifier and TypeMethodDescriptioncheckScopes
(Set<String> requestedScopes) Returns the sub-set of requested scopes that the user is permitted to access.extractPermissions
(Set<String> scopes) Returns the set of permissions the user has for the given scopes.void
setSecurityContextAccessor
(org.springframework.security.oauth2.provider.SecurityContextAccessor securityContextAccessor)
-
Constructor Details
-
DefaultSecurityService
public DefaultSecurityService(PermissionRepository permissionRepository, ScopeRepository scopeRepository)
-
-
Method Details
-
checkScopes
Description copied from interface:SecurityService
Returns the sub-set of requested scopes that the user is permitted to access. This method is used within theSecurityServiceOAuth2RequestFactory
to check that the requested scopes are accessible for the current user. If none of the requested scopes are accessible, this will return an empty set.- Specified by:
checkScopes
in interfaceSecurityService
- Parameters:
requestedScopes
- the set of requested scopes- Returns:
- a sub-set of the requested scopes
-
extractPermissions
Description copied from interface:SecurityService
Returns the set of permissions the user has for the given scopes. This method is used within theSecurityServiceAccessTokenConverter
to extract the set of permissions the user has for the requested scopes.- Specified by:
extractPermissions
in interfaceSecurityService
- Parameters:
scopes
- the scopes- Returns:
- a set of permissions
-
setSecurityContextAccessor
public void setSecurityContextAccessor(org.springframework.security.oauth2.provider.SecurityContextAccessor securityContextAccessor)
-