Class DefaultImpersonationRequestValidator
java.lang.Object
com.broadleafcommerce.auth.user.endpoint.DefaultImpersonationRequestValidator
- All Implemented Interfaces:
ImpersonationRequestValidator
public class DefaultImpersonationRequestValidator
extends Object
implements ImpersonationRequestValidator
Default implementation of
ImpersonationRequestValidator
that validates that the CSR has
authority to impersonate, the impersonated target exists, and that the impersonated target has
chosen to allow impersonation.- Author:
- Nick Crum (ncrum)
-
Field Summary
-
Constructor Summary
ConstructorDescriptionDefaultImpersonationRequestValidator
(UserService<User> userService, AuthorizedClientService<AuthorizedClient> authorizedClientService, AuthorizationServerService<AuthorizationServer> authorizationServerService, ClientRedirectService clientRedirectService) -
Method Summary
Modifier and TypeMethodDescriptionprotected AuthorizedClient
getCsrClient
(String clientId) protected User
getCsrUser
(String userId) protected AuthorizedClient
getImpersonatedClient
(OAuth2UserDetails impersonatedUser) protected AuthorizedClient
getImpersonatedClient
(String clientId) protected boolean
isNotAuthorizedForApplication
(User user, String applicationId) protected boolean
isNotSameTenant
(AuthorizedClient impersonatedClient, AuthorizedClient csrClient) void
validateAnonymousImpersonation
(ImpersonationRequest impersonationRequest, String impersonatedClientId, String csrUserId) Validates that the CSR can impersonate an anonymous user in the client.protected void
validateClientImpersonation
(ImpersonationRequest impersonationRequest, AuthorizedClient impersonatedClient, String csrUserId) void
validateImpersonationRequest
(ImpersonationRequest impersonationRequest, String authorizationUri, org.springframework.security.core.Authentication authentication) Validate that an impersonation request is valid.void
validateImpersonationRequestToken
(ImpersonationRequestToken impersonationRequestToken) Validate that an impersonation request token is valid.void
validateUserImpersonation
(ImpersonationRequest impersonationRequest, OAuth2UserDetails impersonatedUser, String csrUserId) Validates that the user requested to be impersonated is able to be impersonated.
-
Field Details
-
NO_USER
- See Also:
-
DISABLED_USER
- See Also:
-
EXPIRED_USER
- See Also:
-
LOCKED_USER
- See Also:
-
IMPERSONATION_DISABLED
- See Also:
-
NON_APP_CLIENT
- See Also:
-
INVALID_CLIENT
- See Also:
-
NON_ADMIN_CLIENT
- See Also:
-
TENANT_MISMATCH
- See Also:
-
NOT_AUTHORIZED_FOR_APP
- See Also:
-
REQUEST_FIELD_BLANK
- See Also:
-
TOKEN_FIELD_BLANK
- See Also:
-
-
Constructor Details
-
DefaultImpersonationRequestValidator
public DefaultImpersonationRequestValidator(UserService<User> userService, AuthorizedClientService<AuthorizedClient> authorizedClientService, AuthorizationServerService<AuthorizationServer> authorizationServerService, ClientRedirectService clientRedirectService)
-
-
Method Details
-
validateUserImpersonation
public void validateUserImpersonation(ImpersonationRequest impersonationRequest, OAuth2UserDetails impersonatedUser, String csrUserId) Description copied from interface:ImpersonationRequestValidator
Validates that the user requested to be impersonated is able to be impersonated. Validation includes various properties of a user, such as expired, locked, impersonation disabled, etc.- Specified by:
validateUserImpersonation
in interfaceImpersonationRequestValidator
- Parameters:
impersonationRequest
- The impersonation request.impersonatedUser
- The user to be impersonated.csrUserId
- The user ID of the user initiating the impersonation request.
-
validateAnonymousImpersonation
public void validateAnonymousImpersonation(ImpersonationRequest impersonationRequest, String impersonatedClientId, String csrUserId) Description copied from interface:ImpersonationRequestValidator
Validates that the CSR can impersonate an anonymous user in the client. Validation includes the access of the CSR to the requested client.- Specified by:
validateAnonymousImpersonation
in interfaceImpersonationRequestValidator
- Parameters:
impersonationRequest
- The impersonation request.impersonatedClientId
- The ID of client to impersonate incsrUserId
- The user ID of the user initiating the impersonation request.
-
validateImpersonationRequest
public void validateImpersonationRequest(ImpersonationRequest impersonationRequest, String authorizationUri, org.springframework.security.core.Authentication authentication) Description copied from interface:ImpersonationRequestValidator
Validate that an impersonation request is valid.- Specified by:
validateImpersonationRequest
in interfaceImpersonationRequestValidator
- Parameters:
impersonationRequest
- This impersonation request.authorizationUri
- The uri requestedauthentication
- The current Spring Security authentication
-
validateImpersonationRequestToken
Description copied from interface:ImpersonationRequestValidator
Validate that an impersonation request token is valid.- Specified by:
validateImpersonationRequestToken
in interfaceImpersonationRequestValidator
- Parameters:
impersonationRequestToken
- This impersonation request token.
-
validateClientImpersonation
protected void validateClientImpersonation(ImpersonationRequest impersonationRequest, AuthorizedClient impersonatedClient, String csrUserId) -
getCsrUser
-
getImpersonatedClient
-
getImpersonatedClient
-
getCsrClient
-
isNotSameTenant
-
isNotAuthorizedForApplication
-