Class VendorAwareTrackablePolicyUtils
- java.lang.Object
-
- com.broadleafcommerce.data.tracking.core.policy.trackable.DefaultTrackablePolicyUtils
-
- com.broadleafcommerce.data.tracking.core.policy.trackable.marketplace.vendor.VendorAwareTrackablePolicyUtils
-
- All Implemented Interfaces:
PolicyUtils
,TrackablePolicyUtils
public class VendorAwareTrackablePolicyUtils extends DefaultTrackablePolicyUtils
An extension ofDefaultTrackablePolicyUtils
that understands what vendor(s) the current authentication is restricted to (including consideration for the current policy requirements) and can enforce access control accordingly.- See Also:
AuthenticationVendorPrivilegesSummary
-
-
Field Summary
-
Fields inherited from interface com.broadleafcommerce.data.tracking.core.policy.PolicyUtils
DEFAULT_AUTH_DETAILS_OWNER_ID, ROLE_ANONYMOUS
-
Fields inherited from interface com.broadleafcommerce.data.tracking.core.policy.trackable.TrackablePolicyUtils
AUTH_DETAILS_ADMIN_USER_ID_KEY, AUTH_DETAILS_APPLICATION_ACCESS_KEY, AUTH_DETAILS_APPLICATIONS_KEY, AUTH_DETAILS_CUSTOMER_CONTEXT_IDS, AUTH_DETAILS_GLOBAL_KEY, AUTH_DETAILS_TENANT_ACCESS_KEY, AUTH_DETAILS_TENANT_KEY
-
-
Constructor Summary
Constructors Constructor Description VendorAwareTrackablePolicyUtils(CatalogFinder<Catalog> catalogFinder, TrackableBehaviorUtil trackableBehaviorUtil, AuthenticationVendorPrivilegesUtility authenticationVendorPrivilegesUtility)
VendorAwareTrackablePolicyUtils(CatalogFinder<Catalog> catalogFinder, TrackableBehaviorUtil trackableBehaviorUtil, String ownerIdentifier, AuthenticationVendorPrivilegesUtility authenticationVendorPrivilegesUtility)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected OperationType
determineRequiredOperationType(PolicyInformation policy, ContextInfo contextInfo)
This is copied fromDefaultPolicyAspectProcessor.narrowType(PolicyInformation, ContextInfo)
.Set<String>
filterToVendorRestrictionsMatchingPolicyRequirements(@NonNull Set<String> restrictedVendorRefs, @NonNull Map<String,Set<String>> vendorRefsByRestrictedAuthority, @NonNull PolicyInformation policyRequirements, ContextInfo contextInfo)
An authentication may have restrictions, but it's possible not all of them have the authorities required by a resource.protected Set<String>
filterToVendorRestrictionsMatchingPolicyRequirements(@NonNull Set<String> restrictedVendorRefs, @NonNull Map<String,Set<String>> vendorRefsByRestrictedAuthority, OperationType requiredOperationType, @NonNull String[] permissionRoots, PermissionMatchingStrategy permissionMatchingStrategy)
Set<String>
filterToVendorRestrictionsMatchingRequiredPermissions(@NonNull Set<String> restrictedVendorRefs, @NonNull Map<String,Set<String>> vendorRefsByRestrictedAuthority, @NonNull List<String> fullyExpandedRequiredPermissions, PermissionMatchingStrategy permissionMatchingStrategy)
protected AuthenticationVendorPrivilegesUtility
getAuthenticationVendorPrivilegesUtility()
AuthenticationVendorPrivilegesSummary
getVendorPrivileges(@NonNull org.springframework.security.core.Authentication authentication)
Obtains the summary of vendor privileges from the given authentication.protected VendorVisibilityManager
getVendorVisibilityManager()
protected boolean
isCatalogVisibleByVendorRestrictions(@NonNull ContextInfo contextInfo, String[] requiredPermissionRoots, PermissionMatchingStrategy permissionMatchingStrategy, OperationType requiredOperationType)
Reports whether the catalog referenced in thecontextInfo
is visible by the vendor restrictions in the current authentication.void
setVendorVisibilityManager(VendorVisibilityManager vendorVisibilityManager)
Lazily inject theVendorVisibilityManager
, since thehandlers
it injects may require service dependencies that themselves require policy utils.PolicyResponse
validateContext(ContextInfo contextInfo)
Review theContextInfo
parameter for valid tenant user membership and valid catalog visibility based on the currentAuthentication
and requested tenant information in the contextInfo.PolicyResponse
validateContext(ContextInfo contextInfo, String[] requiredPermissionRoots, PermissionMatchingStrategy permissionMatchingStrategy, OperationType operationType)
Performs similar validation toDefaultTrackablePolicyUtils.validateContext(ContextInfo, String[], PermissionMatchingStrategy, OperationType)
, but also considers whether the catalog in thecontextInfo
is visible by the current authentication's vendor restrictions.protected PolicyResponse
validateEntityMutableByCurrentVendorRestrictions(Trackable entity, ContextInfo contextInfo, String[] requiredPermissionRoots, PermissionMatchingStrategy permissionMatchingStrategy, OperationType operationType)
Checks whether the givenentity
being mutated is actually mutable given the current authentication's vendor privileges and provided policy requirements.protected PolicyResponse
validateEntityOperation(Trackable entity, ContextInfo contextInfo, String[] permissionRoots, PermissionMatchingStrategy strategy, OperationType operationType)
This is the method used byDefaultTrackablePolicyUtils.validateUpdate(Trackable, ContextInfo, String[], PermissionMatchingStrategy)
andDefaultTrackablePolicyUtils.validateDelete(Trackable, ContextInfo, String[], PermissionMatchingStrategy)
to validate an entity can be updated/deleted by the current authentication, so it is overridden here to add consideration for vendor restrictions.PolicyResponse
validateInsert(Trackable entity, ContextInfo contextInfo, String[] permissionRoots, PermissionMatchingStrategy strategy)
OverridesDefaultTrackablePolicyUtils.validateInsert(Trackable, ContextInfo, String[], PermissionMatchingStrategy)
to add behavior that checks whether the entity can be inserted by the current authentication's vendor restrictions.PolicyResponse
validatePermission(String[] permissionRoots, PermissionMatchingStrategy strategy, OperationType operationType, ContextInfo contextInfo)
OverridesDefaultTrackablePolicyUtils.validatePermission(String[], PermissionMatchingStrategy, OperationType, ContextInfo)
to give special consideration to vendor restrictions and vendor-restricted authorities.PolicyResponse
validatePermissions(String[] permissions, ContextInfo contextInfo)
Overridden fromPolicyUtils.validatePermissions(String[], ContextInfo)
to give special consideration to vendor restrictions and vendor-restricted authorities.-
Methods inherited from class com.broadleafcommerce.data.tracking.core.policy.trackable.DefaultTrackablePolicyUtils
expandPermissionRootsToPermissions, getAttributesConverter, getAuthDetailsOwnerIdentifier, getAuthenticationAttributes, getCustomerContextIdsForUser, getImplicitApplicationCatalog, invalidPolicyResponse, invalidPolicyResponse, isAdminUser, isAnonymous, isApplicationCatalogAddAllowed, isApplicationVisible, isCatalogMutable, isCatalogVisible, isCatalogVisible, isContextVisible, isGlobalApplication, isGlobalChangeInHiddenCatalog, isGlobalTenant, isGlobalTenantUser, isGlobalTenantUser, isMutationPossibleForContext, isNotUser, isOwnerUser, isSandboxVisible, isTenantVisible, isUserApplicationLevelAccess, isUserApplicationLevelAccess, isUserApplicationRestricted, isUserApplicationRestricted, isUserTenantLevelAccess, isUserTenantLevelAccess, isValidApplicationUser, isValidApplicationUser, isValidApplicationUser, isValidApplicationUser, isValidCustomerContext, isValidSandboxUser, isValidTenantUser, setAttributesConverter, streamApplications, validateApplicationCatalogUpdate, validateApplicationUpdate, validateCatalogInsert, validateDelete, validateEntityUpdate, validateEntityUpdateForTenantFactors, validateGlobalMutateToInheritedCatalog, validateGlobalUpdateToHiddenCatalog, validateOperation, validateOperation, validateOther, validateOwner, validatePermission, validateRead, validateTenantTrackableUpdate, validateTenantUpdate, validateUpdate
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface com.broadleafcommerce.data.tracking.core.policy.PolicyUtils
getAuthentication
-
-
-
-
Constructor Detail
-
VendorAwareTrackablePolicyUtils
public VendorAwareTrackablePolicyUtils(CatalogFinder<Catalog> catalogFinder, TrackableBehaviorUtil trackableBehaviorUtil, String ownerIdentifier, AuthenticationVendorPrivilegesUtility authenticationVendorPrivilegesUtility)
-
VendorAwareTrackablePolicyUtils
public VendorAwareTrackablePolicyUtils(CatalogFinder<Catalog> catalogFinder, TrackableBehaviorUtil trackableBehaviorUtil, AuthenticationVendorPrivilegesUtility authenticationVendorPrivilegesUtility)
-
-
Method Detail
-
setVendorVisibilityManager
@Autowired @Lazy public void setVendorVisibilityManager(VendorVisibilityManager vendorVisibilityManager)
Lazily inject theVendorVisibilityManager
, since thehandlers
it injects may require service dependencies that themselves require policy utils. Lazy injection avoids a circular reference.Additionally, this bean disables policy validation before invoking any methods of
VendorVisibilityManager
to prevent recursive policy validation.- Parameters:
vendorVisibilityManager
- the vendor visibility manager
-
getVendorPrivileges
public AuthenticationVendorPrivilegesSummary getVendorPrivileges(@NonNull @NonNull org.springframework.security.core.Authentication authentication)
Obtains the summary of vendor privileges from the given authentication.- Parameters:
authentication
- theAuthentication
from which to extract vendor privilege information- Returns:
- details about the given authentication's vendor restrictions and authorities
- Throws:
IllegalArgumentException
- if the authentication details didn't match the expected structure- See Also:
AuthenticationVendorPrivilegesSummary
,AuthenticationVendorPrivilegesUtility
-
validateContext
public PolicyResponse validateContext(@Nullable ContextInfo contextInfo)
Description copied from interface:TrackablePolicyUtils
Review theContextInfo
parameter for valid tenant user membership and valid catalog visibility based on the currentAuthentication
and requested tenant information in the contextInfo.- Specified by:
validateContext
in interfaceTrackablePolicyUtils
- Overrides:
validateContext
in classDefaultTrackablePolicyUtils
- Parameters:
contextInfo
- the context containing multitenant application, tenant and catalog information- Returns:
- Whether or not the contextInfo contains valid tenant information
-
validateContext
public PolicyResponse validateContext(@Nullable ContextInfo contextInfo, @Nullable String[] requiredPermissionRoots, @Nullable PermissionMatchingStrategy permissionMatchingStrategy, @Nullable OperationType operationType)
Performs similar validation toDefaultTrackablePolicyUtils.validateContext(ContextInfo, String[], PermissionMatchingStrategy, OperationType)
, but also considers whether the catalog in thecontextInfo
is visible by the current authentication's vendor restrictions.- Specified by:
validateContext
in interfaceTrackablePolicyUtils
- Overrides:
validateContext
in classDefaultTrackablePolicyUtils
- Parameters:
contextInfo
- the context containing multitenant application, tenant and catalog informationrequiredPermissionRoots
- the permission roots required by the policypermissionMatchingStrategy
- how to validate multiple permissionsoperationType
- the operation type required by the policy- Returns:
- Whether or not the contextInfo is valid with consideration to the current authentication and provided policy requirements
-
isCatalogVisibleByVendorRestrictions
protected boolean isCatalogVisibleByVendorRestrictions(@NonNull @NonNull ContextInfo contextInfo, @Nullable String[] requiredPermissionRoots, @Nullable PermissionMatchingStrategy permissionMatchingStrategy, @Nullable OperationType requiredOperationType)
Reports whether the catalog referenced in thecontextInfo
is visible by the vendor restrictions in the current authentication.Ultimately, the expectation is that if the current authentication is restricted (see
AuthenticationVendorPrivilegesSummary.isUnrestricted()
), its context requests should only be able to supply the ID of a catalog which is directly associated to one of its vendor restrictions viaCatalog.getVendorRef()
.Note that this is critical since visibility and mutability of catalog-discriminated entities are purely determined by this behavior. The pure permission validation simply checks if the authentication has the requisite permission(s) in at least one of their vendor restrictions, but this will go further to confirm the requisite permissions are found for the vendor ref associated to the requested catalog.
- Parameters:
contextInfo
- the context info whose catalog should be checked for accessibilityrequiredPermissionRoots
- the permission roots required by the policypermissionMatchingStrategy
- how to validate multiple permissionsrequiredOperationType
- the operation type required by the policy- Returns:
- true if the catalog is visible by the current vendor restrictions, false otherwise
-
validateInsert
public PolicyResponse validateInsert(@Nullable Trackable entity, @Nullable ContextInfo contextInfo, @Nullable String[] permissionRoots, @Nullable PermissionMatchingStrategy strategy)
OverridesDefaultTrackablePolicyUtils.validateInsert(Trackable, ContextInfo, String[], PermissionMatchingStrategy)
to add behavior that checks whether the entity can be inserted by the current authentication's vendor restrictions.- Specified by:
validateInsert
in interfaceTrackablePolicyUtils
- Overrides:
validateInsert
in classDefaultTrackablePolicyUtils
- Parameters:
entity
- The item being insertedcontextInfo
- the context containing multitenant application and catalog informationpermissionRoots
- The permission roots to validate. If not specified, then permission validation will not be performed.strategy
- how to treat multiple permissions- Returns:
- Whether or not the update request on the entity should be allowed, including consideration for vendor restrictions
-
validateEntityOperation
protected PolicyResponse validateEntityOperation(@Nullable Trackable entity, @Nullable ContextInfo contextInfo, @Nullable String[] permissionRoots, @Nullable PermissionMatchingStrategy strategy, @Nullable OperationType operationType)
This is the method used byDefaultTrackablePolicyUtils.validateUpdate(Trackable, ContextInfo, String[], PermissionMatchingStrategy)
andDefaultTrackablePolicyUtils.validateDelete(Trackable, ContextInfo, String[], PermissionMatchingStrategy)
to validate an entity can be updated/deleted by the current authentication, so it is overridden here to add consideration for vendor restrictions.- Overrides:
validateEntityOperation
in classDefaultTrackablePolicyUtils
- Parameters:
entity
- the entity being updated/deletedcontextInfo
- the context containing multitenant application and catalog informationpermissionRoots
- The permission roots to validate. If not specified, then permission validation will not be performed.strategy
- how to treat multiple permissionsoperationType
- the explicit type of operation to validate- Returns:
- whether or not the operation should be allowed on the entity
-
validateEntityMutableByCurrentVendorRestrictions
protected PolicyResponse validateEntityMutableByCurrentVendorRestrictions(@Nullable Trackable entity, @Nullable ContextInfo contextInfo, @Nullable String[] requiredPermissionRoots, @Nullable PermissionMatchingStrategy permissionMatchingStrategy, @Nullable OperationType operationType)
Checks whether the givenentity
being mutated is actually mutable given the current authentication's vendor privileges and provided policy requirements.If the
entity
is null, if the entity type does not have vendor-discrimination support, if there is no current authentication, if there are no required permission roots, or if the current authentication isunrestricted
, the validation will automatically pass.If the authentication is restricted, then this will first determine which vendors the current authentication can access within the provided policy requirements. Those vendors and the entity itself are both provided to
VendorVisibilityManager.isEntityMutableByVendorRestrictions(Object, Set, ContextInfo)
such that the appropriateVendorVisibilityHandler
(if any) for that entity can make an appropriate determination about whether the entity is within the constraints of the vendor restrictions.- Parameters:
entity
- the entity being updated/deleted. If not specified, then validation will automatically pass.contextInfo
- the context containing multitenant application and catalog informationrequiredPermissionRoots
- The permission roots to validate. If not specified, then validation will automatically pass.permissionMatchingStrategy
- how to treat multiple permission rootsoperationType
- the explicit type of operation to validate- Returns:
- whether or not the operation should be allowed on the entity
-
filterToVendorRestrictionsMatchingPolicyRequirements
public Set<String> filterToVendorRestrictionsMatchingPolicyRequirements(@NonNull @NonNull Set<String> restrictedVendorRefs, @NonNull @NonNull Map<String,Set<String>> vendorRefsByRestrictedAuthority, @NonNull @NonNull PolicyInformation policyRequirements, @Nullable ContextInfo contextInfo)
An authentication may have restrictions, but it's possible not all of them have the authorities required by a resource. For example, an authentication could be restricted to ['vendorA', 'vendorB'], and only have the 'READ_PRODUCT' authority in 'vendorA'. If accessing a resource that requires 'READ_PRODUCT', the authentication effectively only has access to 'vendorA' and will not have access to 'vendorB'.To support such validation, this method accepts a set of
restrictedVendorRefs
and returns a filtered set of vendor refs which satisfy the provided policy requirements of a resource.- Parameters:
restrictedVendorRefs
- the set of vendor refs to filter by. An empty provided here means no accessible vendors, and will automatically result in this method returning an empty set. SeeAuthenticationVendorPrivilegesSummary.getRestrictedVendorRefs()
.vendorRefsByRestrictedAuthority
- A map from "restricted authorities" (ex: READ_PRODUCT) to all "vendor refs" (ex: a vendor ID or vendor code) that the authority has been granted to. This is used as the source of truth for determining what authorities are available. SeeAuthenticationVendorPrivilegesSummary.getVendorRefsByRestrictedAuthority()
.policyRequirements
- the policy requirements to validate againstcontextInfo
- context information about sandboxing/multitenant state. Useful for determining the required operation type in conjunction withPolicyInformation
.- Returns:
- a filtered set of vendor refs which satisfy the provided policy requirements of a resource. An empty result means no vendors are accessible.
- See Also:
filterToVendorRestrictionsMatchingRequiredPermissions(Set, Map, List, PermissionMatchingStrategy)
-
filterToVendorRestrictionsMatchingPolicyRequirements
protected Set<String> filterToVendorRestrictionsMatchingPolicyRequirements(@NonNull @NonNull Set<String> restrictedVendorRefs, @NonNull @NonNull Map<String,Set<String>> vendorRefsByRestrictedAuthority, @Nullable OperationType requiredOperationType, @NonNull @NonNull String[] permissionRoots, @Nullable PermissionMatchingStrategy permissionMatchingStrategy)
See javadocs offilterToVendorRestrictionsMatchingPolicyRequirements(Set, Map, PolicyInformation, ContextInfo)
.- Parameters:
restrictedVendorRefs
- the set of vendor refs to filter by. An empty provided here means no accessible vendors, and will automatically result in this method returning an empty set. SeeAuthenticationVendorPrivilegesSummary.getRestrictedVendorRefs()
.vendorRefsByRestrictedAuthority
- A map from "restricted authorities" (ex: READ_PRODUCT) to all "vendor refs" (ex: a vendor ID or vendor code) that the authority has been granted to. This is used as the source of truth for determining what authorities are available. SeeAuthenticationVendorPrivilegesSummary.getVendorRefsByRestrictedAuthority()
.requiredOperationType
- the operation type that should be used as the required operation type for policy validation. This is typically determined by looking atPolicyInformation
andContextInfo
.permissionRoots
- the required permission roots. SeePolicyInformation.getPermissionRoots()
.permissionMatchingStrategy
- the matching strategy to use for evaluating permissions. SeePermissionMatchingStrategy
.- Returns:
- a filtered set of vendor refs which satisfy the provided policy requirements of a resource. An empty result means no vendors are accessible.
-
determineRequiredOperationType
protected OperationType determineRequiredOperationType(PolicyInformation policy, @Nullable ContextInfo contextInfo)
This is copied fromDefaultPolicyAspectProcessor.narrowType(PolicyInformation, ContextInfo)
.Figure out the OperationType to use, given the policy and contextInfo.
- If there is only one operationType described in Policy:
- If it's not UNKNOWN, use it
- If there's not contextInfo, return UNKNOWN
- Otherwise, return the operation type on the contextInfo
- Otherwise, find and use the first match of contextInfo operationType in those defined by Policy, or the first OperationType in the policy defined list if no match is found
- Parameters:
policy
- The policy annotation on the method that optionally defines one or more OperationTypescontextInfo
- The optional contextInfo that describes an overall operationType for the context of the request- Returns:
- The final OperationType to use for the policy validation
-
filterToVendorRestrictionsMatchingRequiredPermissions
public Set<String> filterToVendorRestrictionsMatchingRequiredPermissions(@NonNull @NonNull Set<String> restrictedVendorRefs, @NonNull @NonNull Map<String,Set<String>> vendorRefsByRestrictedAuthority, @NonNull @NonNull List<String> fullyExpandedRequiredPermissions, @Nullable PermissionMatchingStrategy permissionMatchingStrategy)
See javadocs offilterToVendorRestrictionsMatchingPolicyRequirements(Set, Map, PolicyInformation, ContextInfo)
.- Parameters:
restrictedVendorRefs
- the set of vendor refs to filter by. An empty provided here means no accessible vendors, and will automatically result in this method returning an empty set. SeeAuthenticationVendorPrivilegesSummary.getRestrictedVendorRefs()
.vendorRefsByRestrictedAuthority
- A map from "restricted authorities" (ex: READ_PRODUCT) to all "vendor refs" (ex: a vendor ID or vendor code) that the authority has been granted to. This is used as the source of truth for determining what authorities are available. SeeAuthenticationVendorPrivilegesSummary.getVendorRefsByRestrictedAuthority()
.fullyExpandedRequiredPermissions
- the required permissions. This should be the fully expanded permissions (ex: READ_PRODUCT), not just their roots (PRODUCT).permissionMatchingStrategy
- the matching strategy to use for evaluating permissions. SeePermissionMatchingStrategy
.- Returns:
- a filtered set of vendor refs which satisfy the provided permission requirements. An empty result means no vendors are accessible.
-
validatePermission
public PolicyResponse validatePermission(@Nullable String[] permissionRoots, @Nullable PermissionMatchingStrategy strategy, @Nullable OperationType operationType, @Nullable ContextInfo contextInfo)
OverridesDefaultTrackablePolicyUtils.validatePermission(String[], PermissionMatchingStrategy, OperationType, ContextInfo)
to give special consideration to vendor restrictions and vendor-restricted authorities.If there are no policy requirements or if there is no current authentication, the result will automatically be
PolicyResponse.VALID
.If the current authentication is
unrestricted
, the authentication's full authority set will be validated for the presence of the required permissions as dictated by thePermissionMatchingStrategy
.If the current authentication is not
unrestricted
, the authentication must have at least onevendor-type restriction
for which it has the required permissions as dictated by thePermissionMatchingStrategy
.The expectation is that if an authentication could conceivably access this resource with even one of its vendor restrictions, the policy validation here will allow it, and then rely on
VendorNarrowingContextInfoCustomizer
to prevent data from unauthorized vendors from appearing in the results.- Specified by:
validatePermission
in interfaceTrackablePolicyUtils
- Overrides:
validatePermission
in classDefaultTrackablePolicyUtils
- Parameters:
permissionRoots
- the permission roots requestedstrategy
- the permission matching strategy to use for validationoperationType
- the explicit type of operation to validatecontextInfo
- the context containing multitenant application, tenant and catalog information. Not used in the default implementation, though custom implementations may use this for validation purposes.- Returns:
- Whether or not the discovered permission is in scope for the current user
-
validatePermissions
public PolicyResponse validatePermissions(@Nullable String[] permissions, @Nullable ContextInfo contextInfo)
Overridden fromPolicyUtils.validatePermissions(String[], ContextInfo)
to give special consideration to vendor restrictions and vendor-restricted authorities.The semantics of validation are similar to what is described in
validatePermission(String[], PermissionMatchingStrategy, OperationType, ContextInfo)
.- Parameters:
permissions
- the permissions to check. A single permission in the currentPolicyUtils.getAuthentication()
must match to pass the policycontextInfo
- the context containing multitenant application, tenant and catalog information. Not used in the default implementation, though custom implementations may use this for validation purposes.- Returns:
- the result of the validation
- See Also:
validatePermission(String[], PermissionMatchingStrategy, OperationType, ContextInfo)
-
getVendorVisibilityManager
protected VendorVisibilityManager getVendorVisibilityManager()
-
getAuthenticationVendorPrivilegesUtility
protected AuthenticationVendorPrivilegesUtility getAuthenticationVendorPrivilegesUtility()
-
-