Package de.hybris.platform.b2ctelcotmfwebservices.security

Class UserValidator

  • public class UserValidator
extends java.lang.Object
    Validates if the authenticated user is authorized to access a resource
    Since:
    1907

    • Constructor Summary

      Constructors 
      Constructor Description
      UserValidator()  

    • Method Summary

      All Methods Instance Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      protected boolean hasRole​(java.lang.String role, org.springframework.security.core.Authentication authentication)
      Checks if the user has given role.
      boolean isAnonymous​(org.springframework.security.core.Authentication authentication, ShoppingCart shoppingCart)
      Checks if the first user provided in the list of related parties of the shopping cart is Anonymous and the client is authenticated.
      boolean isAnonymous​(org.springframework.security.core.Authentication authentication, ShoppingCartUnderscoreCreate shoppingCart)
      Deprecated, for removal: This API element is subject to removal in a future version.
      since 1911.
      boolean isAnonymous​(org.springframework.security.core.Authentication authentication, ShoppingCartUnderscoreUpdate shoppingCart)
      Deprecated, for removal: This API element is subject to removal in a future version.
      since 1911.
      boolean isAnonymous​(org.springframework.security.core.Authentication authentication, java.lang.String userId)
      Checks if the user provided is Anonymous and the client is authenticated.
      boolean isAnonymous​(org.springframework.security.core.Authentication authentication, java.util.List<RelatedPartyRef> relatedParties)
      Checks if the first user provided in the list of related parties is Anonymous and the client is authenticated.
      boolean isNotAnonymous​(ProductOrder productOrder)
      Checks if the user provided is not Anonymous.
      boolean isNotAnonymous​(java.lang.String userId)
      Checks if the user provided is not Anonymous.
      boolean isRelatedPartyAuthorizedShoppingCartUser​(org.springframework.security.core.Authentication authentication, ShoppingCart shoppingCart)
      From the list of related parties provided in theShoppingCart object the first item is used for checking if it matches with the principal for which authorization has been obtained.
      boolean isRelatedPartyAuthorizedToCreateShoppingCart​(org.springframework.security.core.Authentication authentication, ShoppingCartUnderscoreCreate shoppingCart)
      Deprecated, for removal: This API element is subject to removal in a future version.
      since 1911.
      boolean isRelatedPartyAuthorizedToPlaceOrder​(org.springframework.security.core.Authentication authentication, ProductOrder productOrder)
      From the list of related parties provided in the productOrder object the first item is used for checking if it matches with the principal for which authorization has been obtained.
      boolean isRelatedPartyAuthorizedToUpdateShoppingCart​(org.springframework.security.core.Authentication authentication, ShoppingCartUnderscoreUpdate shoppingCart)
      Deprecated, for removal: This API element is subject to removal in a future version.
      since 1911.
      boolean isRelatedPartyAuthorizedUserOrAdmin​(org.springframework.security.core.Authentication authentication, java.util.List<RelatedPartyRef> relatedParties)
      From the list of related parties provided the first item is used for checking if it matches with the principal for which authorization has been obtained.
      boolean isRelatedPartyTrustedClientAndUpdateStatus​(org.springframework.security.core.Authentication authentication, ShoppingCart shoppingCart)
      Checks if the request is for updating cart status, related party id matches with principal for which authorization has been obtained and if the client id is trusted or not.
      boolean isResourceOwner​(org.springframework.security.core.Authentication authentication, java.lang.String userId)  
      boolean validateUser​(org.springframework.security.core.Authentication authentication, java.lang.String userId)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • UserValidator

        public UserValidator()

    • Method Detail

      • validateUser

        public boolean validateUser​(org.springframework.security.core.Authentication authentication,
                            java.lang.String userId)

      • isResourceOwner

        public boolean isResourceOwner​(org.springframework.security.core.Authentication authentication,
                               java.lang.String userId)

      • isRelatedPartyAuthorizedToPlaceOrder

        public boolean isRelatedPartyAuthorizedToPlaceOrder​(org.springframework.security.core.Authentication authentication,
                                                    ProductOrder productOrder)
        From the list of related parties provided in the productOrder object the first item is used for checking if it matches with the principal for which authorization has been obtained.
        Parameters:
        authentication - authentication object
        productOrder - the product order from where the related party being checked is obtained
        Returns:
        true in case the authentication is not client only and if the principal matches with the id of thew first related party provided

      • isNotAnonymous

        public boolean isNotAnonymous​(java.lang.String userId)
        Checks if the user provided is not Anonymous.
        Parameters:
        userId - The userId provided.
        Returns:
        False if user is anonymous, otherwise true.

      • isNotAnonymous

        public boolean isNotAnonymous​(ProductOrder productOrder)
        Checks if the user provided is not Anonymous.
        Parameters:
        productOrder - the product order from where the related party being checked is obtained.
        Returns:
        False if user is anonymous, otherwise true.

      • isAnonymous

        public boolean isAnonymous​(org.springframework.security.core.Authentication authentication,
                           java.lang.String userId)
        Checks if the user provided is Anonymous and the client is authenticated.
        Parameters:
        authentication - - the authenticated client
        userId - The userId provided.
        Returns:
        true if user is anonymous, otherwise false.

      • isRelatedPartyAuthorizedToUpdateShoppingCart

        @Deprecated(since="1911",
            forRemoval=true)
public boolean isRelatedPartyAuthorizedToUpdateShoppingCart​(org.springframework.security.core.Authentication authentication,
                                                            ShoppingCartUnderscoreUpdate shoppingCart)
        Deprecated, for removal: This API element is subject to removal in a future version.
        since 1911. Use isRelatedPartyAuthorizedShoppingCartUser(Authentication, ShoppingCart)
        From the list of related parties provided in theShoppingCartUnderscoreUpdate object the first item is used for checking if it matches with the principal for which authorization has been obtained.
        Parameters:
        authentication - authentication object
        shoppingCart - the shopping cart from where the list of related parties being checked is obtained
        Returns:
        true in case the authentication is not client only and if the principal matches with the id of the first related party provided

      • isRelatedPartyAuthorizedShoppingCartUser

        public boolean isRelatedPartyAuthorizedShoppingCartUser​(org.springframework.security.core.Authentication authentication,
                                                        ShoppingCart shoppingCart)
        From the list of related parties provided in theShoppingCart object the first item is used for checking if it matches with the principal for which authorization has been obtained.
        Parameters:
        authentication - authentication object
        shoppingCart - the shopping cart from where the list of related parties being checked is obtained
        Returns:
        true in case the authentication is not client only and if the principal matches with the id of the first related party provided

      • isRelatedPartyAuthorizedToCreateShoppingCart

        @Deprecated(since="1911",
            forRemoval=true)
public boolean isRelatedPartyAuthorizedToCreateShoppingCart​(org.springframework.security.core.Authentication authentication,
                                                            ShoppingCartUnderscoreCreate shoppingCart)
        Deprecated, for removal: This API element is subject to removal in a future version.
        since 1911. Use isRelatedPartyAuthorizedShoppingCartUser(Authentication, ShoppingCart)
        From the list of related parties provided in the ShoppingCartUnderscoreCreate object the first item is used for checking if it matches with the principal for which authorization has been obtained.
        Parameters:
        authentication - authentication object
        shoppingCart - the shopping cart from where the list of related parties being checked is obtained
        Returns:
        true in case the authentication is not client only and if the principal matches with the id of the first related party provided

      • isAnonymous

        public boolean isAnonymous​(org.springframework.security.core.Authentication authentication,
                           ShoppingCart shoppingCart)
        Checks if the first user provided in the list of related parties of the shopping cart is Anonymous and the client is authenticated.
        Parameters:
        authentication - the authenticated client
        shoppingCart - the shopping cart from where the list of related parties being checked is obtained
        Returns:
        true if user is anonymous, otherwise false.

      • isAnonymous

        @Deprecated(since="1911",
            forRemoval=true)
public boolean isAnonymous​(org.springframework.security.core.Authentication authentication,
                           ShoppingCartUnderscoreUpdate shoppingCart)
        Deprecated, for removal: This API element is subject to removal in a future version.
        since 1911. Use isAnonymous(Authentication, ShoppingCart)
        Checks if the first user provided in the list of related parties of the shopping cart is Anonymous and the client is authenticated.
        Parameters:
        authentication - the authenticated client
        shoppingCart - the shopping cart from where the list of related parties being checked is obtained
        Returns:
        true if user is anonymous, otherwise false.

      • isAnonymous

        @Deprecated(since="1911",
            forRemoval=true)
public boolean isAnonymous​(org.springframework.security.core.Authentication authentication,
                           ShoppingCartUnderscoreCreate shoppingCart)
        Deprecated, for removal: This API element is subject to removal in a future version.
        since 1911. Use isAnonymous(Authentication, ShoppingCart)
        Checks if the first user provided in the list of related parties of the shopping cart is Anonymous and the client is authenticated.
        Parameters:
        authentication - the authenticated client
        shoppingCart - the shopping cart from where the list of related parties being checked is obtained
        Returns:
        true if user is anonymous, otherwise false.

      • isAnonymous

        public boolean isAnonymous​(org.springframework.security.core.Authentication authentication,
                           java.util.List<RelatedPartyRef> relatedParties)
        Checks if the first user provided in the list of related parties is Anonymous and the client is authenticated.
        Parameters:
        authentication - the authenticated client
        relatedParties - the list of related parties
        Returns:
        true if user is anonymous, otherwise false.

      • isRelatedPartyAuthorizedUserOrAdmin

        public boolean isRelatedPartyAuthorizedUserOrAdmin​(org.springframework.security.core.Authentication authentication,
                                                   java.util.List<RelatedPartyRef> relatedParties)
        From the list of related parties provided the first item is used for checking if it matches with the principal for which authorization has been obtained.
        Parameters:
        authentication - authentication object
        relatedParties - the list of related parties
        Returns:
        true in case the authentication is not client only and if the principal matches with the id of the first related party provided

      • isRelatedPartyTrustedClientAndUpdateStatus

        public boolean isRelatedPartyTrustedClientAndUpdateStatus​(org.springframework.security.core.Authentication authentication,
                                                          ShoppingCart shoppingCart)
        Checks if the request is for updating cart status, related party id matches with principal for which authorization has been obtained and if the client id is trusted or not.
        Parameters:
        authentication - authentication object
        relatedParties - the list of related parties
        Returns:
        true if request is to update cart status and if the principal matches with the id of the first related party provided and client is trusted, otherwise false

      • hasRole

        protected boolean hasRole​(java.lang.String role,
                          org.springframework.security.core.Authentication authentication)
        Checks if the user has given role.
        Parameters:
        role - The role is provided as string
        Returns:
        False if logged in user doesn't have given role, otherwise true.