Package com.broadleafcommerce.auth.security.service

Class DefaultSecurityService

java.lang.Object
com.broadleafcommerce.auth.security.service.DefaultSecurityService
All Implemented Interfaces:
SecurityService
public class DefaultSecurityService extends Object implements SecurityService
Methods for filtering scopes and permissions from what is accessible to what is requested or relevant.
Author:
Nick Crum (ncrum), Cade Rea (cade-rea)

  • Constructor Details

  • Method Details

    • filterToAccessibleScopes

      public Set<String> filterToAccessibleScopes(Set<String> requestedScopes, Set<String> accessiblePermissions)
      Description copied from interface: SecurityService
      Returns the sub-set of requested scopes are accessible from the given permissions.

      Ensure that the requested scopes are accessible from the given permissions. If none of the requested scopes are accessible, this will return an empty set.

      Specified by:
      filterToAccessibleScopes in interface SecurityService
      Parameters:
      requestedScopes - The set of requested scopes.
      accessiblePermissions - The set of BLC permissions that a user or client can access. Typically, these come from the authorities on the session token.
      Returns:
      The sub-set of the requested scopes that are accessible from the given permissions.

    • filterPermissionsRelevantToScopes

      public Set<String> filterPermissionsRelevantToScopes(@Nullable Collection<String> candidatePermissions, Set<String> limitingScopes)
      Description copied from interface: SecurityService
      Returns a sub-set from the given candidatePermissions of the permissions that belong to one of the given limitingScopes. This is useful for narrowing down granted authorities to those relevant for requested scopes.
      Specified by:
      filterPermissionsRelevantToScopes in interface SecurityService
      Parameters:
      candidatePermissions - The permissions to filter from. This is just a collection of Broadleaf permission values.
      limitingScopes - The specific scopes to filter the results to.
      Returns:
      The permissions which are relevant for the given scopes, or an empty (never-null) set.

    • findOpenRequestedScopes

      @Deprecated protected Stream<String> findOpenRequestedScopes(Set<String> requestedScopes)
      Deprecated.
      Use findOpenScopes(Set), which returns a Set instead of a Stream.

    • findOpenScopes

      protected Set<String> findOpenScopes(Set<String> requestedScopes)

    • getRootsFromPermissions

      protected Set<String> getRootsFromPermissions(Set<String> collect)

    • filterScopesByPermissions

      @Deprecated protected Stream<String> filterScopesByPermissions(Set<String> requestedScopes, Set<String> rootsFromPermissions)
      Deprecated.
      Use filterScopesByPermission(Set, Set) instead.

    • filterScopesByPermission

      protected Stream<String> filterScopesByPermission(Set<String> requestedScopes, Set<String> rootsFromPermissions)
      Deprecated.
      This incorrectly requires that all scopes/perms are 1-1 and ignores the permission root flag. Use filterScopesByPermission(Set, Set, Set) which correctly accounts for scopes that aren't related to permission roots.

    • filterScopesByPermission

      protected Set<String> filterScopesByPermission(Set<String> requestedScopes, Set<String> permissionRoots, Set<String> accessiblePermissions)
      Filters scopes based on supplied permissions. This will return any scopes that the user has permissions for.
      Parameters:
      requestedScopes - The requested scopes
      permissionRoots - The permission roots, determined from
      accessiblePermissions - The permissions the user has.
      Returns:
      A filtered list of scopes.

    • findAllPermissionsForScopes

      protected Set<String> findAllPermissionsForScopes(Set<String> scopes)

    • filterRelevantPermissions

      protected Set<String> filterRelevantPermissions(Collection<String> candidatePermissions, Set<String> permissionsForScopes)

    • permissionToRoot

      protected String permissionToRoot(String permission)

    • getPermissionRepository

      protected PermissionRepository getPermissionRepository()

    • getScopeRepository

      protected ScopeRepository getScopeRepository()