Class DefaultImpersonationRequestValidator
java.lang.Object
com.broadleafcommerce.auth.user.endpoint.DefaultImpersonationRequestValidator
- All Implemented Interfaces:
ImpersonationRequestValidator
public class DefaultImpersonationRequestValidator
extends Object
implements ImpersonationRequestValidator
Default implementation of
ImpersonationRequestValidator that validates that the CSR has
authority to impersonate, the impersonated target exists, and that the impersonated target has
chosen to allow impersonation.- Author:
- Nick Crum (ncrum)
-
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionDefaultImpersonationRequestValidator(UserService<User> userService, AuthorizedClientService<AuthorizedClient> authorizedClientService, AuthorizationServerService<AuthorizationServer> authorizationServerService, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver) -
Method Summary
Modifier and TypeMethodDescriptionprotected AuthorizedClientgetCsrClient(String clientId) protected UsergetCsrUser(String userId) protected AuthorizedClientgetImpersonatedClient(OAuth2UserDetails impersonatedUser) protected AuthorizedClientgetImpersonatedClient(String clientId) protected booleanisNotAuthorizedForApplication(User user, String applicationId) protected booleanisNotSameTenant(AuthorizedClient impersonatedClient, AuthorizedClient csrClient) voidvalidateAnonymousImpersonation(ImpersonationRequest impersonationRequest, String impersonatedClientId, String csrUserId) Validates that the CSR can impersonate an anonymous user in the client.protected voidvalidateClientImpersonation(ImpersonationRequest impersonationRequest, AuthorizedClient impersonatedClient, String csrUserId) voidvalidateImpersonationRequest(ImpersonationRequest impersonationRequest) Validate that an impersonation request is valid.voidvalidateImpersonationRequestToken(ImpersonationRequestToken impersonationRequestToken) Validate that an impersonation request token is valid.voidvalidateUserImpersonation(ImpersonationRequest impersonationRequest, OAuth2UserDetails impersonatedUser, String csrUserId) Validates that the user requested to be impersonated is able to be impersonated.
-
Field Details
-
NO_USER
- See Also:
-
DISABLED_USER
- See Also:
-
EXPIRED_USER
- See Also:
-
LOCKED_USER
- See Also:
-
IMPERSONATION_DISABLED
- See Also:
-
NON_APP_CLIENT
- See Also:
-
NON_ADMIN_CLIENT
- See Also:
-
TENANT_MISMATCH
- See Also:
-
NOT_AUTHORIZED_FOR_APP
- See Also:
-
REQUEST_FIELD_BLANK
- See Also:
-
TOKEN_FIELD_BLANK
- See Also:
-
-
Constructor Details
-
DefaultImpersonationRequestValidator
public DefaultImpersonationRequestValidator(UserService<User> userService, AuthorizedClientService<AuthorizedClient> authorizedClientService, AuthorizationServerService<AuthorizationServer> authorizationServerService, org.springframework.security.oauth2.provider.ClientDetailsService clientDetailsService, org.springframework.security.oauth2.provider.endpoint.RedirectResolver redirectResolver)
-
-
Method Details
-
validateUserImpersonation
public void validateUserImpersonation(ImpersonationRequest impersonationRequest, OAuth2UserDetails impersonatedUser, String csrUserId) Description copied from interface:ImpersonationRequestValidatorValidates that the user requested to be impersonated is able to be impersonated. Validation includes various properties of a user, such as expired, locked, impersonation disabled, etc.- Specified by:
validateUserImpersonationin interfaceImpersonationRequestValidator- Parameters:
impersonationRequest- The impersonation request.impersonatedUser- The user to be impersonated.csrUserId- The user ID of the user initiating the impersonation request.
-
validateAnonymousImpersonation
public void validateAnonymousImpersonation(ImpersonationRequest impersonationRequest, String impersonatedClientId, String csrUserId) Description copied from interface:ImpersonationRequestValidatorValidates that the CSR can impersonate an anonymous user in the client. Validation includes the access of the CSR to the requested client.- Specified by:
validateAnonymousImpersonationin interfaceImpersonationRequestValidator- Parameters:
impersonationRequest- The impersonation request.impersonatedClientId- The ID of client to impersonate incsrUserId- The user ID of the user initiating the impersonation request.
-
validateImpersonationRequest
Description copied from interface:ImpersonationRequestValidatorValidate that an impersonation request is valid.- Specified by:
validateImpersonationRequestin interfaceImpersonationRequestValidator- Parameters:
impersonationRequest- This impersonation request.
-
validateImpersonationRequestToken
Description copied from interface:ImpersonationRequestValidatorValidate that an impersonation request token is valid.- Specified by:
validateImpersonationRequestTokenin interfaceImpersonationRequestValidator- Parameters:
impersonationRequestToken- This impersonation request token.
-
validateClientImpersonation
protected void validateClientImpersonation(ImpersonationRequest impersonationRequest, AuthorizedClient impersonatedClient, String csrUserId) -
getCsrUser
-
getImpersonatedClient
-
getImpersonatedClient
-
getCsrClient
-
isNotSameTenant
-
isNotAuthorizedForApplication
-