Package com.broadleafcommerce.catalog.service.util

Class CatalogAccessPolicyUtils

java.lang.Object

com.broadleafcommerce.catalog.service.util.CatalogAccessPolicyUtils

public class CatalogAccessPolicyUtils
extends Object

Constructor Summary

Constructors

Constructor	Description
CatalogAccessPolicyUtils(com.broadleafcommerce.common.extension.TypeFactory typeFactory, CatalogAccessPolicyProperties catalogAccessPolicyProperties, com.broadleafcommerce.resource.security.utils.service.AuthenticationUtils authenticationUtils)

Method Summary

Modifier and Type	Method	Description
CatalogAccessPolicyContext	buildCatalogAccessPolicyContext(jakarta.servlet.http.HttpServletRequest webRequest)
protected Map<String,Object>	getAdditionalClaims()	Retrieves the additional auth claims that should be placed on the CatalogAccessPolicyContext that the CatalogAccessPolicies are evaluated against.
protected com.broadleafcommerce.resource.security.utils.service.AuthenticationUtils	getAuthenticationUtils()
protected CatalogAccessPolicyProperties	getCatalogAccessPolicyProperties()
jakarta.servlet.http.HttpServletRequest	getCurrentHttpRequest()
protected Map<String,Object>	getRequestAttributes(jakarta.servlet.http.HttpServletRequest webRequest)	Retrieves the request attributes that should be placed on the CatalogAccessPolicyContext that the CatalogAccessPolicies are evaluated against.
protected com.broadleafcommerce.common.extension.TypeFactory	getTypeFactory()
boolean	isCallerWhitelistedService()	Checks if the authenticated caller is one of the whitelisted microservices allowed to bypass Catalog Access Policy restrictions due to not being commerce-facing.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CatalogAccessPolicyUtils

public CatalogAccessPolicyUtils(com.broadleafcommerce.common.extension.TypeFactory typeFactory,
 CatalogAccessPolicyProperties catalogAccessPolicyProperties,
 com.broadleafcommerce.resource.security.utils.service.AuthenticationUtils authenticationUtils)

Method Details

buildCatalogAccessPolicyContext

public CatalogAccessPolicyContext buildCatalogAccessPolicyContext(@Nullable
 jakarta.servlet.http.HttpServletRequest webRequest)

getAdditionalClaims

protected Map<String,Object> getAdditionalClaims()

Retrieves the additional auth claims that should be placed on the CatalogAccessPolicyContext that the CatalogAccessPolicies are evaluated against.

Returns:

The additional auth claims that should be placed on the CatalogAccessPolicyContext that the CatalogAccessPolicies are evaluated against.

getRequestAttributes

protected Map<String,Object> getRequestAttributes(@Nullable
 jakarta.servlet.http.HttpServletRequest webRequest)

Retrieves the request attributes that should be placed on the CatalogAccessPolicyContext that the CatalogAccessPolicies are evaluated against.

Parameters:

webRequest - The incoming web request.

Returns:

The request attributes that should be placed on the CatalogAccessPolicyContext that the CatalogAccessPolicies are evaluated against.

getCurrentHttpRequest

@Nullable
public jakarta.servlet.http.HttpServletRequest getCurrentHttpRequest()

isCallerWhitelistedService

public boolean isCallerWhitelistedService()

Checks if the authenticated caller is one of the whitelisted microservices allowed to bypass Catalog Access Policy restrictions due to not being commerce-facing. This is used for bulk operations by default since those are triggered by admins.

Returns:

Whether the authenticated caller is whitelisted to bypass Catalog Access Policies.

See Also:

• CatalogAccessPolicyProperties.getWhitelistedServiceCallers()

getTypeFactory

protected com.broadleafcommerce.common.extension.TypeFactory getTypeFactory()

getCatalogAccessPolicyProperties

protected CatalogAccessPolicyProperties getCatalogAccessPolicyProperties()

getAuthenticationUtils

protected com.broadleafcommerce.resource.security.utils.service.AuthenticationUtils getAuthenticationUtils()