Class CatalogAccessPolicyUtils
java.lang.Object
com.broadleafcommerce.catalog.service.util.CatalogAccessPolicyUtils
-
Constructor Summary
ConstructorDescriptionCatalogAccessPolicyUtils
(com.broadleafcommerce.common.extension.TypeFactory typeFactory, CatalogAccessPolicyProperties catalogAccessPolicyProperties, com.broadleafcommerce.resource.security.utils.service.AuthenticationUtils authenticationUtils) -
Method Summary
Modifier and TypeMethodDescriptionbuildCatalogAccessPolicyContext
(jakarta.servlet.http.HttpServletRequest webRequest) Retrieves the additional auth claims that should be placed on theCatalogAccessPolicyContext
that theCatalogAccessPolicies
are evaluated against.protected com.broadleafcommerce.resource.security.utils.service.AuthenticationUtils
protected CatalogAccessPolicyProperties
jakarta.servlet.http.HttpServletRequest
getRequestAttributes
(jakarta.servlet.http.HttpServletRequest webRequest) Retrieves the request attributes that should be placed on theCatalogAccessPolicyContext
that theCatalogAccessPolicies
are evaluated against.protected com.broadleafcommerce.common.extension.TypeFactory
boolean
Checks if the authenticated caller is one of the whitelisted microservices allowed to bypass Catalog Access Policy restrictions due to not being commerce-facing.
-
Constructor Details
-
CatalogAccessPolicyUtils
public CatalogAccessPolicyUtils(com.broadleafcommerce.common.extension.TypeFactory typeFactory, CatalogAccessPolicyProperties catalogAccessPolicyProperties, com.broadleafcommerce.resource.security.utils.service.AuthenticationUtils authenticationUtils)
-
-
Method Details
-
buildCatalogAccessPolicyContext
public CatalogAccessPolicyContext buildCatalogAccessPolicyContext(@Nullable jakarta.servlet.http.HttpServletRequest webRequest) -
getAdditionalClaims
Retrieves the additional auth claims that should be placed on theCatalogAccessPolicyContext
that theCatalogAccessPolicies
are evaluated against.- Returns:
- The additional auth claims that should be placed on the
CatalogAccessPolicyContext
that theCatalogAccessPolicies
are evaluated against.
-
getRequestAttributes
protected Map<String,Object> getRequestAttributes(@Nullable jakarta.servlet.http.HttpServletRequest webRequest) Retrieves the request attributes that should be placed on theCatalogAccessPolicyContext
that theCatalogAccessPolicies
are evaluated against.- Parameters:
webRequest
- The incoming web request.- Returns:
- The request attributes that should be placed on the
CatalogAccessPolicyContext
that theCatalogAccessPolicies
are evaluated against.
-
getCurrentHttpRequest
@Nullable public jakarta.servlet.http.HttpServletRequest getCurrentHttpRequest() -
isCallerWhitelistedService
public boolean isCallerWhitelistedService()Checks if the authenticated caller is one of the whitelisted microservices allowed to bypass Catalog Access Policy restrictions due to not being commerce-facing. This is used for bulk operations by default since those are triggered by admins.- Returns:
- Whether the authenticated caller is whitelisted to bypass Catalog Access Policies.
- See Also:
-
getTypeFactory
protected com.broadleafcommerce.common.extension.TypeFactory getTypeFactory() -
getCatalogAccessPolicyProperties
-
getAuthenticationUtils
protected com.broadleafcommerce.resource.security.utils.service.AuthenticationUtils getAuthenticationUtils()
-