Package com.broadleafcommerce.catalogbrowse.service.autoconfigure

Class ExternalProviderProperties

java.lang.Object
com.broadleafcommerce.catalogbrowse.service.autoconfigure.ExternalProviderProperties
@ConfigurationProperties("broadleaf.catalogbrowse.provider.external") public class ExternalProviderProperties extends Object
Properties related to configuring various external Providers.
Since:
1.8.6
Author:
Nathan Moore (nathandmoore)

  • Constructor Summary

    Constructors
    Constructor
    Description
    ExternalProviderProperties()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    Set<String>
    getWhitelistedServiceCallers()
    The names of external microservices that are expected to call Catalog Browse and should be whitelisted so that user information they provide in a PriceContext or similar are trusted over trying to consult the SecurityContext to glean the same user target information.
    void
    setWhitelistedServiceCallers(Set<String> whitelistedServiceCallers)
    The names of external microservices that are expected to call Catalog Browse and should be whitelisted so that user information they provide in a PriceContext or similar are trusted over trying to consult the SecurityContext to glean the same user target information.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • ExternalProviderProperties

      public ExternalProviderProperties()

  • Method Details

    • getWhitelistedServiceCallers

      public Set<String> getWhitelistedServiceCallers()
      The names of external microservices that are expected to call Catalog Browse and should be whitelisted so that user information they provide in a PriceContext or similar are trusted over trying to consult the SecurityContext to glean the same user target information.

      When another service calls Catalog Browse, the original user's (e.g., customer) auth token is replaced by the calling service's, so any information about them must be provided in the request rather than in the auth.

      Currently, there is no other way to use the SecurityContext to differentiate between another service calling Catalog Browse vs an anonymous user whose request is proxied by a commerce gateway since both will receive a similar token from the Auth Service. Therefore, the principal's name is relied upon.

    • setWhitelistedServiceCallers

      public void setWhitelistedServiceCallers(Set<String> whitelistedServiceCallers)
      The names of external microservices that are expected to call Catalog Browse and should be whitelisted so that user information they provide in a PriceContext or similar are trusted over trying to consult the SecurityContext to glean the same user target information.

      When another service calls Catalog Browse, the original user's (e.g., customer) auth token is replaced by the calling service's, so any information about them must be provided in the request rather than in the auth.

      Currently, there is no other way to use the SecurityContext to differentiate between another service calling Catalog Browse vs an anonymous user whose request is proxied by a commerce gateway since both will receive a similar token from the Auth Service. Therefore, the principal's name is relied upon.