com.broadleafcommerce.data.tracking.core.policy

Interface PolicyUtils

All Known Subinterfaces:

TrackablePolicyUtils

All Known Implementing Classes:

DefaultTrackablePolicyUtils, VendorAwareTrackablePolicyUtils

public interface PolicyUtils

Utility class capable of performing validation of a requested operation based on permissions available to the current Authentication. This is generally subclassed to provide business rule verification on additional context information outside of Spring granted authorities alone.

Author:

Jeff Fischer

Field Summary

Fields

Modifier and Type	Field and Description
static String	DEFAULT_AUTH_DETAILS_OWNER_ID Key used when determining if a user owns a particular entity.
static org.slf4j.Logger	log
static String	ROLE_ANONYMOUS

Method Summary

Modifier and Type	Method and Description
default String	getAuthDetailsOwnerIdentifier()
default org.springframework.security.core.Authentication	getAuthentication() Retrieve the current Spring Authentication instance associated with the current flow, if any.
Map<String,Object>	getAuthenticationAttributes() Retrieves the attributes on the current Authentication that are useful in making policy determinations.
default PolicyResponse	validatePermissions(String[] permissions, ContextInfo contextInfo) Determine if the current security context (e.g.

Field Detail

log

static final org.slf4j.Logger log

ROLE_ANONYMOUS

static final String ROLE_ANONYMOUS

See Also:

Constant Field Values

DEFAULT_AUTH_DETAILS_OWNER_ID

static final String DEFAULT_AUTH_DETAILS_OWNER_ID

Key used when determining if a user owns a particular entity.

See Also:

Owned, Constant Field Values

Method Detail

getAuthentication

default org.springframework.security.core.Authentication getAuthentication()

Retrieve the current Spring Authentication instance associated with the current flow, if any.

Returns:

The current Spring Authentication instance associated with the current flow

getAuthenticationAttributes

Map<String,Object> getAuthenticationAttributes()

Retrieves the attributes on the current Authentication that are useful in making policy determinations. This method is expected to return the attributes in a map which is generally achieved by a registered Converter bean.

Returns:

the attributes, if any, on the current Authentication

validatePermissions

default PolicyResponse validatePermissions(@Nullable
                                           String[] permissions,
                                           @Nullable
                                           ContextInfo contextInfo)

Determine if the current security context (e.g. Authentication) is valid against the requested permission. If Spring Security is disabled (no Authentication available), the response will be PolicyResponse.VALID.

Parameters:

permissions - the permissions to check. A single permission in the current getAuthentication() must match to pass the policy

contextInfo - the context containing multitenant application, tenant and catalog information. Not used in the default implementation, though custom implementations may use this for validation purposes.

Returns:

the result of the validation

getAuthDetailsOwnerIdentifier

default String getAuthDetailsOwnerIdentifier()