Class CatalogAccessPolicyUtils

java.lang.Object
com.broadleafcommerce.catalog.service.util.CatalogAccessPolicyUtils

public class CatalogAccessPolicyUtils extends Object
  • Constructor Details

    • CatalogAccessPolicyUtils

      public CatalogAccessPolicyUtils(com.broadleafcommerce.common.extension.TypeFactory typeFactory, CatalogAccessPolicyProperties catalogAccessPolicyProperties, com.broadleafcommerce.resource.security.utils.service.AuthenticationUtils authenticationUtils)
  • Method Details

    • buildCatalogAccessPolicyContext

      public CatalogAccessPolicyContext buildCatalogAccessPolicyContext(@Nullable jakarta.servlet.http.HttpServletRequest webRequest)
    • getAdditionalClaims

      protected Map<String,Object> getAdditionalClaims()
      Retrieves the additional auth claims that should be placed on the CatalogAccessPolicyContext that the CatalogAccessPolicies are evaluated against.
      Returns:
      The additional auth claims that should be placed on the CatalogAccessPolicyContext that the CatalogAccessPolicies are evaluated against.
    • getRequestAttributes

      protected Map<String,Object> getRequestAttributes(@Nullable jakarta.servlet.http.HttpServletRequest webRequest)
      Retrieves the request attributes that should be placed on the CatalogAccessPolicyContext that the CatalogAccessPolicies are evaluated against.
      Parameters:
      webRequest - The incoming web request.
      Returns:
      The request attributes that should be placed on the CatalogAccessPolicyContext that the CatalogAccessPolicies are evaluated against.
    • getCurrentHttpRequest

      @Nullable public jakarta.servlet.http.HttpServletRequest getCurrentHttpRequest()
    • isCallerWhitelistedService

      public boolean isCallerWhitelistedService()
      Checks if the authenticated caller is one of the whitelisted microservices allowed to bypass Catalog Access Policy restrictions due to not being commerce-facing. This is used for bulk operations by default since those are triggered by admins.
      Returns:
      Whether the authenticated caller is whitelisted to bypass Catalog Access Policies.
      See Also:
    • getTypeFactory

      protected com.broadleafcommerce.common.extension.TypeFactory getTypeFactory()
    • getCatalogAccessPolicyProperties

      protected CatalogAccessPolicyProperties getCatalogAccessPolicyProperties()
    • getAuthenticationUtils

      protected com.broadleafcommerce.resource.security.utils.service.AuthenticationUtils getAuthenticationUtils()