Class PrivilegeSummary

java.lang.Object
com.broadleafcommerce.auth.security.service.PrivilegeSummary

public class PrivilegeSummary extends Object
A data structure used by DefaultOAuth2UserDetailsService and PrivilegeService to hold all the authorities, restrictions, and restricted authorities of a User.
See Also:
  • Constructor Details

  • Method Details

    • getAllAuthorities

      public Set<String> getAllAuthorities()
      All the authorities for the current authentication. This includes authorities from user's flat permissions, flat roles and their ancestors, restricted roles and their ancestors, and restricted permissions. This also includes authorities from server's flat permissions, and flat roles and their ancestors.

      Ultimately, if the authentication was granted an authority anywhere, within restriction(s) or otherwise, it should appear in this set.

    • getRestrictions

      public Map<String,Set<String>> getRestrictions()
      All of the User.getRestrictions() for the current authentication.

      This is a map from restriction types to restriction targets.

      An empty map indicates the user is unrestricted.

    • getRestrictedAuthorities

      public Map<String,Map<String,Set<String>>> getRestrictedAuthorities()
      All of the restricted authorities for the current authentication.

      This is a map from authority name to a map of restriction types to targets in which the authority is granted to the authentication. For example: {READ_PRODUCT: {VENDOR: [vendorA]}}.

      This includes authorities from restricted permissions and restricted roles and their ancestors.

      Additionally, the User.getRestrictions() are combined with "flat permissions" sourced from the following places to also form entries in this map:

    • setAllAuthorities

      public void setAllAuthorities(Set<String> allAuthorities)
      All the authorities for the current authentication. This includes authorities from user's flat permissions, flat roles and their ancestors, restricted roles and their ancestors, and restricted permissions. This also includes authorities from server's flat permissions, and flat roles and their ancestors.

      Ultimately, if the authentication was granted an authority anywhere, within restriction(s) or otherwise, it should appear in this set.

    • setRestrictions

      public void setRestrictions(Map<String,Set<String>> restrictions)
      All of the User.getRestrictions() for the current authentication.

      This is a map from restriction types to restriction targets.

      An empty map indicates the user is unrestricted.

    • setRestrictedAuthorities

      public void setRestrictedAuthorities(Map<String,Map<String,Set<String>>> restrictedAuthorities)
      All of the restricted authorities for the current authentication.

      This is a map from authority name to a map of restriction types to targets in which the authority is granted to the authentication. For example: {READ_PRODUCT: {VENDOR: [vendorA]}}.

      This includes authorities from restricted permissions and restricted roles and their ancestors.

      Additionally, the User.getRestrictions() are combined with "flat permissions" sourced from the following places to also form entries in this map:

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object
    • canEqual

      protected boolean canEqual(Object other)
    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object
    • toString

      public String toString()
      Overrides:
      toString in class Object