com.broadleafcommerce.auth.user.session.token.enhancer.AbstractUserTokenEnhancer

com.broadleafcommerce.auth.user.session.token.enhancer.CustomerContextTokenEnhancer

All Implemented Interfaces:: org.springframework.security.oauth2.provider.token.TokenEnhancer

public class CustomerContextTokenEnhancer extends AbstractUserTokenEnhancer

Enhances tokens with the "customer_context_ids" claim. These are the customer context IDs that the user is eligible to read from.

This mainly comes into play for UserType.ADMIN and UserType.CUSTOMER users. This allows us to validate that an Admin is able to read a particular customer or customers, and that a customer can only read data within their specific customer context.

See Also:

Application.getCustomerContextId()

Constructor Summary

Constructors

Constructor

Description

CustomerContextTokenEnhancer(ApplicationService<Application> applicationService)
Method Summary

Modifier and Type

Method

Description

protected void

addCustomerContextIds(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken enhanceableToken, Collection<String> customerContextIds)

org.springframework.security.oauth2.common.OAuth2AccessToken

enhance(org.springframework.security.oauth2.common.OAuth2AccessToken accessToken, org.springframework.security.oauth2.provider.OAuth2Authentication authentication)

protected ApplicationService<Application>

getApplicationService()

protected boolean

isAssignedToApplication(User user)

protected void

setCustomerContextIds(Collection<String> customerContextIds, org.springframework.security.oauth2.common.DefaultOAuth2AccessToken enhanceableToken)

Methods inherited from class com.broadleafcommerce.auth.user.session.token.enhancer.AbstractUserTokenEnhancer
getRequestAccountId, getUser, getUserContext, getUserService, isAnonymousCsrImpersonation, setUserContext, setUserService, shouldEnhance

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- CustomerContextTokenEnhancer
  
  public CustomerContextTokenEnhancer(ApplicationService<Application> applicationService)
Method Details
- enhance
  
  public org.springframework.security.oauth2.common.OAuth2AccessToken enhance(org.springframework.security.oauth2.common.OAuth2AccessToken accessToken, org.springframework.security.oauth2.provider.OAuth2Authentication authentication)
- isAssignedToApplication
  
  protected boolean isAssignedToApplication(User user)
- setCustomerContextIds
  
  protected void setCustomerContextIds(Collection<String> customerContextIds, org.springframework.security.oauth2.common.DefaultOAuth2AccessToken enhanceableToken)
- addCustomerContextIds
  
  protected void addCustomerContextIds(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken enhanceableToken, Collection<String> customerContextIds)
- getApplicationService
  
  protected ApplicationService<Application> getApplicationService()

Class CustomerContextTokenEnhancer

Constructor Summary

Method Summary

Methods inherited from class com.broadleafcommerce.auth.user.session.token.enhancer.AbstractUserTokenEnhancer

Methods inherited from class java.lang.Object

Constructor Details

CustomerContextTokenEnhancer

Method Details

enhance

isAssignedToApplication

setCustomerContextIds

addCustomerContextIds

getApplicationService