Package com.broadleafcommerce.auth.resource.service

Class DefaultUserOperationService

java.lang.Object
com.broadleafcommerce.auth.resource.service.DefaultUserOperationService
All Implemented Interfaces:
UserOperationService
public class DefaultUserOperationService extends Object implements UserOperationService
Author:
Nick Crum (ncrum)

  • Constructor Details

    • DefaultUserOperationService

      public DefaultUserOperationService(PermissionRepository permissionRepository)

  • Method Details

    • getUserOperationInformation

      public UserOperationInformation getUserOperationInformation(@NonNull Collection<String> scopes, @Nullable String clientId)
      Description copied from interface: UserOperationService

      Finds the UserOperationInformation for the current user and the given scopes.

      Note that if this is called with a Bearer token authentication, the authorities from the token itself are ignored/unused. The full user will be read from the datastore and _all_ their authorities will be considered.

      Specified by:
      getUserOperationInformation in interface UserOperationService
      Parameters:
      scopes - the set of scopes to retrieve operation info for
      clientId - (optional) if the current user authentication is a Bearer token, then this parameter is required to successfully find the user. This parameter is not required if the current user authentication is a session token.
      Returns:
      the operation information on the current user for the given scopes

    • safeGetUserAuthoritiesFromCurrentAuthentication

      protected Set<String> safeGetUserAuthoritiesFromCurrentAuthentication(@Nullable String clientId)

    • loadUserDetails

      @Nullable protected OAuth2UserDetails loadUserDetails(@Nullable String clientId)
      This is a flexible method that can load the OAuth2UserDetails for the currently authenticated user both in the session-token-authentication case and the bearer-token-authentication case.
      Parameters:
      clientId - (optional) required only if the current authentication is a bearer token authentication, as bearer token authentication does not contain client ID information
      Returns:
      the OAuth2UserDetails for the currently authenticated user, else null if not able to load.

    • isBearerTokenAuth

      protected boolean isBearerTokenAuth()
      Determine if the Authentication in the SecurityContext is a BearerToken (access token).
      Returns:
      True in the Authentication in the SecurityContext is a BearerToken (access token).

    • getUsernameFromBearerToken

      @Nullable protected String getUsernameFromBearerToken()
      Read the username attribute from the BearerToken.
      Returns:
      the username attribute from the BearerToken.

    • getUsernameFromAttributes

      @Nullable protected String getUsernameFromAttributes(org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication bearerTokenAuthentication)
      Returns:
      the username value from the given access token attributes

    • getStringValue

      @Nullable protected String getStringValue(Map<String,Object> source, String key)

    • buildUserOperationInformation

      protected UserOperationInformation buildUserOperationInformation(Collection<String> scopes, Set<String> allGrantedAuthorities)
      Builds a UserOperationInformation response for the given scopes and granted authorities.
      Parameters:
      scopes - the requested scopes to evaluate user accessibility for
      allGrantedAuthorities - the full list of authorities to consider as available to the user. This may be all authorities available to the user directly, or alternatively all authorities granted to the user by a particular account (if checking account scopes).
      Returns:
      an UserOperationInformation response containing the filtered operations allowed to the user for each scope

    • getPermissionsByScope

      protected Map<String,List<PermissionScope>> getPermissionsByScope(Collection<String> scopes)

    • getUserOperationsForScope

      protected Collection<UserOperation> getUserOperationsForScope(String scope, List<PermissionScope> permissionScopes, Set<String> userAuthorities)

    • mapPermissionScopeToUserOperation

      protected UserOperation mapPermissionScopeToUserOperation(PermissionScope permissionScope, Set<String> userAuthorities)

    • getUserOperationInformation

      public UserOperationInformation getUserOperationInformation(@NonNull Collection<String> scopes, @Nullable String clientId, @NonNull String accountId)
      Description copied from interface: UserOperationService

      Finds the UserOperationInformation for the current user and the given scopes by mapping their roles via the current user's account information.

      Note that if this is called with a Bearer token authentication, the authorities from the token itself are ignored/unused. The full user will be read from the datastore and _all_ their authorities will be considered.

      Specified by:
      getUserOperationInformation in interface UserOperationService
      Parameters:
      scopes - the set of scopes to retrieve operation info for
      clientId - (optional) if the current user authentication is a Bearer token, then this parameter is required to successfully find the user. This parameter is not required if the current user authentication is a session token.
      accountId - the id to use to check if the current user has permissions for the account
      Returns:
      the operation information on the current user for the given scopes

    • getAllUserAuthoritiesForAccount

      protected Set<String> getAllUserAuthoritiesForAccount(String accountId, @Nullable String clientId)

    • getAccountRoleIds

      protected Set<String> getAccountRoleIds(User user, String accountId)

    • getAllPermissionNamesFromRoleIds

      protected Set<String> getAllPermissionNamesFromRoleIds(Set<String> roleIds)

    • findAllByScopeIn

      public List<UserOperation> findAllByScopeIn(@NonNull Collection<String> scopes)
      Description copied from interface: UserOperationService
      Finds all user operations tied to the provided set of scopes.
      Specified by:
      findAllByScopeIn in interface UserOperationService
      Parameters:
      scopes - the set of scopes to retrieve operations for
      Returns:
      all `UserOperation` matching at least one of the scopes

    • getPermissionRepository

      protected PermissionRepository getPermissionRepository()

    • getUserRoleService

      protected UserRoleService<UserRole> getUserRoleService()

    • setUserRoleService

      @Autowired @Lazy public void setUserRoleService(UserRoleService<UserRole> userRoleService)

    • getUserService

      protected UserService<User> getUserService()

    • setUserService

      @Autowired @Lazy public void setUserService(UserService<User> userService)

    • getAccountAncestorService

      protected AccountAncestorService getAccountAncestorService()

    • setAccountAncestorService

      @Autowired @Lazy public void setAccountAncestorService(AccountAncestorService accountAncestorService)

    • getUserDetailsService

      protected OAuth2UserDetailsService getUserDetailsService()

    • setUserDetailsService

      @Autowired @Lazy public void setUserDetailsService(OAuth2UserDetailsService userDetailsService)