Class ClientPermissionsAccessTokenEnhancer
java.lang.Object
com.broadleafcommerce.auth.user.session.token.enhancer.ClientPermissionsAccessTokenEnhancer
- All Implemented Interfaces:
JwtAccessTokenEnhancer
,org.springframework.core.Ordered
This
JwtAccessTokenEnhancer
determines the set of all permissions available to a
client-only principal specified in the given JwtTokenEnhancerContext
. This set of
permissions is added to JwtTokenEnhancerContext.getAdditionalContext()
. Note, this
enhancer does not actually add any claims to the token context.- Author:
- Cade Rea (cade-rea), Samarth Dhruva (samarthd)
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
-
Field Summary
Fields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
-
Constructor Summary
ConstructorDescriptionClientPermissionsAccessTokenEnhancer
(PrivilegeService privilegeService, TokenEnhancerUtility tokenEnhancerUtility, TokenProperties tokenProperties, AuthorizedClientService<AuthorizedClient> authorizedClientService) -
Method Summary
Modifier and TypeMethodDescriptionvoid
enhance
(JwtTokenEnhancerContext context) Evaluate the authentication and add claims as necessary.expandPermissionsWithAllPrefix
(Collection<String> nonExpandedPermissions) This method expands any permission prefixed byPermissionType.ALL
into variousPermissionType
such asPermissionType.READ
orPermissionType.CREATE
.protected AuthorizedClientService<AuthorizedClient>
int
getOrder()
protected PrivilegeService
protected TokenEnhancerUtility
protected TokenProperties
protected boolean
protected Optional<AuthorizedClient>
readMatchingAuthorizedClient
(org.springframework.security.oauth2.server.authorization.client.RegisteredClient registeredClient) Read theAuthorizedClient
for the givenRegisteredClient
by client_id.
-
Field Details
-
CLIENT_AUTHORITIES
- See Also:
-
-
Constructor Details
-
ClientPermissionsAccessTokenEnhancer
public ClientPermissionsAccessTokenEnhancer(PrivilegeService privilegeService, TokenEnhancerUtility tokenEnhancerUtility, TokenProperties tokenProperties, AuthorizedClientService<AuthorizedClient> authorizedClientService)
-
-
Method Details
-
enhance
Description copied from interface:JwtAccessTokenEnhancer
Evaluate the authentication and add claims as necessary. AJwtTokenEnhancerContext
contains User and client authentication tokens, authorization tokens, and access token claims.- Specified by:
enhance
in interfaceJwtAccessTokenEnhancer
- Parameters:
context
- TheJwtTokenEnhancerContext
to evaluate.
-
readMatchingAuthorizedClient
protected Optional<AuthorizedClient> readMatchingAuthorizedClient(@Nullable org.springframework.security.oauth2.server.authorization.client.RegisteredClient registeredClient) Read theAuthorizedClient
for the givenRegisteredClient
by client_id.- Parameters:
registeredClient
- TheRegisteredClient
whoseAuthorizedClient
should be retrieved.- Returns:
- Optional with the
AuthorizedClient
that corresponds to the givenRegisteredClient
.
-
expandPermissionsWithAllPrefix
This method expands any permission prefixed byPermissionType.ALL
into variousPermissionType
such asPermissionType.READ
orPermissionType.CREATE
. The full set can be found inPermissionUtils.expandAllPermission(String)
.Whether expansion is actually performed is gated on
isExplodePermissions()
.- Parameters:
nonExpandedPermissions
- the initial set of permissions, potentially containing non-expandedPermissionType.ALL
permissions- Returns:
- the input permissions (including any original
PermissionType.ALL
-prefixed permissions), with additional permissions coming from expandedPermissionType.ALL
values as applicable
-
isExplodePermissions
protected boolean isExplodePermissions() -
getOrder
public int getOrder()- Specified by:
getOrder
in interfaceJwtAccessTokenEnhancer
- Specified by:
getOrder
in interfaceorg.springframework.core.Ordered
-
getPrivilegeService
-
getTokenEnhancerUtility
-
getTokenProperties
-
getAuthorizedClientService
-