Package org.broadleafcommerce.openadmin.server.security.service.user

Class AdminUserProvisioningServiceImpl

java.lang.Object
org.broadleafcommerce.openadmin.server.security.service.user.AdminUserProvisioningServiceImpl
All Implemented Interfaces:
AdminUserProvisioningService
@Service("blAdminUserProvisioningService") public class AdminUserProvisioningServiceImpl extends Object implements AdminUserProvisioningService
This component allows for the default provisioning of an AdminUser and roles in the Broadleaf database, based on the external authentication of a user (e.g. LDAP or custom external authentication provider).
Author:
Kelly Tisdell

  • Field Details

  • Constructor Details

    • AdminUserProvisioningServiceImpl

      public AdminUserProvisioningServiceImpl()

  • Method Details

    • provisionAdminUser

      public AdminUserDetails provisionAdminUser(org.broadleafcommerce.common.security.BroadleafExternalAuthenticationUserDetails details)
      Description copied from interface: AdminUserProvisioningService
      This method uses the details argument to add or update an AdminUser object in the database, along with appropriate roles and permissions. The result of the call to this should be an instance of AdminUserDetails.

      NOTE: IT IS GENERALLY EXPECTED THAT THIS METHOD WILL BE CALLED AFTER A USER HAS BEEN AUTHENTICATED.

      Specified by:
      provisionAdminUser in interface AdminUserProvisioningService
      Returns:

    • parseAdminRoles

      protected HashSet<AdminRole> parseAdminRoles(org.broadleafcommerce.common.security.BroadleafExternalAuthenticationUserDetails details)

    • extractAdminUserAuthorities

      protected Set<org.springframework.security.core.authority.SimpleGrantedAuthority> extractAdminUserAuthorities(HashSet<AdminRole> parsedRoles)
      Extracts the SimpleGrantedAuthoritys for the given List of AdminRoles. In addition, this will handle populating the default roles. This method returns a Set in order to avoid the duplication between the permissions of different roles.
      Parameters:
      parsedRoles - a List of AdminRole
      Returns:
      a Set of unique authorities for the given roles

    • addPermissions

      protected void addPermissions(HashSet<AdminRole> parsedRoles, List<org.springframework.security.core.authority.SimpleGrantedAuthority> adminUserAuthorities)

    • convertPermissionPrefixToRole

      protected void convertPermissionPrefixToRole(List<org.springframework.security.core.authority.SimpleGrantedAuthority> adminUserAuthorities)

    • getAdminUser

      protected AdminUser getAdminUser(org.broadleafcommerce.common.security.BroadleafExternalAuthenticationUserDetails details, HashSet<AdminRole> parsedRoles)

    • createDetails

      protected AdminUserDetails createDetails(AdminUser adminUser, org.broadleafcommerce.common.security.BroadleafExternalAuthenticationUserDetails details, Set<org.springframework.security.core.authority.SimpleGrantedAuthority> adminUserAuthorities)

    • parseRolesFromUserDetails

      protected HashSet<String> parseRolesFromUserDetails(org.broadleafcommerce.common.security.BroadleafExternalAuthenticationUserDetails details)
      Uses the provided role name substitutions to map the LDAP roles to Broadleaf roles.
      Parameters:
      details - the auth details
      Returns:
      a Set of unique Broadleaf role names

    • setRoleNameSubstitutions

      public void setRoleNameSubstitutions(Map<String,String[]> roleNameSubstitutions)
      This allows you to declaratively set a map containing values that will substitute role names from LDAP to Broadleaf roles names in cases that they might be different. For example, if you have a role specified in LDAP under "memberOf" with a DN of "Marketing Administrator", you might want to map that to the role "ADMIN". By default the prefix "ROLE_" will be pre-pended to this name. So to configure this, you would specify:

      With this configuration, all roles returned by LDAP that have a DN of "Marketing Administrator" will be converted to "ADMIN"

      Parameters:
      roleNameSubstitutions -