Package com.broadleafcommerce.content.service.autoconfigure

Class ContentItemResolverProperties

java.lang.Object

com.broadleafcommerce.content.service.autoconfigure.ContentItemResolverProperties

@ConfigurationProperties("broadleaf.content.content-item.resolver")
public class ContentItemResolverProperties
extends Object

Author:

Nathan Moore (nathandmoore)

Constructor Summary

Constructors

Constructor	Description
ContentItemResolverProperties()

Method Summary

Modifier and Type	Method	Description
Set<String>	getWhitelistedServiceCallers()	The names of external microservices that are expected to call Content and should be whitelisted so that user information they provide in a ContentContext or similar are trusted over trying to consult the SecurityContext to glean the same user target information.
void	setWhitelistedServiceCallers(Set<String> whitelistedServiceCallers)	The names of external microservices that are expected to call Content and should be whitelisted so that user information they provide in a ContentContext or similar are trusted over trying to consult the SecurityContext to glean the same user target information.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ContentItemResolverProperties

public ContentItemResolverProperties()

Method Details

getWhitelistedServiceCallers

public Set<String> getWhitelistedServiceCallers()

The names of external microservices that are expected to call Content and should be whitelisted so that user information they provide in a ContentContext or similar are trusted over trying to consult the SecurityContext to glean the same user target information.

When another service calls Content, the original user's (e.g., customer) auth token is replaced by the calling service's, so any information about them must be provided in the request rather than in the auth.

Currently, there is no other way to use the SecurityContext to differentiate between another service calling Content vs an anonymous user whose request is proxied by a commerce gateway since both will receive a similar token from the Auth Service. Therefore, the principal's name is relied upon.

Since:

Content Services 2.0.5

setWhitelistedServiceCallers

public void setWhitelistedServiceCallers(Set<String> whitelistedServiceCallers)

The names of external microservices that are expected to call Content and should be whitelisted so that user information they provide in a ContentContext or similar are trusted over trying to consult the SecurityContext to glean the same user target information.

When another service calls Content, the original user's (e.g., customer) auth token is replaced by the calling service's, so any information about them must be provided in the request rather than in the auth.

Currently, there is no other way to use the SecurityContext to differentiate between another service calling Content vs an anonymous user whose request is proxied by a commerce gateway since both will receive a similar token from the Auth Service. Therefore, the principal's name is relied upon.

Since:

Content Services 2.0.5