Class DefaultPaymentAccessValidationService
java.lang.Object
com.broadleafcommerce.paymenttransaction.service.validation.DefaultPaymentAccessValidationService
- All Implemented Interfaces:
PaymentAccessValidationService
public class DefaultPaymentAccessValidationService
extends Object
implements PaymentAccessValidationService
Default implementation of
PaymentAccessValidationService
.-
Constructor Summary
ConstructorDescriptionDefaultPaymentAccessValidationService
(PaymentTTLValidationService paymentTTLValidationService, PaymentManagementService<Payment> paymentManagementService, com.broadleafcommerce.resource.security.utils.service.AuthenticationUtils authenticationUtils) -
Method Summary
Modifier and TypeMethodDescriptionprotected boolean
customerMatches
(@NonNull Payment payment, @NonNull CustomerRef customer) Validates if the owning user of thePayment
matches the givenCustomerRef
.protected com.broadleafcommerce.resource.security.utils.service.AuthenticationUtils
protected PaymentManagementService<Payment>
protected PaymentTransactionServiceProperties
protected PaymentTTLValidationService
protected boolean
isCustomerMutabilityBlocked
(@NonNull Payment payment) protected boolean
isCustomerMutabilityBlockedForPaymentFinalization
(@NonNull Payment payment) void
setPaymentTransactionServiceProperties
(PaymentTransactionServiceProperties paymentTransactionServiceProperties) protected boolean
validateAccessForAnonymousOwnedPayment
(@NonNull Payment payment, @NonNull CustomerRef customerRef) Validates access for anonymous ownedPayment
for the givenCustomerRef
, which checks against thePayment.getOwningUserEmailAddress()
andCustomerRef.getUsername()
by default.void
validateCustomerPaymentRequest
(@NonNull Payment payment, @NonNull CustomerRef customerRef, String lockToken, com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Validates access to the payment based on the passed in contextprotected void
validatePaymentCustomerRef
(@NonNull Payment payment, @NonNull CustomerRef customerRef, String lockToken, com.broadleafcommerce.data.tracking.core.context.ContextInfo context)
-
Constructor Details
-
DefaultPaymentAccessValidationService
public DefaultPaymentAccessValidationService(PaymentTTLValidationService paymentTTLValidationService, PaymentManagementService<Payment> paymentManagementService, com.broadleafcommerce.resource.security.utils.service.AuthenticationUtils authenticationUtils)
-
-
Method Details
-
validateCustomerPaymentRequest
public void validateCustomerPaymentRequest(@NonNull @NonNull Payment payment, @NonNull @NonNull CustomerRef customerRef, @Nullable String lockToken, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) Description copied from interface:PaymentAccessValidationService
Validates access to the payment based on the passed in context- Specified by:
validateCustomerPaymentRequest
in interfacePaymentAccessValidationService
- Parameters:
payment
- thePayment
requiring accesscustomerRef
- theCustomerRef
to validate againstlockToken
- the current lock tokencontext
- context information surrounding multitenant state
-
validatePaymentCustomerRef
protected void validatePaymentCustomerRef(@NonNull @NonNull Payment payment, @NonNull @NonNull CustomerRef customerRef, @Nullable String lockToken, @Nullable com.broadleafcommerce.data.tracking.core.context.ContextInfo context) -
isCustomerMutabilityBlocked
-
isCustomerMutabilityBlockedForPaymentFinalization
protected boolean isCustomerMutabilityBlockedForPaymentFinalization(@NonNull @NonNull Payment payment) -
customerMatches
protected boolean customerMatches(@NonNull @NonNull Payment payment, @NonNull @NonNull CustomerRef customer) Validates if the owning user of thePayment
matches the givenCustomerRef
.This is to ensure that the currently authenticated user, the given
CustomerRef
, has access to thePayment
.- Parameters:
payment
- thePayment
to check the owning user forcustomer
- theCustomerRef
to check against- Returns:
- true if the payment's owning user matches the given
CustomerRef
, otherwise false
-
validateAccessForAnonymousOwnedPayment
protected boolean validateAccessForAnonymousOwnedPayment(@NonNull @NonNull Payment payment, @NonNull @NonNull CustomerRef customerRef) Validates access for anonymous ownedPayment
for the givenCustomerRef
, which checks against thePayment.getOwningUserEmailAddress()
andCustomerRef.getUsername()
by default.Override this method for additional validations or if
CustomerRef.getUsername()
is not the same as the customer email.- Parameters:
payment
- thePayment
being accessedcustomerRef
- theCustomerRef
to check against- Returns:
- true if access is allowed, otherwise false.
-
getPaymentTTLValidationService
-
getPaymentManagementService
-
getAuthenticationUtils
protected com.broadleafcommerce.resource.security.utils.service.AuthenticationUtils getAuthenticationUtils() -
getPaymentTransactionServiceProperties
-
setPaymentTransactionServiceProperties
@Autowired public void setPaymentTransactionServiceProperties(PaymentTransactionServiceProperties paymentTransactionServiceProperties)
-