Interface SecurityService
- All Known Implementing Classes:
DefaultSecurityService
public interface SecurityService
Service used during the authorization flow to assess the privileges of the current user in order
to filter the requested scopes or retrieve the permissions for an access token.
- Author:
- Nick Crum (ncrum), Cade Rea (cade-rea), Samarth Dhruva (samarthd)
-
Method Summary
Modifier and TypeMethodDescriptionfilterPermissionsRelevantToScopes
(Collection<String> candidatePermissions, Set<String> limitingScopes) Returns a sub-set from the givencandidatePermissions
of the permissions that belong to one of the givenlimitingScopes
.filterToAccessibleScopes
(Set<String> requestedScopes, Set<String> accessiblePermissions) Returns the sub-set of requested scopes are accessible from the given permissions.
-
Method Details
-
filterToAccessibleScopes
Set<String> filterToAccessibleScopes(Set<String> requestedScopes, Set<String> accessiblePermissions) Returns the sub-set of requested scopes are accessible from the given permissions.Ensure that the requested scopes are accessible from the given permissions. If none of the requested scopes are accessible, this will return an empty set.
- Parameters:
requestedScopes
- The set of requested scopes.accessiblePermissions
- The set of BLC permissions that a user or client can access. Typically, these come from the authorities on the session token.- Returns:
- The sub-set of the requested scopes that are accessible from the given permissions.
-
filterPermissionsRelevantToScopes
Set<String> filterPermissionsRelevantToScopes(@Nullable Collection<String> candidatePermissions, Set<String> limitingScopes) Returns a sub-set from the givencandidatePermissions
of the permissions that belong to one of the givenlimitingScopes
. This is useful for narrowing down granted authorities to those relevant for requested scopes.- Parameters:
candidatePermissions
- The permissions to filter from. This is just a collection of Broadleaf permission values.limitingScopes
- The specific scopes to filter the results to.- Returns:
- The permissions which are relevant for the given scopes, or an empty (never-null) set.
-