Package com.broadleafcommerce.auth.security.service

Class OAuthExternalAdminUserHandler

java.lang.Object

com.broadleafcommerce.auth.security.service.AbstractExternalAdminUserHandler<org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken>

com.broadleafcommerce.auth.security.service.OAuthExternalAdminUserHandler

All Implemented Interfaces:

ExternalAdminUserHandler<org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken>

public class OAuthExternalAdminUserHandler
extends AbstractExternalAdminUserHandler<org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken>

Field Summary

Fields

Modifier and Type	Field	Description
static final String	DEFAULT_APP_ACCESS_CLAIM_KEY
static final String	DEFAULT_APP_RESTRICTION_CLAIM_KEY
static final String	DEFAULT_ROLE_CLAIM_KEY
static final String	DEFAULT_TENANT_ACCESS_CLAIM_KEY

Fields inherited from class com.broadleafcommerce.auth.security.service.AbstractExternalAdminUserHandler

RANDOM

Constructor Summary

Constructors

Constructor

Description

OAuthExternalAdminUserHandler(UserService<User> userService, ExternalRoleMappingService<ExternalRoleMapping> externalRoleMappingService, AuthorizationServerService<AuthorizationServer> authorizationServerService, PasswordGenerator passwordGenerator, ExternalAdminUserModificationEventProducer externalAdminUserModificationEventProducer, AdminUserMessagingProperties properties, com.broadleafcommerce.common.extension.TypeFactory typeFactory, org.springframework.security.crypto.password.PasswordEncoder passwordEncoder)

Method Summary

Modifier and Type	Method	Description
protected Set<String>	getApplicationRestrictions(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken authentication)	Return a set of application ID strings indicating which applications a user is restricted to.
protected String	getBlcAppAccessClaim()	Claim key that determines if the user is restricted to certain applications.
protected String	getBlcAppRestrictionClaim()	Claim key representing the applications the admin is restricted to.
protected String	getBlcRoleClaim()
protected String	getBlcTenantAccessClaim()	Claim key that determines if the user is allowed access to the tenant level.
protected Boolean	getBooleanClaim(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken authentication, String claim)	Parses a claim and returns it as a Boolean.
protected Boolean	getHasAppAccess(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken authentication)	Return true if the user has application access.
protected Boolean	getHasTenantAccess(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken authentication)	Return true if the user has tenant level access.
protected Set<String>	getStringSetClaim(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken authentication, String claim)	Parses a claim and returns it as a string set.
protected Set<String>	getThirdPartyAssignedRoles(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken authentication, AuthorizedClient client)	An extension point for resolving third party assigned roles.

Methods inherited from class com.broadleafcommerce.auth.security.service.AbstractExternalAdminUserHandler

assignTenantAndApplicationAccess, assignThirdPartyRoles, assignUserAccess, createAdminUser, generateRandomPassword, getAdditionalExternalEventAttributes, getAdminUserMessagingProperties, getAuthorizationServerService, getExternalRoleMappingService, getModificationEventProducer, getPasswordEncoder, getPasswordGenerator, getTypeFactory, getUserService, handleAdminUserUpdates, handleThirdPartyAdminLogin, sendExternalAdminUserUpdateEvent

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

DEFAULT_ROLE_CLAIM_KEY

public static final String DEFAULT_ROLE_CLAIM_KEY

See Also:

• Constant Field Values

DEFAULT_TENANT_ACCESS_CLAIM_KEY

public static final String DEFAULT_TENANT_ACCESS_CLAIM_KEY

See Also:

• Constant Field Values

DEFAULT_APP_ACCESS_CLAIM_KEY

public static final String DEFAULT_APP_ACCESS_CLAIM_KEY

See Also:

• Constant Field Values

DEFAULT_APP_RESTRICTION_CLAIM_KEY

public static final String DEFAULT_APP_RESTRICTION_CLAIM_KEY

See Also:

• Constant Field Values

Constructor Details

OAuthExternalAdminUserHandler

public OAuthExternalAdminUserHandler(UserService<User> userService,
 ExternalRoleMappingService<ExternalRoleMapping> externalRoleMappingService,
 AuthorizationServerService<AuthorizationServer> authorizationServerService,
 PasswordGenerator passwordGenerator,
 ExternalAdminUserModificationEventProducer externalAdminUserModificationEventProducer,
 AdminUserMessagingProperties properties,
 com.broadleafcommerce.common.extension.TypeFactory typeFactory,
 org.springframework.security.crypto.password.PasswordEncoder passwordEncoder)

Method Details

getApplicationRestrictions

protected Set<String> getApplicationRestrictions(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken authentication)

Description copied from class: AbstractExternalAdminUserHandler

Return a set of application ID strings indicating which applications a user is restricted to.

Specified by:

getApplicationRestrictions in class AbstractExternalAdminUserHandler<org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken>

Parameters:

authentication - The authentication object

Returns:

A set of strings indicating which applications a user is restricted to

getHasTenantAccess

protected Boolean getHasTenantAccess(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken authentication)

Description copied from class: AbstractExternalAdminUserHandler

Return true if the user has tenant level access.

Specified by:

getHasTenantAccess in class AbstractExternalAdminUserHandler<org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken>

Parameters:

authentication - The authentication

Returns:

getHasAppAccess

protected Boolean getHasAppAccess(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken authentication)

Description copied from class: AbstractExternalAdminUserHandler

Return true if the user has application access.

Specified by:

getHasAppAccess in class AbstractExternalAdminUserHandler<org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken>

Parameters:

authentication - The authentication object

Returns:

getThirdPartyAssignedRoles

protected Set<String> getThirdPartyAssignedRoles(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken authentication,
 AuthorizedClient client)

Description copied from class: AbstractExternalAdminUserHandler

An extension point for resolving third party assigned roles. These roles should then be mapped to BLC roles.

Specified by:

getThirdPartyAssignedRoles in class AbstractExternalAdminUserHandler<org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken>

Parameters:

authentication - The authentication object

Returns:

A set of strings representing third party roles.

getBlcRoleClaim

protected String getBlcRoleClaim()

getBlcTenantAccessClaim

protected String getBlcTenantAccessClaim()

Claim key that determines if the user is allowed access to the tenant level.

getBlcAppAccessClaim

protected String getBlcAppAccessClaim()

Claim key that determines if the user is restricted to certain applications.

getBlcAppRestrictionClaim

protected String getBlcAppRestrictionClaim()

Claim key representing the applications the admin is restricted to.

getBooleanClaim

@Nullable
protected Boolean getBooleanClaim(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken authentication,
 String claim)

Parses a claim and returns it as a Boolean.

Parameters:

authentication - The authentication object

claim - The claim to parse

Returns:

T

getStringSetClaim

@Nullable
protected Set<String> getStringSetClaim(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken authentication,
 String claim)

Parses a claim and returns it as a string set. This method requires that the claim be a comma separated string, collection of strings, or string array.

Parameters:

authentication - The authentication object

claim - The claim to parse

Returns:

A set of strings, or null if the claim does not exists.