Class ClientRestrictionAccessTokenEnhancer
java.lang.Object
com.broadleafcommerce.auth.user.session.token.enhancer.ClientRestrictionAccessTokenEnhancer
- All Implemented Interfaces:
JwtAccessTokenEnhancer
,org.springframework.core.Ordered
Provides claims "restrictions" and "restricted_authorities".
-
Field Summary
Fields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
-
Constructor Summary
ConstructorDescriptionClientRestrictionAccessTokenEnhancer
(AuthorizationServerService<AuthorizationServer> authorizationServerService, AuthorizedClientService<AuthorizedClient> authorizedClientService, TokenEnhancerUtility tokenEnhancerUtility, SecurityService securityService) -
Method Summary
Modifier and TypeMethodDescriptionprotected void
addTenantClaims
(AuthorizedClient client, JwtTokenEnhancerContext context) protected void
addVendorRestrictionClaims
(Set<String> vendorTargets, JwtTokenEnhancerContext context) convertValueToSet
(Object vendorTargetsAttribute) void
enhance
(JwtTokenEnhancerContext context) Evaluate the authentication and add claims as necessary.protected AuthorizationServerService<AuthorizationServer>
protected AuthorizedClientService<AuthorizedClient>
protected Collection<String>
getRestrictedAuthoritiesInScopes
(Set<String> authorizedScopes, Collection<String> authorities, Map<String, Set<String>> restrictionTargetsByType) Filter the restricted authorities that are in the authorized scopes.protected SecurityService
protected TokenEnhancerUtility
protected boolean
shouldEnhance
(JwtTokenEnhancerContext context) Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface com.broadleafcommerce.auth.user.session.token.enhancer.JwtAccessTokenEnhancer
getOrder
-
Constructor Details
-
ClientRestrictionAccessTokenEnhancer
public ClientRestrictionAccessTokenEnhancer(AuthorizationServerService<AuthorizationServer> authorizationServerService, AuthorizedClientService<AuthorizedClient> authorizedClientService, TokenEnhancerUtility tokenEnhancerUtility, SecurityService securityService)
-
-
Method Details
-
enhance
Description copied from interface:JwtAccessTokenEnhancer
Evaluate the authentication and add claims as necessary. AJwtTokenEnhancerContext
contains User and client authentication tokens, authorization tokens, and access token claims.- Specified by:
enhance
in interfaceJwtAccessTokenEnhancer
- Parameters:
context
- TheJwtTokenEnhancerContext
to evaluate.
-
addVendorRestrictionClaims
protected void addVendorRestrictionClaims(Set<String> vendorTargets, JwtTokenEnhancerContext context) -
addTenantClaims
-
getGrantedAuthorities
-
shouldEnhance
-
convertValueToSet
-
getRestrictedAuthoritiesInScopes
protected Map<String,Map<String, getRestrictedAuthoritiesInScopesSet<String>>> (Set<String> authorizedScopes, Collection<String> authorities, Map<String, Set<String>> restrictionTargetsByType) Filter the restricted authorities that are in the authorized scopes. Create map entry for each of the relevant permissions with the given restriction targets.Since
AuthorizedClient
does not have anyRestrictedPermission
orRestrictedRole
, the restricted_authorities claim is essentially all the authorities in scope mapped with its restrictions.Example: READ_PRODUCT:VENDOR:[vendor, vendor2]
- Parameters:
authorizedScopes
- The requested scopes that have been authorized.authorities
- The Set of all possible authorities (permissions) this client could potentially be granted.restrictionTargetsByType
- The restrictions to map with the given authorities- Returns:
- a map of restricted authorities in the requested scopes
-
getAuthorizationServerService
-
getAuthorizedClientService
-
getTokenEnhancerUtility
-
getSecurityService
-