Package com.broadleafcommerce.auth.security.service

Class AbstractExternalAdminUserHandler<T extends org.springframework.security.core.Authentication>

java.lang.Object
com.broadleafcommerce.auth.security.service.AbstractExternalAdminUserHandler<T>
All Implemented Interfaces:
ExternalAdminUserHandler<T>
Direct Known Subclasses:
OAuthExternalAdminUserHandler
public abstract class AbstractExternalAdminUserHandler<T extends org.springframework.security.core.Authentication> extends Object implements ExternalAdminUserHandler<T>

  • Field Details

    • RANDOM

      protected static final Random RANDOM

  • Constructor Details

  • Method Details

    • createAdminUser

      public User createAdminUser(T authentication, String username, String email, String name, AuthorizedClient client)
      Description copied from interface: ExternalAdminUserHandler
      Responsible for initializing and creating an admin if automatic admin creation is enabled for third party IDP. In addition, emits a user created event that is consumed by the Admin User service.
      Specified by:
      createAdminUser in interface ExternalAdminUserHandler<T extends org.springframework.security.core.Authentication>
      Parameters:
      authentication - The authentication object
      username - The desired username
      email - The user's email
      name - The user's name
      client - The authorized client
      Returns:
      The newly created admin

    • handleThirdPartyAdminLogin

      public Optional<User> handleThirdPartyAdminLogin(T authentication, AuthorizedClient client, String username)
      Description copied from interface: ExternalAdminUserHandler
      Upon successful login of an existing admin user, handle any relevant updates and return the user if modifications occurred.
      Specified by:
      handleThirdPartyAdminLogin in interface ExternalAdminUserHandler<T extends org.springframework.security.core.Authentication>
      Parameters:
      authentication - The authenication object
      client - The authorized client
      username - The admin's username
      Returns:
      The user, if updates were made, else empty.

    • assignUserAccess

      protected void assignUserAccess(T authentication, User user, AuthorizedClient client)
      Set initial tenant and server values on the new User and set tenant access, application access, and roles.
      Parameters:
      authentication - The authentication token granted by the third-party authentication provider.
      user - The User represented by the given authentication token
      client - The AuthorizedClient that the User is using to log in.

    • handleAdminUserUpdates

      protected Optional<User> handleAdminUserUpdates(T authentication, User user, AuthorizedClient client)
      Update the User's tenant access, application access, and roles from the authentication token provided by the third-party authentication provider.
      Parameters:
      authentication - The authentication token granted by the third-party authentication provider.
      user - The User represented by the given authentication token
      client - The AuthorizedClient that the User is using to log in.
      Returns:
      An Optional containing a refreshed User object if the user was updated. Otherwise, an empty Optional if the user was not updated during this operation.

    • assignTenantAndApplicationAccess

      protected boolean assignTenantAndApplicationAccess(T authentication, User user, AuthorizedClient client)
      Determine if an admin user has tenant and/or application access. This method should determine and set whether the user has tenant or application access (or both). If the user is restricted to certain application, implementors of this method should handle that scenario as well.

      See:
      User.setTenantAccess(boolean)
      User.setApplicationAccess(boolean)
      User.setApplicationIds(Set)

      Parameters:
      authentication - The authentication token granted by the third-party authentication provider.
      user - The User represented by the given authentication token
      client - The AuthorizedClient that the User is using to log in.
      Returns:
      True if the given User object was changed during this operation. False if the given user was not changed.

    • assignThirdPartyRoles

      protected boolean assignThirdPartyRoles(T authentication, User user, AuthorizedClient client)
      Assign roles to admin users. This implementation defers to getThirdPartyAssignedRoles(Authentication, AuthorizedClient) to get the roles that should be granted to the admin. The externalRoleMappingService is used to map the role ids from the authentication to Broadleaf roles. Roles added this way are marked as UserRoleRef.isThirdPartyAssigned().
      Parameters:
      authentication - The authentication token granted by the third-party authentication provider.
      user - The User represented by the given authentication token
      client - The AuthorizedClient that the User is using to log in.
      Returns:
      True if the given User object was changed during this operation. False if the given user was not changed.

    • getApplicationRestrictions

      @Nullable protected abstract Set<String> getApplicationRestrictions(T authentication)
      Return a set of application ID strings indicating which applications a user is restricted to.
      Parameters:
      authentication - The authentication object
      Returns:
      A set of strings indicating which applications a user is restricted to

    • getHasTenantAccess

      @Nullable protected abstract Boolean getHasTenantAccess(T authentication)
      Return true if the user has tenant level access.
      Parameters:
      authentication - The authentication
      Returns:

    • getHasAppAccess

      @Nullable protected abstract Boolean getHasAppAccess(T authentication)
      Return true if the user has application access.
      Parameters:
      authentication - The authentication object
      Returns:

    • sendExternalAdminUserUpdateEvent

      protected void sendExternalAdminUserUpdateEvent(User user, String operationType, Map<String,Object> additionalAttributes)

    • generateRandomPassword

      protected String generateRandomPassword()
      Create a random password for the User and encode it with the password encoder.
      Returns:
      a secure, random, encoded String

    • getThirdPartyAssignedRoles

      protected abstract Set<String> getThirdPartyAssignedRoles(T authentication, AuthorizedClient client)
      An extension point for resolving third party assigned roles. These roles should then be mapped to BLC roles.
      Parameters:
      authentication - The authentication object
      Returns:
      A set of strings representing third party roles.

    • getAdditionalExternalEventAttributes

      @NonNull protected Map<String,Object> getAdditionalExternalEventAttributes(User user, T authentication, AuthorizedClient client)
      Extension point for adding additional information to be included with the user modification event. Default returns an empty map.
      See ExternalAdminUserModificationEvent.getAdditionalAttributes().
      Returns:
      A map of any additional attributes to be sent with the user modification event.

    • getUserService

      protected UserService<User> getUserService()

    • getExternalRoleMappingService

      protected ExternalRoleMappingService<ExternalRoleMapping> getExternalRoleMappingService()

    • getAuthorizationServerService

      protected AuthorizationServerService<AuthorizationServer> getAuthorizationServerService()

    • getPasswordGenerator

      protected PasswordGenerator getPasswordGenerator()

    • getModificationEventProducer

      protected ExternalAdminUserModificationEventProducer getModificationEventProducer()

    • getAdminUserMessagingProperties

      protected AdminUserMessagingProperties getAdminUserMessagingProperties()

    • getTypeFactory

      protected com.broadleafcommerce.common.extension.TypeFactory getTypeFactory()

    • getPasswordEncoder

      protected org.springframework.security.crypto.password.PasswordEncoder getPasswordEncoder()