Class VendorAwareTrackablePolicyUtils
- All Implemented Interfaces:
PolicyUtils
,TrackablePolicyUtils
DefaultTrackablePolicyUtils
that understands what vendor(s) the current
authentication is restricted to (including consideration for the current policy requirements) and
can enforce access control accordingly.- See Also:
-
Field Summary
Fields inherited from class com.broadleafcommerce.data.tracking.core.policy.trackable.DefaultTrackablePolicyUtils
ADMIN_CLAIM, AUTHORITIES, USER_TYPE_ATTR
Fields inherited from interface com.broadleafcommerce.data.tracking.core.policy.PolicyUtils
DEFAULT_AUTH_DETAILS_OWNER_ID, ROLE_ANONYMOUS
Fields inherited from interface com.broadleafcommerce.data.tracking.core.policy.trackable.TrackablePolicyUtils
AUTH_DETAILS_ACCOUNT_KEY, AUTH_DETAILS_ADMIN_USER_ID_KEY, AUTH_DETAILS_APPLICATION_ACCESS_KEY, AUTH_DETAILS_APPLICATIONS_KEY, AUTH_DETAILS_CUSTOMER_CONTEXT_IDS, AUTH_DETAILS_GLOBAL_KEY, AUTH_DETAILS_TENANT_ACCESS_KEY, AUTH_DETAILS_TENANT_KEY
-
Constructor Summary
ConstructorDescriptionVendorAwareTrackablePolicyUtils
(CatalogFinder<Catalog> catalogFinder, TrackableBehaviorUtil trackableBehaviorUtil, AuthenticationVendorPrivilegesUtility authenticationVendorPrivilegesUtility) VendorAwareTrackablePolicyUtils
(CatalogFinder<Catalog> catalogFinder, TrackableBehaviorUtil trackableBehaviorUtil, String ownerIdentifier, AuthenticationVendorPrivilegesUtility authenticationVendorPrivilegesUtility) -
Method Summary
Modifier and TypeMethodDescriptionprotected OperationType
determineRequiredOperationType
(PolicyInformation policy, ContextInfo contextInfo) This is copied fromDefaultPolicyAspectProcessor.narrowType(PolicyInformation, ContextInfo)
.filterToVendorRestrictionsMatchingPolicyRequirements
(@NonNull Set<String> restrictedVendorRefs, @NonNull Map<String, Set<String>> vendorRefsByRestrictedAuthority, @NonNull PolicyInformation policyRequirements, ContextInfo contextInfo) An authentication may have restrictions, but it's possible not all of them have the authorities required by a resource.filterToVendorRestrictionsMatchingPolicyRequirements
(@NonNull Set<String> restrictedVendorRefs, @NonNull Map<String, Set<String>> vendorRefsByRestrictedAuthority, OperationType requiredOperationType, @NonNull String[] permissionRoots, PermissionMatchingStrategy permissionMatchingStrategy) filterToVendorRestrictionsMatchingRequiredPermissions
(@NonNull Set<String> restrictedVendorRefs, @NonNull Map<String, Set<String>> vendorRefsByRestrictedAuthority, @NonNull List<String> fullyExpandedRequiredPermissions, PermissionMatchingStrategy permissionMatchingStrategy) protected AuthenticationVendorPrivilegesUtility
getVendorPrivileges
(@NonNull org.springframework.security.core.Authentication authentication) Delegates togetVendorPrivileges(Authentication, ContextInfo)
.getVendorPrivileges
(@NonNull org.springframework.security.core.Authentication authentication, ContextInfo contextInfo) Obtains the summary of vendor privileges from the given authentication and context.protected VendorVisibilityManager
protected boolean
isCatalogVisibleByVendorRestrictions
(@NonNull ContextInfo contextInfo, String[] requiredPermissionRoots, PermissionMatchingStrategy permissionMatchingStrategy, OperationType requiredOperationType) Reports whether the catalog referenced in thecontextInfo
is visible by the vendor restrictions in the current authentication.void
setVendorVisibilityManager
(VendorVisibilityManager vendorVisibilityManager) Lazily inject theVendorVisibilityManager
, since thehandlers
it injects may require service dependencies that themselves require policy utils.validateContext
(ContextInfo contextInfo) Review theContextInfo
parameter for valid tenant user membership and valid catalog visibility based on the currentAuthentication
and requested tenant information in the contextInfo.validateContext
(ContextInfo contextInfo, String[] requiredPermissionRoots, PermissionMatchingStrategy permissionMatchingStrategy, OperationType operationType) Performs similar validation toDefaultTrackablePolicyUtils.validateContext(ContextInfo, String[], PermissionMatchingStrategy, OperationType)
, but also considers whether the catalog in thecontextInfo
is visible by the current authentication's vendor restrictions.protected PolicyResponse
validateEntityMutableByCurrentVendorRestrictions
(Trackable entity, ContextInfo contextInfo, String[] requiredPermissionRoots, PermissionMatchingStrategy permissionMatchingStrategy, OperationType operationType) Checks whether the givenentity
being mutated is actually mutable given the current authentication's vendor privileges and provided policy requirements.protected PolicyResponse
validateEntityOperation
(Trackable entity, ContextInfo contextInfo, String[] permissionRoots, PermissionMatchingStrategy strategy, OperationType operationType) This is the method used byDefaultTrackablePolicyUtils.validateUpdate(Trackable, ContextInfo, String[], PermissionMatchingStrategy)
andDefaultTrackablePolicyUtils.validateDelete(Trackable, ContextInfo, String[], PermissionMatchingStrategy)
to validate an entity can be updated/deleted by the current authentication, so it is overridden here to add consideration for vendor restrictions.validateInsert
(Trackable entity, ContextInfo contextInfo, String[] permissionRoots, PermissionMatchingStrategy strategy) OverridesDefaultTrackablePolicyUtils.validateInsert(Trackable, ContextInfo, String[], PermissionMatchingStrategy)
to add behavior that checks whether the entity can be inserted by the current authentication's vendor restrictions.validatePermission
(String[] permissionRoots, PermissionMatchingStrategy strategy, OperationType operationType, ContextInfo contextInfo) OverridesDefaultTrackablePolicyUtils.validatePermission(String[], PermissionMatchingStrategy, OperationType, ContextInfo)
to give special consideration to vendor restrictions and vendor-restricted authorities.validatePermissions
(String[] permissions, ContextInfo contextInfo) Overridden fromPolicyUtils.validatePermissions(String[], ContextInfo)
to give special consideration to vendor restrictions and vendor-restricted authorities.Methods inherited from class com.broadleafcommerce.data.tracking.core.policy.trackable.DefaultTrackablePolicyUtils
expandPermissionRootsToPermissions, getAttributesConverter, getAuthDetailsOwnerIdentifier, getAuthenticationAttributes, getCurrentUserAccountId, getCustomerContextIdsForUser, getImplicitApplicationCatalog, invalidPolicyResponse, invalidPolicyResponse, isAccountVisible, isAdminScopedServiceClient, isAdminUser, isAnonymous, isApplicationCatalogAddAllowed, isApplicationVisible, isCatalogMutable, isCatalogVisible, isCatalogVisible, isContextVisible, isGlobalApplication, isGlobalChangeInHiddenCatalog, isGlobalTenant, isGlobalTenantUser, isGlobalTenantUser, isMutationPossibleForContext, isNotUser, isOwnerUser, isSandboxVisible, isTenantVisible, isUserApplicationLevelAccess, isUserApplicationLevelAccess, isUserApplicationRestricted, isUserApplicationRestricted, isUserTenantLevelAccess, isUserTenantLevelAccess, isValidApplicationUser, isValidApplicationUser, isValidApplicationUser, isValidApplicationUser, isValidCustomerContext, isValidSandboxUser, isValidTenantUser, matchInheritanceLine, rateMember, setAttributesConverter, streamApplications, validateApplicationCatalogUpdate, validateApplicationUpdate, validateCatalogInsert, validateDelete, validateEntityUpdate, validateEntityUpdateForTenantFactors, validateGlobalMutateToInheritedCatalog, validateGlobalUpdateToHiddenCatalog, validateOperation, validateOperation, validateOther, validateOwner, validatePermission, validateRead, validateTenantTrackableUpdate, validateTenantUpdate, validateUpdate
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface com.broadleafcommerce.data.tracking.core.policy.PolicyUtils
getAuthentication
-
Constructor Details
-
VendorAwareTrackablePolicyUtils
public VendorAwareTrackablePolicyUtils(CatalogFinder<Catalog> catalogFinder, TrackableBehaviorUtil trackableBehaviorUtil, String ownerIdentifier, AuthenticationVendorPrivilegesUtility authenticationVendorPrivilegesUtility) -
VendorAwareTrackablePolicyUtils
public VendorAwareTrackablePolicyUtils(CatalogFinder<Catalog> catalogFinder, TrackableBehaviorUtil trackableBehaviorUtil, AuthenticationVendorPrivilegesUtility authenticationVendorPrivilegesUtility)
-
-
Method Details
-
setVendorVisibilityManager
@Autowired @Lazy public void setVendorVisibilityManager(VendorVisibilityManager vendorVisibilityManager) Lazily inject theVendorVisibilityManager
, since thehandlers
it injects may require service dependencies that themselves require policy utils. Lazy injection avoids a circular reference.Additionally, this bean disables policy validation before invoking any methods of
VendorVisibilityManager
to prevent recursive policy validation.- Parameters:
vendorVisibilityManager
- the vendor visibility manager
-
getVendorPrivileges
public AuthenticationVendorPrivilegesSummary getVendorPrivileges(@NonNull @NonNull org.springframework.security.core.Authentication authentication) Delegates togetVendorPrivileges(Authentication, ContextInfo)
.- Parameters:
authentication
- theAuthentication
from which to extract vendor privilege information- Returns:
- details about the given authentication's vendor restrictions and authorities
- Throws:
IllegalArgumentException
- if the authentication details didn't match the expected structure- See Also:
-
getVendorPrivileges
public AuthenticationVendorPrivilegesSummary getVendorPrivileges(@NonNull @NonNull org.springframework.security.core.Authentication authentication, @Nullable ContextInfo contextInfo) Obtains the summary of vendor privileges from the given authentication and context.- Parameters:
authentication
- theAuthentication
from which to extract vendor privilege informationcontextInfo
- context information surrounding sandboxing and multitenant state- Returns:
- details about the given authentication's vendor restrictions and authorities
- Throws:
IllegalArgumentException
- if the authentication details didn't match the expected structure- See Also:
-
validateContext
Description copied from interface:TrackablePolicyUtils
Review theContextInfo
parameter for valid tenant user membership and valid catalog visibility based on the currentAuthentication
and requested tenant information in the contextInfo.- Specified by:
validateContext
in interfaceTrackablePolicyUtils
- Overrides:
validateContext
in classDefaultTrackablePolicyUtils
- Parameters:
contextInfo
- the context containing multitenant application, tenant and catalog information- Returns:
- Whether or not the contextInfo contains valid tenant information
-
validateContext
public PolicyResponse validateContext(@Nullable ContextInfo contextInfo, @Nullable String[] requiredPermissionRoots, @Nullable PermissionMatchingStrategy permissionMatchingStrategy, @Nullable OperationType operationType) Performs similar validation toDefaultTrackablePolicyUtils.validateContext(ContextInfo, String[], PermissionMatchingStrategy, OperationType)
, but also considers whether the catalog in thecontextInfo
is visible by the current authentication's vendor restrictions.- Specified by:
validateContext
in interfaceTrackablePolicyUtils
- Overrides:
validateContext
in classDefaultTrackablePolicyUtils
- Parameters:
contextInfo
- the context containing multitenant application, tenant and catalog informationrequiredPermissionRoots
- the permission roots required by the policypermissionMatchingStrategy
- how to validate multiple permissionsoperationType
- the operation type required by the policy- Returns:
- Whether or not the contextInfo is valid with consideration to the current authentication and provided policy requirements
-
isCatalogVisibleByVendorRestrictions
protected boolean isCatalogVisibleByVendorRestrictions(@NonNull @NonNull ContextInfo contextInfo, @Nullable String[] requiredPermissionRoots, @Nullable PermissionMatchingStrategy permissionMatchingStrategy, @Nullable OperationType requiredOperationType) Reports whether the catalog referenced in thecontextInfo
is visible by the vendor restrictions in the current authentication.Ultimately, the expectation is that if the current authentication is restricted (see
AuthenticationVendorPrivilegesSummary.isUnrestricted()
), its context requests should only be able to supply the ID of a catalog which is directly associated to one of its vendor restrictions viaCatalog.getVendorRef()
.Note that this is critical since visibility and mutability of catalog-discriminated entities are purely determined by this behavior. The pure permission validation simply checks if the authentication has the requisite permission(s) in at least one of their vendor restrictions, but this will go further to confirm the requisite permissions are found for the vendor ref associated to the requested catalog.
- Parameters:
contextInfo
- the context info whose catalog should be checked for accessibilityrequiredPermissionRoots
- the permission roots required by the policypermissionMatchingStrategy
- how to validate multiple permissionsrequiredOperationType
- the operation type required by the policy- Returns:
- true if the catalog is visible by the current vendor restrictions, false otherwise
-
validateInsert
public PolicyResponse validateInsert(@Nullable Trackable entity, @Nullable ContextInfo contextInfo, @Nullable String[] permissionRoots, @Nullable PermissionMatchingStrategy strategy) OverridesDefaultTrackablePolicyUtils.validateInsert(Trackable, ContextInfo, String[], PermissionMatchingStrategy)
to add behavior that checks whether the entity can be inserted by the current authentication's vendor restrictions.- Specified by:
validateInsert
in interfaceTrackablePolicyUtils
- Overrides:
validateInsert
in classDefaultTrackablePolicyUtils
- Parameters:
entity
- The item being insertedcontextInfo
- the context containing multitenant application and catalog informationpermissionRoots
- The permission roots to validate. If not specified, then permission validation will not be performed.strategy
- how to treat multiple permissions- Returns:
- Whether or not the update request on the entity should be allowed, including consideration for vendor restrictions
-
validateEntityOperation
protected PolicyResponse validateEntityOperation(@Nullable Trackable entity, @Nullable ContextInfo contextInfo, @Nullable String[] permissionRoots, @Nullable PermissionMatchingStrategy strategy, @Nullable OperationType operationType) This is the method used byDefaultTrackablePolicyUtils.validateUpdate(Trackable, ContextInfo, String[], PermissionMatchingStrategy)
andDefaultTrackablePolicyUtils.validateDelete(Trackable, ContextInfo, String[], PermissionMatchingStrategy)
to validate an entity can be updated/deleted by the current authentication, so it is overridden here to add consideration for vendor restrictions.- Overrides:
validateEntityOperation
in classDefaultTrackablePolicyUtils
- Parameters:
entity
- the entity being updated/deletedcontextInfo
- the context containing multitenant application and catalog informationpermissionRoots
- The permission roots to validate. If not specified, then permission validation will not be performed.strategy
- how to treat multiple permissionsoperationType
- the explicit type of operation to validate- Returns:
- whether or not the operation should be allowed on the entity
-
validateEntityMutableByCurrentVendorRestrictions
protected PolicyResponse validateEntityMutableByCurrentVendorRestrictions(@Nullable Trackable entity, @Nullable ContextInfo contextInfo, @Nullable String[] requiredPermissionRoots, @Nullable PermissionMatchingStrategy permissionMatchingStrategy, @Nullable OperationType operationType) Checks whether the givenentity
being mutated is actually mutable given the current authentication's vendor privileges and provided policy requirements.If the
entity
is null, if the entity type does not have vendor-discrimination support, if there is no current authentication, if there are no required permission roots, or if the current authentication isunrestricted
, the validation will automatically pass.If the authentication is restricted, then this will first determine which vendors the current authentication can access within the provided policy requirements. Those vendors and the entity itself are both provided to
VendorVisibilityManager.isEntityMutableByVendorRestrictions(Object, Set, ContextInfo)
such that the appropriateVendorVisibilityHandler
(if any) for that entity can make an appropriate determination about whether the entity is within the constraints of the vendor restrictions.- Parameters:
entity
- the entity being updated/deleted. If not specified, then validation will automatically pass.contextInfo
- the context containing multitenant application and catalog informationrequiredPermissionRoots
- The permission roots to validate. If not specified, then validation will automatically pass.permissionMatchingStrategy
- how to treat multiple permission rootsoperationType
- the explicit type of operation to validate- Returns:
- whether or not the operation should be allowed on the entity
-
filterToVendorRestrictionsMatchingPolicyRequirements
public Set<String> filterToVendorRestrictionsMatchingPolicyRequirements(@NonNull @NonNull Set<String> restrictedVendorRefs, @NonNull @NonNull Map<String, Set<String>> vendorRefsByRestrictedAuthority, @NonNull @NonNull PolicyInformation policyRequirements, @Nullable ContextInfo contextInfo) An authentication may have restrictions, but it's possible not all of them have the authorities required by a resource. For example, an authentication could be restricted to ['vendorA', 'vendorB'], and only have the 'READ_PRODUCT' authority in 'vendorA'. If accessing a resource that requires 'READ_PRODUCT', the authentication effectively only has access to 'vendorA' and will not have access to 'vendorB'.To support such validation, this method accepts a set of
restrictedVendorRefs
and returns a filtered set of vendor refs which satisfy the provided policy requirements of a resource.- Parameters:
restrictedVendorRefs
- the set of vendor refs to filter by. An empty provided here means no accessible vendors, and will automatically result in this method returning an empty set. SeeAuthenticationVendorPrivilegesSummary.getRestrictedVendorRefs()
.vendorRefsByRestrictedAuthority
- A map from "restricted authorities" (ex: READ_PRODUCT) to all "vendor refs" (ex: a vendor ID or vendor code) that the authority has been granted to. This is used as the source of truth for determining what authorities are available. SeeAuthenticationVendorPrivilegesSummary.getVendorRefsByRestrictedAuthority()
.policyRequirements
- the policy requirements to validate againstcontextInfo
- context information about sandboxing/multitenant state. Useful for determining the required operation type in conjunction withPolicyInformation
.- Returns:
- a filtered set of vendor refs which satisfy the provided policy requirements of a resource. An empty result means no vendors are accessible.
- See Also:
-
filterToVendorRestrictionsMatchingPolicyRequirements
protected Set<String> filterToVendorRestrictionsMatchingPolicyRequirements(@NonNull @NonNull Set<String> restrictedVendorRefs, @NonNull @NonNull Map<String, Set<String>> vendorRefsByRestrictedAuthority, @Nullable OperationType requiredOperationType, @NonNull @NonNull String[] permissionRoots, @Nullable PermissionMatchingStrategy permissionMatchingStrategy) See javadocs offilterToVendorRestrictionsMatchingPolicyRequirements(Set, Map, PolicyInformation, ContextInfo)
.- Parameters:
restrictedVendorRefs
- the set of vendor refs to filter by. An empty provided here means no accessible vendors, and will automatically result in this method returning an empty set. SeeAuthenticationVendorPrivilegesSummary.getRestrictedVendorRefs()
.vendorRefsByRestrictedAuthority
- A map from "restricted authorities" (ex: READ_PRODUCT) to all "vendor refs" (ex: a vendor ID or vendor code) that the authority has been granted to. This is used as the source of truth for determining what authorities are available. SeeAuthenticationVendorPrivilegesSummary.getVendorRefsByRestrictedAuthority()
.requiredOperationType
- the operation type that should be used as the required operation type for policy validation. This is typically determined by looking atPolicyInformation
andContextInfo
.permissionRoots
- the required permission roots. SeePolicyInformation.getPermissionRoots()
.permissionMatchingStrategy
- the matching strategy to use for evaluating permissions. SeePermissionMatchingStrategy
.- Returns:
- a filtered set of vendor refs which satisfy the provided policy requirements of a resource. An empty result means no vendors are accessible.
-
determineRequiredOperationType
protected OperationType determineRequiredOperationType(PolicyInformation policy, @Nullable ContextInfo contextInfo) This is copied fromDefaultPolicyAspectProcessor.narrowType(PolicyInformation, ContextInfo)
.Figure out the OperationType to use, given the policy and contextInfo.
- If there is only one operationType described in Policy:
- If it's not UNKNOWN, use it
- If there's not contextInfo, return UNKNOWN
- Otherwise, return the operation type on the contextInfo
- Otherwise, find and use the first match of contextInfo operationType in those defined by Policy, or the first OperationType in the policy defined list if no match is found
- Parameters:
policy
- The policy annotation on the method that optionally defines one or more OperationTypescontextInfo
- The optional contextInfo that describes an overall operationType for the context of the request- Returns:
- The final OperationType to use for the policy validation
-
filterToVendorRestrictionsMatchingRequiredPermissions
public Set<String> filterToVendorRestrictionsMatchingRequiredPermissions(@NonNull @NonNull Set<String> restrictedVendorRefs, @NonNull @NonNull Map<String, Set<String>> vendorRefsByRestrictedAuthority, @NonNull @NonNull List<String> fullyExpandedRequiredPermissions, @Nullable PermissionMatchingStrategy permissionMatchingStrategy) See javadocs offilterToVendorRestrictionsMatchingPolicyRequirements(Set, Map, PolicyInformation, ContextInfo)
.- Parameters:
restrictedVendorRefs
- the set of vendor refs to filter by. An empty provided here means no accessible vendors, and will automatically result in this method returning an empty set. SeeAuthenticationVendorPrivilegesSummary.getRestrictedVendorRefs()
.vendorRefsByRestrictedAuthority
- A map from "restricted authorities" (ex: READ_PRODUCT) to all "vendor refs" (ex: a vendor ID or vendor code) that the authority has been granted to. This is used as the source of truth for determining what authorities are available. SeeAuthenticationVendorPrivilegesSummary.getVendorRefsByRestrictedAuthority()
.fullyExpandedRequiredPermissions
- the required permissions. This should be the fully expanded permissions (ex: READ_PRODUCT), not just their roots (PRODUCT).permissionMatchingStrategy
- the matching strategy to use for evaluating permissions. SeePermissionMatchingStrategy
.- Returns:
- a filtered set of vendor refs which satisfy the provided permission requirements. An empty result means no vendors are accessible.
-
validatePermission
public PolicyResponse validatePermission(@Nullable String[] permissionRoots, @Nullable PermissionMatchingStrategy strategy, @Nullable OperationType operationType, @Nullable ContextInfo contextInfo) OverridesDefaultTrackablePolicyUtils.validatePermission(String[], PermissionMatchingStrategy, OperationType, ContextInfo)
to give special consideration to vendor restrictions and vendor-restricted authorities.If there are no policy requirements or if there is no current authentication, the result will automatically be
PolicyResponse.VALID
.If the current authentication is
unrestricted
, the authentication's full authority set will be validated for the presence of the required permissions as dictated by thePermissionMatchingStrategy
.If the current authentication is not
unrestricted
, the authentication must have at least onevendor-type restriction
for which it has the required permissions as dictated by thePermissionMatchingStrategy
.The expectation is that if an authentication could conceivably access this resource with even one of its vendor restrictions, the policy validation here will allow it, and then rely on
VendorNarrowingContextInfoCustomizer
to prevent data from unauthorized vendors from appearing in the results.- Specified by:
validatePermission
in interfaceTrackablePolicyUtils
- Overrides:
validatePermission
in classDefaultTrackablePolicyUtils
- Parameters:
permissionRoots
- the permission roots requestedstrategy
- the permission matching strategy to use for validationoperationType
- the explicit type of operation to validatecontextInfo
- the context containing multitenant application, tenant and catalog information. Not used in the default implementation, though custom implementations may use this for validation purposes.- Returns:
- Whether or not the discovered permission is in scope for the current user
-
validatePermissions
public PolicyResponse validatePermissions(@Nullable String[] permissions, @Nullable ContextInfo contextInfo) Overridden fromPolicyUtils.validatePermissions(String[], ContextInfo)
to give special consideration to vendor restrictions and vendor-restricted authorities.The semantics of validation are similar to what is described in
validatePermission(String[], PermissionMatchingStrategy, OperationType, ContextInfo)
.- Parameters:
permissions
- the permissions to check. A single permission in the currentPolicyUtils.getAuthentication()
must match to pass the policycontextInfo
- the context containing multitenant application, tenant and catalog information. Not used in the default implementation, though custom implementations may use this for validation purposes.- Returns:
- the result of the validation
- See Also:
-
getVendorVisibilityManager
-
getAuthenticationVendorPrivilegesUtility
-