org.broadleafcommerce.openadmin.server.security.service.user

Class AdminUserProvisioningServiceImpl

java.lang.Object

org.broadleafcommerce.openadmin.server.security.service.user.AdminUserProvisioningServiceImpl

All Implemented Interfaces:

AdminUserProvisioningService

@Service(value="blAdminUserProvisioningService")
public class AdminUserProvisioningServiceImpl
extends Object
implements AdminUserProvisioningService

This component allows for the default provisioning of an AdminUser and roles in the Broadleaf database, based on the external authentication of a user (e.g. LDAP or custom external authentication provider).

Author:

Kelly Tisdell

Field Summary

Fields

Modifier and Type	Field and Description
protected AdminExternalLoginUserExtensionManager	adminExternalLoginExtensionManager
protected AdminSecurityHelper	adminSecurityHelper
protected Map<String,String[]>	roleNameSubstitutions
protected AdminSecurityService	securityService

Constructor Summary

Constructors

Constructor and Description
AdminUserProvisioningServiceImpl()

Method Summary

Modifier and Type	Method and Description
protected Set<org.springframework.security.core.authority.SimpleGrantedAuthority>	extractAdminUserAuthorities(HashSet<AdminRole> parsedRoles) Extracts the SimpleGrantedAuthoritys for the given List of AdminRoles.
protected HashSet<String>	parseRolesFromUserDetails(BroadleafExternalAuthenticationUserDetails details) Uses the provided role name substitutions to map the LDAP roles to Broadleaf roles.
AdminUserDetails	provisionAdminUser(BroadleafExternalAuthenticationUserDetails details) This method uses the details argument to add or update an AdminUser object in the database, along with appropriate roles and permissions.
void	setRoleNameSubstitutions(Map<String,String[]> roleNameSubstitutions) This allows you to declaratively set a map containing values that will substitute role names from LDAP to Broadleaf roles names in cases that they might be different.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

securityService

protected AdminSecurityService securityService

adminExternalLoginExtensionManager

protected AdminExternalLoginUserExtensionManager adminExternalLoginExtensionManager

adminSecurityHelper

protected AdminSecurityHelper adminSecurityHelper

roleNameSubstitutions

protected Map<String,String[]> roleNameSubstitutions

Constructor Detail

AdminUserProvisioningServiceImpl

public AdminUserProvisioningServiceImpl()

Method Detail

provisionAdminUser

public AdminUserDetails provisionAdminUser(BroadleafExternalAuthenticationUserDetails details)

Description copied from interface: AdminUserProvisioningService

This method uses the details argument to add or update an AdminUser object in the database, along with appropriate roles and permissions. The result of the call to this should be an instance of AdminUserDetails. NOTE: IT IS GENERALLY EXPECTED THAT THIS METHOD WILL BE CALLED AFTER A USER HAS BEEN AUTHENTICATED.

Specified by:

provisionAdminUser in interface AdminUserProvisioningService

Returns:

extractAdminUserAuthorities

protected Set<org.springframework.security.core.authority.SimpleGrantedAuthority> extractAdminUserAuthorities(HashSet<AdminRole> parsedRoles)

Extracts the SimpleGrantedAuthoritys for the given List of AdminRoles. In addition, this will handle populating the default roles. This method returns a Set in order to avoid the duplication between the permissions of different roles.

Parameters:

parsedRoles - a List of AdminRole

Returns:

a Set of unique authorities for the given roles

parseRolesFromUserDetails

protected HashSet<String> parseRolesFromUserDetails(BroadleafExternalAuthenticationUserDetails details)

Uses the provided role name substitutions to map the LDAP roles to Broadleaf roles.

Parameters:

details - the auth details

Returns:

a Set of unique Broadleaf role names

setRoleNameSubstitutions

public void setRoleNameSubstitutions(Map<String,String[]> roleNameSubstitutions)

This allows you to declaratively set a map containing values that will substitute role names from LDAP to Broadleaf roles names in cases that they might be different. For example, if you have a role specified in LDAP under "memberOf" with a DN of "Marketing Administrator", you might want to map that to the role "ADMIN". By default the prefix "ROLE_" will be pre-pended to this name. So to configure this, you would specify: With this configuration, all roles returned by LDAP that have a DN of "Marketing Administrator" will be converted to "ADMIN"

Parameters:

roleNameSubstitutions -