Package com.broadleafcommerce.data.tracking.core.cache.marketplace.vendor

Class CatalogVendorAwareCacheKeyEnhancer

java.lang.Object

com.broadleafcommerce.data.tracking.core.cache.marketplace.vendor.DefaultVendorAwareCacheKeyEnhancer

com.broadleafcommerce.data.tracking.core.cache.marketplace.vendor.CatalogVendorAwareCacheKeyEnhancer

All Implemented Interfaces:

VendorAwareCacheKeyEnhancer

public class CatalogVendorAwareCacheKeyEnhancer
extends DefaultVendorAwareCacheKeyEnhancer

An extension of DefaultVendorAwareCacheKeyEnhancer optimized for requests on catalog-discriminated entities.

See Also:

• DataTrackingKeyGen.ofCatalogWithVendorSupport(DataTrackingKeyGen.KeyType, VendorAwareTrackablePolicyUtils)

Constructor Summary

Constructors

Constructor	Description
CatalogVendorAwareCacheKeyEnhancer(VendorAwareTrackablePolicyUtils vendorAwareTrackablePolicyUtils)

Method Summary

Modifier and Type	Method	Description
protected void	addPropertiesToCacheKey(Set<String> currentRequiredPolicyRoots, AuthenticationVendorPrivilegesSummary vendorPrivilegesSummary, String requestedCatalogVendorRef, com.fasterxml.jackson.databind.node.ObjectNode cacheKey)
void	enhanceCacheKeyWithVendorConsiderations(com.fasterxml.jackson.databind.node.ObjectNode cacheKey, ContextInfo contextInfo)	This method is specifically intended to determine vendor-privileges available for the vendor which the ContextRequest.getCatalog() is related to.
protected Set<String>	getRestrictedAuthoritiesGrantedToRequestedVendor(Set<String> currentRequiredPolicyRoots, AuthenticationVendorPrivilegesSummary vendorPrivilegesSummary, String requestedVendor)	Caching will pretty much only ever be used on read operations, but we can't just filter to vendor restrictions matching the current policy requirements since the ContextStateBuilder's mutability check to set ContextState.getMutable() will perform policy validation against _updates_ as well.

Methods inherited from class com.broadleafcommerce.data.tracking.core.cache.marketplace.vendor.DefaultVendorAwareCacheKeyEnhancer

addPropertiesToCacheKey, containsAuthorityRoot, getCurrentPolicyRequirements, getPermissionRoots, getVendorAwareTrackablePolicyUtils, getVendorRefsByRelevantRestrictedAuthority

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CatalogVendorAwareCacheKeyEnhancer

public CatalogVendorAwareCacheKeyEnhancer(VendorAwareTrackablePolicyUtils vendorAwareTrackablePolicyUtils)

Method Details

enhanceCacheKeyWithVendorConsiderations

public void enhanceCacheKeyWithVendorConsiderations(com.fasterxml.jackson.databind.node.ObjectNode cacheKey,
 ContextInfo contextInfo)

This method is specifically intended to determine vendor-privileges available for the vendor which the ContextRequest.getCatalog() is related to. It differs from the more general DefaultVendorAwareCacheKeyEnhancer.enhanceCacheKeyWithVendorConsiderations(ObjectNode, ContextInfo) method, since it can actually be more optimized by the fact that we know exactly which vendor ref the authentication is attempting to access. With this knowledge, we can produce a cache key purely based on authorities which have been granted to the authentication for the requested vendor. This is better, since it means authentications with different sets of vendors for each authority will still ultimately produce the same cache key as long as the authorities for the requested vendor match.

Specified by:

enhanceCacheKeyWithVendorConsiderations in interface VendorAwareCacheKeyEnhancer

Overrides:

enhanceCacheKeyWithVendorConsiderations in class DefaultVendorAwareCacheKeyEnhancer

Parameters:

cacheKey - the cache key object on which to add any vendor privilege considerations

contextInfo - the context info supplied to the operation being cached. If this is an "application" request, then the optimizations of this method will be skipped and DefaultVendorAwareCacheKeyEnhancer.enhanceCacheKeyWithVendorConsiderations(ObjectNode, ContextInfo) will be called instead.

addPropertiesToCacheKey

protected void addPropertiesToCacheKey(Set<String> currentRequiredPolicyRoots,
 AuthenticationVendorPrivilegesSummary vendorPrivilegesSummary,
 String requestedCatalogVendorRef,
 com.fasterxml.jackson.databind.node.ObjectNode cacheKey)

getRestrictedAuthoritiesGrantedToRequestedVendor

protected Set<String> getRestrictedAuthoritiesGrantedToRequestedVendor(Set<String> currentRequiredPolicyRoots,
 AuthenticationVendorPrivilegesSummary vendorPrivilegesSummary,
 String requestedVendor)

Caching will pretty much only ever be used on read operations, but we can't just filter to vendor restrictions matching the current policy requirements since the ContextStateBuilder's mutability check to set ContextState.getMutable() will perform policy validation against _updates_ as well. Thus, to be safe, we will include all restricted authorities sharing the same _root_ as the current policy requirements.

Furthermore, since requestedVendor is known, we can further optimize to only return the authorities which the authentication has been granted for that vendor. This means even authentications with different sets of vendors for each authority will still ultimately produce the same cache key as long as the authorities for the requested vendor match.

This should eliminate irrelevant roots from the cache key (preventing unnecessarily unique keys) while protecting against a situation where an authentication with READ_* sees the same mutability as an authentication with READ_* and UPDATE_*.

Parameters:

currentRequiredPolicyRoots - the permission roots required by the current policy requirements. Authorities will be filtered to only include those matching these roots.

vendorPrivilegesSummary - the summary of vendor privileges granted to the current authentication

requestedVendor - the vendorRef of the vendor in which which data is being requested

Returns:

a set containing all of the relevant restricted authorities matching the required policy roots which have been granted for the requested vendor