Class PolicyOverride
- All Implemented Interfaces:
org.springframework.core.Ordered
Policy
used to introduce, alter or remove policy configuration on one
or more component methods. Usually declared as a bean in a Spring application context
Configuration class and generally associated with a single Aspect
declaring component,
although the latter is not a requirement. The aspect is responsible for declaring pointcuts that
are responsible for catching calls to methods that should be protected with policy enforcement.
The aspect delegates to PolicyAspectProcessor
, which is responsible for utilizing
PolicyOverride instances to define policy enforcement configuration. In the absence of
PolicyOverride, any applicable Policy
annotations are leveraged.
When enhancing (altering or removing) existing Policy
annotated methods in the Broadleaf
stack, it is not necessary to declare any aspect, as DefaultPolicyAspect
is already
responsible for recognizing these fields. In this case, you may simply declare an instance of
PolicyOverride
with the desired change. Here's an example that alters policy
configuration for a Policy annotated method in TrackableRepository
.
@Bean
PolicyOverride saveOverride() {
return new PolicyOverride("save.*")
.withPermissionRoots(new String[] {"OTHER"})
.withOperationTypes(new OperationType[] {OperationType.UPDATE})
.withAspect(DefaultPolicyAspect.class);
}
When adding policy protection to a method in your own codebase (i.e. extending from Broadleaf),
it is generally easiest to add the Policy
annotation to your methods, which will
automatically be picked up by DefaultPolicyAspect
.
When adding policy protection to a method in the Broadleaf codebase (or Spring codebase) for
which there is not already existing protection, it is necessary to declare an aspect and
appropriate supporting PolicyOverride
instances. See CrudPolicyAspect
as an
example that catches calls to methods in Spring's CrudRepository
. Also, review
CrudPolicyConfiguration
for examples of the supporting PolicyOverride
instances
declared against that aspect.
PolicyOverride
instances are also Ordered
. The first matching override in the
ordered list is the one to be used. This means it is easy to replace the behavior introduced by a
PolicyOverride instance in the Broadleaf codebase with a different/custom PolicyOverride instance
matching on the same method with a higher precedence ordering.
- Author:
- Jeff Fischer
-
Field Summary
Fields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected boolean
boolean
Class<?>
Optional parameter used to differentiate which aspect this override should apply against in thePolicyAspectProcessor
.int
getOrder()
int
int
getParam()
SeePolicy.param()
.String[]
Matches against a specific method name and params encountered via an aspect pointcut.Matches against a specific method name encountered via an aspect pointcut.Regex string for matching target method.int
hashCode()
boolean
Whether or not existing policy enforcement configuration at the target method should be removed.withAspect
(Class<?> aspect) withIdentityTypes
(IdentityType[] identityTypes) withOperationTypes
(OperationType[] operationTypes) withParam
(int param) withPermissionMatchingStrategy
(PermissionMatchingStrategy permissionMatchingStrategy) withPermissionRoots
(String[] permissionRoots) withRemoveTarget
(boolean removeTarget)
-
Constructor Details
-
PolicyOverride
-
PolicyOverride
-
-
Method Details
-
getOrder
public int getOrder()- Specified by:
getOrder
in interfaceorg.springframework.core.Ordered
-
withAspect
-
withParam
-
withPermissionRoots
-
withOperationTypes
-
withIdentityTypes
-
withRemoveTarget
-
withPermissionMatchingStrategy
public PolicyOverride withPermissionMatchingStrategy(PermissionMatchingStrategy permissionMatchingStrategy) -
equals
-
canEqual
-
hashCode
public int hashCode() -
getPosition
Matches against a specific method name and params encountered via an aspect pointcut. This field is primarily used to differentiate between multiple methods in a component sharing the same name.- Returns:
- Matches against a specific method name and params encountered via an aspect pointcut
-
getPositionPattern
Matches against a specific method name encountered via an aspect pointcut. This field is primarily used when method name alone can be used to differentiate between multiple methods in a component.- Returns:
- Matches against a specific method name encountered via an aspect pointcut
-
getAspect
Optional parameter used to differentiate which aspect this override should apply against in thePolicyAspectProcessor
. If null, this override will apply against all method pointcuts passed into PolicyAspectProcessor, regardless of the originating aspect. However, this may result in wasted regex computation for inapplicable aspects, so this field is generally set as a performance optimization.- Returns:
- parameter used to differentiate which aspect this override should apply against
-
getParam
public int getParam()SeePolicy.param()
. Default is -1.- Returns:
- See
Policy.param()
. Default is -1.
-
getOwnerIdentifierParam
public int getOwnerIdentifierParam()SeePolicy.ownerIdentifierParam()
. Default is -1.- Returns:
- See
Policy.ownerIdentifierParam()
. Default is -1.
-
getPermissionRoots
SeePolicy.permissionRoots()
. Default is empty array.- Returns:
- See
Policy.permissionRoots()
. Default is empty array.
-
getPermissionMatchingStrategy
SeePolicy.permissionMatchingStrategy()
. Deafult isMatchingStrategy#ANY
-
getOperationTypes
SeePolicy.operationTypes()
. Default isOperationType.UNKNOWN
.- Returns:
- See
Policy.operationTypes()
. Default isOperationType.UNKNOWN
.
-
getIdentityTypes
SeePolicy.identityTypes()
. Default isIdentityType.UNKNOWN
.- Returns:
- See
Policy.identityTypes()
. Default isIdentityType.UNKNOWN
.
-
getOwnerIdentifier
SeePolicy.ownerIdentifier()
. Default isPolicyUtils.DEFAULT_AUTH_DETAILS_OWNER_ID
- Returns:
- See
Policy.ownerIdentifier()
. Default isPolicyUtils.DEFAULT_AUTH_DETAILS_OWNER_ID
- See Also:
-
isRemoveTarget
public boolean isRemoveTarget()Whether or not existing policy enforcement configuration at the target method should be removed.- Returns:
- Whether or not existing policy enforcement configuration at the target method should be removed
-
getPositionRegex
Regex string for matching target method. SeepositionPattern
.- Returns:
- Regex string for matching target method. See
positionPattern
.
-