Class CustomerContextTokenEnhancer
java.lang.Object
com.broadleafcommerce.auth.user.session.token.enhancer.AbstractUserTokenEnhancer
com.broadleafcommerce.auth.user.session.token.enhancer.CustomerContextTokenEnhancer
- All Implemented Interfaces:
org.springframework.security.oauth2.provider.token.TokenEnhancer
Enhances tokens with the "customer_context_ids" claim. These are the customer context IDs that
the user is eligible to read from.
This mainly comes into play for UserType.ADMIN
and UserType.CUSTOMER
users. This
allows us to validate that an Admin is able to read a particular customer or customers, and that
a customer can only read data within their specific customer context.
- See Also:
-
Constructor Summary
ConstructorDescriptionCustomerContextTokenEnhancer
(ApplicationService<Application> applicationService) -
Method Summary
Modifier and TypeMethodDescriptionprotected void
addCustomerContextIds
(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken enhanceableToken, Collection<String> customerContextIds) org.springframework.security.oauth2.common.OAuth2AccessToken
enhance
(org.springframework.security.oauth2.common.OAuth2AccessToken accessToken, org.springframework.security.oauth2.provider.OAuth2Authentication authentication) protected ApplicationService<Application>
protected boolean
isAssignedToApplication
(User user) protected void
setCustomerContextIds
(Collection<String> customerContextIds, org.springframework.security.oauth2.common.DefaultOAuth2AccessToken enhanceableToken) Methods inherited from class com.broadleafcommerce.auth.user.session.token.enhancer.AbstractUserTokenEnhancer
getRequestAccountId, getUser, getUserContext, getUserService, isAnonymousCsrImpersonation, setUserContext, setUserService, shouldEnhance
-
Constructor Details
-
CustomerContextTokenEnhancer
-
-
Method Details
-
enhance
public org.springframework.security.oauth2.common.OAuth2AccessToken enhance(org.springframework.security.oauth2.common.OAuth2AccessToken accessToken, org.springframework.security.oauth2.provider.OAuth2Authentication authentication) -
isAssignedToApplication
-
setCustomerContextIds
protected void setCustomerContextIds(Collection<String> customerContextIds, org.springframework.security.oauth2.common.DefaultOAuth2AccessToken enhanceableToken) -
addCustomerContextIds
protected void addCustomerContextIds(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken enhanceableToken, Collection<String> customerContextIds) -
getApplicationService
-