Interface GuestCartProtectionService

All Known Implementing Classes:
DefaultGuestCartProtectionService

public interface GuestCartProtectionService
Interface for a service that is used for protecting customer information within guest carts. Customer information generally includes details such as email address, name, addresses, or payment tokens.
Author:
Nick Crum (ncrum)
  • Method Summary

    Modifier and Type
    Method
    Description
    com.broadleafcommerce.cart.client.domain.Cart
    clearCustomerInformation(com.broadleafcommerce.cart.client.domain.Cart cart)
    Deprecated.
    in favor or clearCustomerInformation(Cart, ContextInfo) which also archives/sanitizes the cart's related entities like payments to avoid PII exposure.
    com.broadleafcommerce.cart.client.domain.Cart
    clearCustomerInformation(com.broadleafcommerce.cart.client.domain.Cart cart, com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
    If the Cart contains payment data, then this method should clone the original cart & remove any sensitive customer data.
    com.broadleafcommerce.cart.client.domain.GuestToken
    createGuestToken(String cartId, com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
    Creates a new guest token for the cart with the provided ID.
    com.broadleafcommerce.cart.client.domain.GuestToken
    validateGuestToken(String cartId, String guestToken, com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
    Validates the provided guest token string for the given cart ID.
  • Method Details

    • clearCustomerInformation

      com.broadleafcommerce.cart.client.domain.Cart clearCustomerInformation(com.broadleafcommerce.cart.client.domain.Cart cart, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
      If the Cart contains payment data, then this method should clone the original cart & remove any sensitive customer data. Otherwise, this method will remove any sensitive customer data and return the existing cart.

      Due to this method's archival/sanitization of related entities like cart payments, this method should also handle updating the cart status from DefaultCartStatuses.AWAITING_PAYMENT_FINALIZATION to DefaultCartStatuses.IN_PROCESS. The clearing of guest customer PII signals that payment finalization is no longer available, & the previously validated cart can no longer be deemed "ready for checkout" until it once again passes the validation contained within the checkout workflow.

      Parameters:
      cart - the cart to clear
      contextInfo - the context info
      Returns:
      Either the original cart or a cloned cart that has been cleansed of customer data.
    • clearCustomerInformation

      @Deprecated com.broadleafcommerce.cart.client.domain.Cart clearCustomerInformation(com.broadleafcommerce.cart.client.domain.Cart cart)
      Deprecated.
      in favor or clearCustomerInformation(Cart, ContextInfo) which also archives/sanitizes the cart's related entities like payments to avoid PII exposure.
      Clears customer information from the provided cart. This is typically used to filter out personal information from a guest cart when a guest token is not present, or when generating a new guest token.

      Note, this method will not persist any changes to the cart. Instead, CartOperationService.updateCart(Cart, boolean, boolean, boolean, ContextInfo) should be used to save the cart if the changes are meant to be permanent.

      Parameters:
      cart - the cart to clear
    • createGuestToken

      com.broadleafcommerce.cart.client.domain.GuestToken createGuestToken(String cartId, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
      Creates a new guest token for the cart with the provided ID. This typically creates or replaces a token within a token store for the given cart ID, and returns the resulting token details.
      Parameters:
      cartId - the cart ID
      contextInfo - the context info
      Returns:
      the token details
    • validateGuestToken

      com.broadleafcommerce.cart.client.domain.GuestToken validateGuestToken(String cartId, String guestToken, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo contextInfo)
      Validates the provided guest token string for the given cart ID. This typically retrieves a the token details from a token store using the cart ID, and verifies they match up with the provided token string. If verified, this will return the token details. If not verified, this will throw a GuestTokenValidationException indicating the token failed to validate.
      Parameters:
      cartId - the cart ID
      guestToken - the guest token string
      contextInfo - the context info
      Returns:
      the verified token details
      Throws:
      GuestTokenValidationException - if the token failed to validate
      GuestTokenExpirationException - if the token is expired