Package com.broadleafcommerce.data.tracking.core.policy

Class PolicyOverride

java.lang.Object
com.broadleafcommerce.data.tracking.core.policy.PolicyOverride
All Implemented Interfaces:
org.springframework.core.Ordered
public class PolicyOverride extends Object implements org.springframework.core.Ordered
An alternative to Policy used to introduce, alter or remove policy configuration on one or more component methods. Usually declared as a bean in a Spring application context Configuration class and generally associated with a single Aspect declaring component, although the latter is not a requirement. The aspect is responsible for declaring pointcuts that are responsible for catching calls to methods that should be protected with policy enforcement. The aspect delegates to PolicyAspectProcessor, which is responsible for utilizing PolicyOverride instances to define policy enforcement configuration. In the absence of PolicyOverride, any applicable Policy annotations are leveraged.

When enhancing (altering or removing) existing Policy annotated methods in the Broadleaf stack, it is not necessary to declare any aspect, as DefaultPolicyAspect is already responsible for recognizing these fields. In this case, you may simply declare an instance of PolicyOverride with the desired change. Here's an example that alters policy configuration for a Policy annotated method in TrackableRepository. 

 @Bean
 PolicyOverride saveOverride() {
     return new PolicyOverride("save.*")
          .withPermissionRoots(new String[] {"OTHER"})
          .withOperationTypes(new OperationType[] {OperationType.UPDATE})
          .withAspect(DefaultPolicyAspect.class);
 }

When adding policy protection to a method in your own codebase (i.e. extending from Broadleaf), it is generally easiest to add the Policy annotation to your methods, which will automatically be picked up by DefaultPolicyAspect.

When adding policy protection to a method in the Broadleaf codebase (or Spring codebase) for which there is not already existing protection, it is necessary to declare an aspect and appropriate supporting PolicyOverride instances. See CrudPolicyAspect as an example that catches calls to methods in Spring's CrudRepository. Also, review CrudPolicyConfiguration for examples of the supporting PolicyOverride instances declared against that aspect.

PolicyOverride instances are also Ordered. The first matching override in the ordered list is the one to be used. This means it is easy to replace the behavior introduced by a PolicyOverride instance in the Broadleaf codebase with a different/custom PolicyOverride instance matching on the same method with a higher precedence ordering.

Author:
Jeff Fischer

  • Constructor Details

    • PolicyOverride

      public PolicyOverride(Method position)

    • PolicyOverride

      public PolicyOverride(String positionRegex)

  • Method Details

    • getOrder

      public int getOrder()
      Specified by:
      getOrder in interface org.springframework.core.Ordered

    • withAspect

      public PolicyOverride withAspect(Class<?> aspect)

    • withParam

      public PolicyOverride withParam(int param)

    • withPermissionRoots

      public PolicyOverride withPermissionRoots(String[] permissionRoots)

    • withOperationTypes

      public PolicyOverride withOperationTypes(OperationType[] operationTypes)

    • withIdentityTypes

      public PolicyOverride withIdentityTypes(IdentityType[] identityTypes)

    • withRemoveTarget

      public PolicyOverride withRemoveTarget(boolean removeTarget)

    • withPermissionMatchingStrategy

      public PolicyOverride withPermissionMatchingStrategy(PermissionMatchingStrategy permissionMatchingStrategy)

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object

    • canEqual

      protected boolean canEqual(Object other)

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • getPosition

      public Method getPosition()
      Matches against a specific method name and params encountered via an aspect pointcut. This field is primarily used to differentiate between multiple methods in a component sharing the same name.
      Returns:
      Matches against a specific method name and params encountered via an aspect pointcut

    • getPositionPattern

      public Pattern getPositionPattern()
      Matches against a specific method name encountered via an aspect pointcut. This field is primarily used when method name alone can be used to differentiate between multiple methods in a component.
      Returns:
      Matches against a specific method name encountered via an aspect pointcut

    • getAspect

      public Class<?> getAspect()
      Optional parameter used to differentiate which aspect this override should apply against in the PolicyAspectProcessor. If null, this override will apply against all method pointcuts passed into PolicyAspectProcessor, regardless of the originating aspect. However, this may result in wasted regex computation for inapplicable aspects, so this field is generally set as a performance optimization.
      Returns:
      parameter used to differentiate which aspect this override should apply against

    • getParam

      public int getParam()
      See Policy.param(). Default is -1.
      Returns:
      See Policy.param(). Default is -1.

    • getOwnerIdentifierParam

      public int getOwnerIdentifierParam()
      See Policy.ownerIdentifierParam(). Default is -1.
      Returns:
      See Policy.ownerIdentifierParam(). Default is -1.

    • getPermissionRoots

      public String[] getPermissionRoots()
      See Policy.permissionRoots(). Default is empty array.
      Returns:
      See Policy.permissionRoots(). Default is empty array.

    • getPermissionMatchingStrategy

      public PermissionMatchingStrategy getPermissionMatchingStrategy()
      See Policy.permissionMatchingStrategy(). Deafult is MatchingStrategy#ANY

    • getOperationTypes

      public OperationType[] getOperationTypes()
      See Policy.operationTypes(). Default is OperationType.UNKNOWN.
      Returns:
      See Policy.operationTypes(). Default is OperationType.UNKNOWN.

    • getIdentityTypes

      public IdentityType[] getIdentityTypes()
      See Policy.identityTypes(). Default is IdentityType.UNKNOWN.
      Returns:
      See Policy.identityTypes(). Default is IdentityType.UNKNOWN.

    • getOwnerIdentifier

      public String getOwnerIdentifier()
      See Policy.ownerIdentifier(). Default is PolicyUtils.DEFAULT_AUTH_DETAILS_OWNER_ID
      Returns:
      See Policy.ownerIdentifier(). Default is PolicyUtils.DEFAULT_AUTH_DETAILS_OWNER_ID
      See Also:

    • isRemoveTarget

      public boolean isRemoveTarget()
      Whether or not existing policy enforcement configuration at the target method should be removed.
      Returns:
      Whether or not existing policy enforcement configuration at the target method should be removed

    • getPositionRegex

      public String getPositionRegex()
      Regex string for matching target method. See positionPattern.
      Returns:
      Regex string for matching target method. See positionPattern.