Class DefaultSecurityService
java.lang.Object
com.broadleafcommerce.auth.security.service.DefaultSecurityService
- All Implemented Interfaces:
SecurityService
Methods for filtering scopes and permissions from what is accessible to what is requested or
relevant.
- Author:
- Nick Crum (ncrum), Cade Rea (cade-rea)
-
Constructor Summary
ConstructorDescriptionDefaultSecurityService
(PermissionRepository permissionRepository, ScopeRepository scopeRepository) -
Method Summary
Modifier and TypeMethodDescriptionfilterPermissionsRelevantToScopes
(Collection<String> candidatePermissions, Set<String> limitingScopes) Returns a sub-set from the givencandidatePermissions
of the permissions that belong to one of the givenlimitingScopes
.filterRelevantPermissions
(Collection<String> candidatePermissions, Set<String> permissionsForScopes) filterScopesByPermissions
(Set<String> requestedScopes, Set<String> rootsFromPermissions) filterToAccessibleScopes
(Set<String> requestedScopes, Set<String> accessiblePermissions) Returns the sub-set of requested scopes are accessible from the given permissions.findAllPermissionsForScopes
(Set<String> scopes) findOpenRequestedScopes
(Set<String> requestedScopes) protected PermissionRepository
getRootsFromPermissions
(Set<String> collect) protected ScopeRepository
protected String
permissionToRoot
(String permission)
-
Constructor Details
-
DefaultSecurityService
public DefaultSecurityService(PermissionRepository permissionRepository, ScopeRepository scopeRepository)
-
-
Method Details
-
filterToAccessibleScopes
public Set<String> filterToAccessibleScopes(Set<String> requestedScopes, Set<String> accessiblePermissions) Description copied from interface:SecurityService
Returns the sub-set of requested scopes are accessible from the given permissions.Ensure that the requested scopes are accessible from the given permissions. If none of the requested scopes are accessible, this will return an empty set.
- Specified by:
filterToAccessibleScopes
in interfaceSecurityService
- Parameters:
requestedScopes
- The set of requested scopes.accessiblePermissions
- The set of BLC permissions that a user or client can access. Typically, these come from the authorities on the session token.- Returns:
- The sub-set of the requested scopes that are accessible from the given permissions.
-
filterPermissionsRelevantToScopes
public Set<String> filterPermissionsRelevantToScopes(@Nullable Collection<String> candidatePermissions, Set<String> limitingScopes) Description copied from interface:SecurityService
Returns a sub-set from the givencandidatePermissions
of the permissions that belong to one of the givenlimitingScopes
. This is useful for narrowing down granted authorities to those relevant for requested scopes.- Specified by:
filterPermissionsRelevantToScopes
in interfaceSecurityService
- Parameters:
candidatePermissions
- The permissions to filter from. This is just a collection of Broadleaf permission values.limitingScopes
- The specific scopes to filter the results to.- Returns:
- The permissions which are relevant for the given scopes, or an empty (never-null) set.
-
findOpenRequestedScopes
-
getRootsFromPermissions
-
filterScopesByPermissions
-
findAllPermissionsForScopes
-
filterRelevantPermissions
-
permissionToRoot
-
getPermissionRepository
-
getScopeRepository
-