Class ClientRestrictionAccessTokenEnhancer
java.lang.Object
com.broadleafcommerce.auth.user.session.token.enhancer.ClientRestrictionAccessTokenEnhancer
- All Implemented Interfaces:
JwtAccessTokenEnhancer,org.springframework.core.Ordered
Provides claims "restrictions" and "restricted_authorities".
-
Field Summary
Fields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE -
Constructor Summary
ConstructorsConstructorDescriptionClientRestrictionAccessTokenEnhancer(AuthorizationServerService<AuthorizationServer> authorizationServerService, AuthorizedClientService<AuthorizedClient> authorizedClientService, TokenEnhancerUtility tokenEnhancerUtility, SecurityService securityService) -
Method Summary
Modifier and TypeMethodDescriptionprotected voidaddTenantClaims(AuthorizedClient client, JwtTokenEnhancerContext context) protected voidaddVendorRestrictionClaims(Set<String> vendorTargets, JwtTokenEnhancerContext context) convertValueToSet(Object vendorTargetsAttribute) voidenhance(JwtTokenEnhancerContext context) Evaluate the authentication and add claims as necessary.protected AuthorizationServerService<AuthorizationServer>protected AuthorizedClientService<AuthorizedClient>protected Collection<String>getRestrictedAuthoritiesInScopes(Set<String> authorizedScopes, Collection<String> authorities, Map<String, Set<String>> restrictionTargetsByType) Filter the restricted authorities that are in the authorized scopes.protected SecurityServiceprotected TokenEnhancerUtilityprotected booleanshouldEnhance(JwtTokenEnhancerContext context) Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface com.broadleafcommerce.auth.user.session.token.enhancer.JwtAccessTokenEnhancer
getOrder
-
Constructor Details
-
ClientRestrictionAccessTokenEnhancer
public ClientRestrictionAccessTokenEnhancer(AuthorizationServerService<AuthorizationServer> authorizationServerService, AuthorizedClientService<AuthorizedClient> authorizedClientService, TokenEnhancerUtility tokenEnhancerUtility, SecurityService securityService)
-
-
Method Details
-
enhance
Description copied from interface:JwtAccessTokenEnhancerEvaluate the authentication and add claims as necessary. AJwtTokenEnhancerContextcontains User and client authentication tokens, authorization tokens, and access token claims.- Specified by:
enhancein interfaceJwtAccessTokenEnhancer- Parameters:
context- TheJwtTokenEnhancerContextto evaluate.
-
addVendorRestrictionClaims
protected void addVendorRestrictionClaims(Set<String> vendorTargets, JwtTokenEnhancerContext context) -
addTenantClaims
-
getGrantedAuthorities
-
shouldEnhance
-
convertValueToSet
-
getRestrictedAuthoritiesInScopes
protected Map<String,Map<String, getRestrictedAuthoritiesInScopesSet<String>>> (Set<String> authorizedScopes, Collection<String> authorities, Map<String, Set<String>> restrictionTargetsByType) Filter the restricted authorities that are in the authorized scopes. Create map entry for each of the relevant permissions with the given restriction targets.Since
AuthorizedClientdoes not have anyRestrictedPermissionorRestrictedRole, the restricted_authorities claim is essentially all the authorities in scope mapped with its restrictions.Example: READ_PRODUCT:VENDOR:[vendor, vendor2]
- Parameters:
authorizedScopes- The requested scopes that have been authorized.authorities- The Set of all possible authorities (permissions) this client could potentially be granted.restrictionTargetsByType- The restrictions to map with the given authorities- Returns:
- a map of restricted authorities in the requested scopes
-
getAuthorizationServerService
-
getAuthorizedClientService
-
getTokenEnhancerUtility
-
getSecurityService
-