Interface SecurityService

All Known Implementing Classes:
DefaultSecurityService

public interface SecurityService
Service used during the authorization flow to assess the privileges of the current user in order to filter the requested scopes or retrieve the permissions for an access token.
Author:
Nick Crum (ncrum), Cade Rea (cade-rea), Samarth Dhruva (samarthd)
  • Method Details

    • filterToAccessibleScopes

      Set<String> filterToAccessibleScopes(Set<String> requestedScopes, Set<String> accessiblePermissions)
      Returns the sub-set of requested scopes are accessible from the given permissions.

      Ensure that the requested scopes are accessible from the given permissions. If none of the requested scopes are accessible, this will return an empty set.

      Parameters:
      requestedScopes - The set of requested scopes.
      accessiblePermissions - The set of BLC permissions that a user or client can access. Typically, these come from the authorities on the session token.
      Returns:
      The sub-set of the requested scopes that are accessible from the given permissions.
    • filterPermissionsRelevantToScopes

      Set<String> filterPermissionsRelevantToScopes(@Nullable Collection<String> candidatePermissions, Set<String> limitingScopes)
      Returns a sub-set from the given candidatePermissions of the permissions that belong to one of the given limitingScopes. This is useful for narrowing down granted authorities to those relevant for requested scopes.
      Parameters:
      candidatePermissions - The permissions to filter from. This is just a collection of Broadleaf permission values.
      limitingScopes - The specific scopes to filter the results to.
      Returns:
      The permissions which are relevant for the given scopes, or an empty (never-null) set.