Package com.broadleafcommerce.auth.user.session.token.enhancer

Class ClientPermissionsAccessTokenEnhancer

java.lang.Object

com.broadleafcommerce.auth.user.session.token.enhancer.ClientPermissionsAccessTokenEnhancer

All Implemented Interfaces:

JwtAccessTokenEnhancer, org.springframework.core.Ordered

public class ClientPermissionsAccessTokenEnhancer
extends Object
implements JwtAccessTokenEnhancer

This JwtAccessTokenEnhancer determines the set of all permissions available to a client-only principal specified in the given JwtTokenEnhancerContext. This set of permissions is added to JwtTokenEnhancerContext.getAdditionalContext(). Note, this enhancer does not actually add any claims to the token context.

Author:

Cade Rea (cade-rea), Samarth Dhruva (samarthd)

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	ClientPermissionsAccessTokenEnhancer.AvailablePermissions

Field Summary

Fields

Modifier and Type	Field	Description
static final String	CLIENT_AUTHORITIES

Fields inherited from interface org.springframework.core.Ordered

HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

Constructor Summary

Constructors

Constructor	Description
ClientPermissionsAccessTokenEnhancer(PrivilegeService privilegeService, TokenEnhancerUtility tokenEnhancerUtility, TokenProperties tokenProperties, AuthorizedClientService<AuthorizedClient> authorizedClientService)

Method Summary

Modifier and Type	Method	Description
void	enhance(JwtTokenEnhancerContext context)	Evaluate the authentication and add claims as necessary.
protected Set<String>	expandPermissionsWithAllPrefix(Collection<String> nonExpandedPermissions)	This method expands any permission prefixed by PermissionType.ALL into various PermissionType such as PermissionType.READ or PermissionType.CREATE.
protected AuthorizedClientService<AuthorizedClient>	getAuthorizedClientService()
int	getOrder()
protected PrivilegeService	getPrivilegeService()
protected TokenEnhancerUtility	getTokenEnhancerUtility()
protected TokenProperties	getTokenProperties()
protected boolean	isExplodePermissions()
protected Optional<AuthorizedClient>	readMatchingAuthorizedClient(org.springframework.security.oauth2.server.authorization.client.RegisteredClient registeredClient)	Read the AuthorizedClient for the given RegisteredClient by client_id.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

CLIENT_AUTHORITIES

public static final String CLIENT_AUTHORITIES

See Also:

• Constant Field Values

Constructor Details

ClientPermissionsAccessTokenEnhancer

public ClientPermissionsAccessTokenEnhancer(PrivilegeService privilegeService,
 TokenEnhancerUtility tokenEnhancerUtility,
 TokenProperties tokenProperties,
 AuthorizedClientService<AuthorizedClient> authorizedClientService)

Method Details

enhance

public void enhance(JwtTokenEnhancerContext context)

Description copied from interface: JwtAccessTokenEnhancer

Evaluate the authentication and add claims as necessary. A JwtTokenEnhancerContext contains User and client authentication tokens, authorization tokens, and access token claims.

Specified by:

enhance in interface JwtAccessTokenEnhancer

Parameters:

context - The JwtTokenEnhancerContext to evaluate.

readMatchingAuthorizedClient

protected Optional<AuthorizedClient> readMatchingAuthorizedClient(@Nullable
 org.springframework.security.oauth2.server.authorization.client.RegisteredClient registeredClient)

Read the AuthorizedClient for the given RegisteredClient by client_id.

Parameters:

registeredClient - The RegisteredClient whose AuthorizedClient should be retrieved.

Returns:

Optional with the AuthorizedClient that corresponds to the given RegisteredClient.

expandPermissionsWithAllPrefix

protected Set<String> expandPermissionsWithAllPrefix(Collection<String> nonExpandedPermissions)

This method expands any permission prefixed by PermissionType.ALL into various PermissionType such as PermissionType.READ or PermissionType.CREATE. The full set can be found in PermissionUtils.expandAllPermission(String).

Whether expansion is actually performed is gated on isExplodePermissions().

Parameters:

nonExpandedPermissions - the initial set of permissions, potentially containing non-expanded PermissionType.ALL permissions

Returns:

the input permissions (including any original PermissionType.ALL-prefixed permissions), with additional permissions coming from expanded PermissionType.ALL values as applicable

isExplodePermissions

protected boolean isExplodePermissions()

getOrder

public int getOrder()

Specified by:

getOrder in interface JwtAccessTokenEnhancer

Specified by:

getOrder in interface org.springframework.core.Ordered

getPrivilegeService

protected PrivilegeService getPrivilegeService()

getTokenEnhancerUtility

protected TokenEnhancerUtility getTokenEnhancerUtility()

getTokenProperties

protected TokenProperties getTokenProperties()

getAuthorizedClientService

protected AuthorizedClientService<AuthorizedClient> getAuthorizedClientService()