Package com.broadleafcommerce.data.tracking.core.policy

Enum IdentityType

  • All Implemented Interfaces:
    Serializable, Comparable<IdentityType>
    public enum IdentityType
extends Enum<IdentityType>
    One of more possible user identity types. Identity types represent the allowed type of user that may have access. Different identity types receive different validation treatment. For example, ADMIN types represent standard admin requests for accessing data and checks for visibility and mutability based on multitenant concerns, etc... are enforced. OWNER on the other hand represents a standard user that is accessing a record they own (e.g. a cart, a saved address, or a saved payment method).

    Using one or multiple identity types, a common endpoint can be used for multiple users and be protected appropriately based on that user's viewing context.

    Author:
    Jeff Fischer

    • Enum Constant Detail

      • OWNER

        public static final IdentityType OWNER
        When this IdentityType is used, the authenticated user's ownership is checked in the following ways:
        • If Policy.ownerIdentifierParam() is specified, then ownership will be checked directly against the value of that param. This is primarily useful in API endpoint methods where the owner's id is present as a path variable. By specifying this param in that case, an ownership check will be executed immediately before any work is completed by the endpoint.
        • If Policy.ownerIdentifierParam() is not specified, then ownership will be checked against the method's params. In this case, Policy.param() can be used to identify the method param that implements the Owned interface. Otherwise, the method's params will be checked in order, looking for an Owned entity. If an owned entity is found, its owner identifier will be used to verify access against the authenticated user.
        • If the method's return object is an Owned entity, then its owner identifier will be checked against the authenticated user.
        Notes:
        • The authenticated user's identifier is gathered via a parameter present in the Authentication.getDetails()
        • The OWNER IdentityType is inherited from parent Policy annotations. Therefore, if you specify an ownership requirement at the endpoint-level, then it will also be enforced at the repository-level, if the repository includes a Policy annotation.
        • If Policy.ownerIdentifierParam() is not specified, then ownership is only enforced if a param or the response is an owned entity. So if your projection domain implements Owned, but the persistent entity does not, then only the endpoint response will be checked for ownership. Checking both the projection & persistent entities is necessary if you are reading then updating the results of the read - i.e. you'd want to check that what you're reading actually belongs to the user before updating it, not just validate the response from the endpoint after the update.

    • Method Detail

      • values

        public static IdentityType[] values()
        Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows: 
        for (IdentityType c : IdentityType.values())
    System.out.println(c);
        Returns:
        an array containing the constants of this enum type, in the order they are declared

      • valueOf

        public static IdentityType valueOf​(String name)
        Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
        Parameters:
        name - the name of the enum constant to be returned.
        Returns:
        the enum constant with the specified name
        Throws:
        IllegalArgumentException - if this enum type has no constant with the specified name
        NullPointerException - if the argument is null