Class CatalogAccessPolicyProperties

java.lang.Object
com.broadleafcommerce.catalog.service.context.CatalogAccessPolicyProperties

@ConfigurationProperties("broadleaf.catalog.catalog-access-policy") public class CatalogAccessPolicyProperties extends Object
Properties related to CatalogAccessPolicy
Author:
Susana Cruz (susanaccruz)
  • Constructor Details

    • CatalogAccessPolicyProperties

      public CatalogAccessPolicyProperties()
  • Method Details

    • getRequestAttributeList

      public List<String> getRequestAttributeList()
      Represents the list of attribute from a WebRequest to store on CatalogAccessPolicyContext. This is used to whitelist request attributes used when evaluating CatalogAccessPolicies. The attribute name should be matched by a field name configured in metadata for the CatalogAccessPolicy.getMatchRule() ()} rule-builder.
    • getAdditionalClaims

      public List<String> getAdditionalClaims()
      Represents a list of additional auth token claims to add as attributes to the CatalogAccessPolicyContext for rules to be evaluated against. The claim name should be matched by a field name configured in metadata for the CatalogAccessPolicy.getMatchRule() rule-builder.
    • getWhitelistedServiceCallers

      public Set<String> getWhitelistedServiceCallers()
      The names of external microservices that are expected to call Catalog Service for admin or bulk processing requests and should be whitelisted so that they bypass Catalog Access Policy filtering.

      When another service calls Catalog, the original user's (e.g., admin user's) auth token is replaced by the calling service's, so any information about them must be provided in the request rather than in the auth.

    • setRequestAttributeList

      public void setRequestAttributeList(List<String> requestAttributeList)
      Represents the list of attribute from a WebRequest to store on CatalogAccessPolicyContext. This is used to whitelist request attributes used when evaluating CatalogAccessPolicies. The attribute name should be matched by a field name configured in metadata for the CatalogAccessPolicy.getMatchRule() ()} rule-builder.
    • setAdditionalClaims

      public void setAdditionalClaims(List<String> additionalClaims)
      Represents a list of additional auth token claims to add as attributes to the CatalogAccessPolicyContext for rules to be evaluated against. The claim name should be matched by a field name configured in metadata for the CatalogAccessPolicy.getMatchRule() rule-builder.
    • setWhitelistedServiceCallers

      public void setWhitelistedServiceCallers(Set<String> whitelistedServiceCallers)
      The names of external microservices that are expected to call Catalog Service for admin or bulk processing requests and should be whitelisted so that they bypass Catalog Access Policy filtering.

      When another service calls Catalog, the original user's (e.g., admin user's) auth token is replaced by the calling service's, so any information about them must be provided in the request rather than in the auth.

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object
    • canEqual

      protected boolean canEqual(Object other)
    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object
    • toString

      public String toString()
      Overrides:
      toString in class Object