Class DefaultSecurityService

java.lang.Object
com.broadleafcommerce.auth.security.service.DefaultSecurityService
All Implemented Interfaces:
SecurityService

public class DefaultSecurityService extends Object implements SecurityService
Methods for filtering scopes and permissions from what is accessible to what is requested or relevant.
Author:
Nick Crum (ncrum), Cade Rea (cade-rea)
  • Constructor Details

  • Method Details

    • filterToAccessibleScopes

      public Set<String> filterToAccessibleScopes(Set<String> requestedScopes, Set<String> accessiblePermissions)
      Description copied from interface: SecurityService
      Returns the sub-set of requested scopes are accessible from the given permissions.

      Ensure that the requested scopes are accessible from the given permissions. If none of the requested scopes are accessible, this will return an empty set.

      Specified by:
      filterToAccessibleScopes in interface SecurityService
      Parameters:
      requestedScopes - The set of requested scopes.
      accessiblePermissions - The set of BLC permissions that a user or client can access. Typically, these come from the authorities on the session token.
      Returns:
      The sub-set of the requested scopes that are accessible from the given permissions.
    • filterPermissionsRelevantToScopes

      public Set<String> filterPermissionsRelevantToScopes(@Nullable Collection<String> candidatePermissions, Set<String> limitingScopes)
      Description copied from interface: SecurityService
      Returns a sub-set from the given candidatePermissions of the permissions that belong to one of the given limitingScopes. This is useful for narrowing down granted authorities to those relevant for requested scopes.
      Specified by:
      filterPermissionsRelevantToScopes in interface SecurityService
      Parameters:
      candidatePermissions - The permissions to filter from. This is just a collection of Broadleaf permission values.
      limitingScopes - The specific scopes to filter the results to.
      Returns:
      The permissions which are relevant for the given scopes, or an empty (never-null) set.
    • findOpenRequestedScopes

      protected Stream<String> findOpenRequestedScopes(Set<String> requestedScopes)
    • getRootsFromPermissions

      protected Set<String> getRootsFromPermissions(Set<String> collect)
    • filterScopesByPermissions

      protected Stream<String> filterScopesByPermissions(Set<String> requestedScopes, Set<String> rootsFromPermissions)
    • findAllPermissionsForScopes

      protected Set<String> findAllPermissionsForScopes(Set<String> scopes)
    • filterRelevantPermissions

      protected Set<String> filterRelevantPermissions(Collection<String> candidatePermissions, Set<String> permissionsForScopes)
    • permissionToRoot

      protected String permissionToRoot(String permission)
    • getPermissionRepository

      protected PermissionRepository getPermissionRepository()
    • getScopeRepository

      protected ScopeRepository getScopeRepository()