Package org.broadleafcommerce.profile.web.core.security

Class RestApiCustomerStateFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.web.filter.OncePerRequestFilter

org.broadleafcommerce.profile.web.core.security.RestApiCustomerStateFilter

All Implemented Interfaces:

jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.core.Ordered, org.springframework.web.context.ServletContextAware

public class RestApiCustomerStateFilter
extends org.springframework.web.filter.OncePerRequestFilter
implements org.springframework.core.Ordered

This is a basic filter for finding the customer ID on the request and setting the customer object on the request. This must come after the BroadleafRequestFilter (blRequestFilter). This should come after any security filters. This filter DOES NOT provide any security. It simply looks for a "customerId" parameter on the request or in the request header. If it finds this parameter it looks up the customer and makes it available as a request attribute. This is generally for use in a filter chain for RESTful web services, allowing the client consuming services to specify the customerId on whos behalf they are invoking the service. It is assumed that services are invoked either in a trusted, secured network where no additional security is required. Or using OAuth or a similar trusted security model. Whatever security model is used, it should ensure that the caller has access to call the system, and that they have access to do so on behalf of the client whos ID is being determined by this class.

For RESTful services, this should be used instead of CustomerStateFilter since it does not look at or touch cookies or session.

User: Kelly Tisdell Date: 4/18/12

Field Summary

Fields

Modifier and Type	Field	Description
static final String	BLC_RULE_MAP_PARAM
static final String	CUSTOMER_ID_ATTRIBUTE
protected org.broadleafcommerce.profile.core.service.CustomerService	customerService
protected List<String>	excludeUrlPatterns
protected static final org.apache.commons.logging.Log	LOG
protected org.springframework.util.AntPathMatcher	pathMatcher

Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Fields inherited from interface org.springframework.core.Ordered

HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

Constructor Summary

Constructors

Constructor	Description
RestApiCustomerStateFilter()

Method Summary

Modifier and Type	Method	Description
protected void	doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain)
String	getCustomerIdAttributeName()
List<String>	getExcludeUrlPatterns()
int	getOrder()
void	setExcludeUrlPatterns(List<String> excludeUrlPatterns)
protected void	setupCustomerForRuleProcessing(org.broadleafcommerce.profile.core.domain.Customer customer, jakarta.servlet.http.HttpServletRequest request)
protected boolean	shouldNotFilter(jakarta.servlet.http.HttpServletRequest request)

Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

CUSTOMER_ID_ATTRIBUTE

public static final String CUSTOMER_ID_ATTRIBUTE

See Also:

• Constant Field Values

BLC_RULE_MAP_PARAM

public static final String BLC_RULE_MAP_PARAM

See Also:

• Constant Field Values

LOG

protected static final org.apache.commons.logging.Log LOG

customerService

@Autowired
@Qualifier("blCustomerService")
protected org.broadleafcommerce.profile.core.service.CustomerService customerService

pathMatcher

protected org.springframework.util.AntPathMatcher pathMatcher

excludeUrlPatterns

protected List<String> excludeUrlPatterns

Constructor Details

RestApiCustomerStateFilter

public RestApiCustomerStateFilter()

Method Details

doFilterInternal

protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 jakarta.servlet.FilterChain filterChain)
                         throws jakarta.servlet.ServletException,
IOException

Specified by:

doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter

Throws:

jakarta.servlet.ServletException

IOException

shouldNotFilter

protected boolean shouldNotFilter(jakarta.servlet.http.HttpServletRequest request)
                           throws jakarta.servlet.ServletException

Overrides:

shouldNotFilter in class org.springframework.web.filter.OncePerRequestFilter

Throws:

jakarta.servlet.ServletException

setupCustomerForRuleProcessing

protected void setupCustomerForRuleProcessing(org.broadleafcommerce.profile.core.domain.Customer customer,
 jakarta.servlet.http.HttpServletRequest request)

getOrder

public int getOrder()

Specified by:

getOrder in interface org.springframework.core.Ordered

getCustomerIdAttributeName

public String getCustomerIdAttributeName()

getExcludeUrlPatterns

public List<String> getExcludeUrlPatterns()

setExcludeUrlPatterns

public void setExcludeUrlPatterns(List<String> excludeUrlPatterns)