Package com.broadleafcommerce.data.tracking.core.policy.trackable.marketplace.vendor.support

Class AuthenticationVendorPrivilegesUtility

java.lang.Object
com.broadleafcommerce.data.tracking.core.policy.trackable.marketplace.vendor.support.AuthenticationVendorPrivilegesUtility
public class AuthenticationVendorPrivilegesUtility extends Object
Responsible for extracting information from an Authentication to determine its vendor privileges.

  • Field Details

    • AUTH_DETAILS_RESTRICTIONS_KEY

      public static final String AUTH_DETAILS_RESTRICTIONS_KEY
      The name of the claim within the authentication that will hold its "restrictions". This is expected to be a map from "restriction type" (ex: 'VENDOR') to a list of "restriction targets" within that type (ex: 'vendorRefA', 'vendorRefB').

      If the authentication has no restrictions, it is considered unrestricted. If the authentication has restrictions, then it is considered to be restricted exclusively to the targets within the defined types.

      See Also:

    • AUTH_DETAILS_RESTRICTED_AUTHORITIES_KEY

      public static final String AUTH_DETAILS_RESTRICTED_AUTHORITIES_KEY
      The name of the claim within the authentication that will hold its "restricted authorities". This is expected to be a map from an authority (ex: 'READ_PRODUCT') to another map where the keys are "restriction types" (ex: 'VENDOR') and values are "restriction targets" within that type that should get the authority.
      See Also:

    • AUTH_DETAILS_VENDOR_RESTRICTION_TYPE

      public static final String AUTH_DETAILS_VENDOR_RESTRICTION_TYPE
      "restrictions" and "restricted authorities" both rely on a concept of "restriction type". This is the value of the restriction type used for vendors. It is used to obtain vendor-specific restriction and restricted authority data from the authentication.
      See Also:

  • Constructor Details

    • AuthenticationVendorPrivilegesUtility

      public AuthenticationVendorPrivilegesUtility(com.broadleafcommerce.common.extension.TypeFactory typeFactory)

  • Method Details

    • getVendorPrivileges

      public AuthenticationVendorPrivilegesSummary getVendorPrivileges(@NonNull @NonNull org.springframework.security.core.Authentication authentication, @Nullable org.springframework.core.convert.converter.Converter<org.springframework.security.core.Authentication,Map<String,Object>> authenticationAttributesConverter)
      Delegates to getVendorPrivileges(Authentication, Converter, ContextInfo).
      Parameters:
      authentication - the Authentication from which to extract vendor privilege information
      authenticationAttributesConverter - a converter that can convert the authentication to a map of details
      Returns:
      details about the given authentication's vendor restrictions and authorities
      Throws:
      IllegalArgumentException - if the authentication details didn't match the expected structure
      See Also:

    • getVendorPrivileges

      public AuthenticationVendorPrivilegesSummary getVendorPrivileges(@NonNull @NonNull org.springframework.security.core.Authentication authentication, @Nullable org.springframework.core.convert.converter.Converter<org.springframework.security.core.Authentication,Map<String,Object>> authenticationAttributesConverter, @Nullable ContextInfo contextInfo)
      Extracts the summary of vendor privileges from the given authentication and configurations in vendorAuthenticationPrivilegeProperties.

      In an application context, if VendorAuthenticationPrivilegeProperties.isIgnoreVendorRestrictionInApplicationContext() is true, then the vendor restrictions are ignored and the authentication is considered unrestricted. Note that this is an experimental feature.

      Parameters:
      authentication - the Authentication from which to extract vendor privilege information
      authenticationAttributesConverter - a converter that can convert the authentication to a map of details
      contextInfo - context information surrounding sandboxing and multitenant state
      Returns:
      details about the given authentication's vendor restrictions and authorities
      Throws:
      IllegalArgumentException - if the authentication details didn't match the expected structure
      See Also:

    • buildVendorRestrictionsSummary

      protected AuthenticationVendorPrivilegesSummary buildVendorRestrictionsSummary(boolean unrestricted, Set<String> allAuthorities, Set<String> restrictedVendorRefs, Map<String,Set<String>> vendorRefsByRestrictedAuthority)

    • getTypeFactory

      protected com.broadleafcommerce.common.extension.TypeFactory getTypeFactory()

    • getVendorAuthenticationPrivilegeProperties

      protected VendorAuthenticationPrivilegeProperties getVendorAuthenticationPrivilegeProperties()

    • setVendorAuthenticationPrivilegeProperties

      @Autowired public void setVendorAuthenticationPrivilegeProperties(VendorAuthenticationPrivilegeProperties vendorAuthenticationPrivilegeProperties)