Package de.hybris.platform.b2ctelcotmfwebservices.security

Class UserValidator

java.lang.Object
de.hybris.platform.b2ctelcotmfwebservices.security.UserValidator
public class UserValidator extends Object
Validates if the authenticated user is authorized to access a resource
Since:
1907

  • Constructor Details

  • Method Details

    • userIsProvided

      public boolean userIsProvided(org.springframework.security.core.Authentication authentication, String relatedPartyId)
      Checks if the authorization token was obtained for a specific user or a relatedPartyId was provided. If the authorization token was obtained for a specific user AND a related party was provided, they should match.
      Parameters:
      authentication - the authentication object
      relatedPartyId - the related party id provided as request parameter
      Returns:
      true, if the token was obtained for a specific user OR a related party id was provided as request parameter true, if the user for which the token was obtained match related party (if both exists) false, if no related party was provided and authorization token was not obtained for a specific user

    • isNotClientOnlyAndRelatedPartyMatchesUser

      public boolean isNotClientOnlyAndRelatedPartyMatchesUser(org.springframework.security.core.Authentication authentication, String relatedPartyId)

    • isNotClientOnly

      public boolean isNotClientOnly(org.springframework.security.core.Authentication authentication)

    • validateUser

      public boolean validateUser(org.springframework.security.core.Authentication authentication, String userId)

    • userMatchRelatedParty

      public boolean userMatchRelatedParty(org.springframework.security.core.Authentication authentication, String relatedPartyId)
      If the authorization token was obtained for a specific user AND a related party was provided, they should match.
      Parameters:
      authentication - the authentication object
      relatedPartyId - the related party id provided as request parameter
      Returns:
      true, if the user for which the token was obtained match related party (if both exists); true, if only one is provided (user or related party) true, if neither user nor related party is provided false, if user don't match related party

    • principalMatchRelatedPartyOrUserIsProvided

      public boolean principalMatchRelatedPartyOrUserIsProvided(org.springframework.security.core.Authentication authentication, String relatedPartyId)
      If the authorization token was obtained for a specific user AND a related party was provided, they should match. Otherwise, the token must be obtained for a specific user.
      Parameters:
      authentication - the authentication object
      relatedPartyId - the related party id provided as request parameter
      Returns:
      true, if the authorization token was obtained for a specific user true, if the user for which the token was obtained match related party (if both exists) false, if authorization token was not obtained for a specific user OR user for which the authorization token was obtained don't match related party

    • isResourceOwner

      public boolean isResourceOwner(org.springframework.security.core.Authentication authentication, QueryProductRecommendation queryProductRecommendation)

    • isResourceOwner

      public boolean isResourceOwner(org.springframework.security.core.Authentication authentication, String userId)

    • isSubscriptionBaseOwner

      public boolean isSubscriptionBaseOwner(org.springframework.security.core.Authentication authentication, String subscriptionBaseId)

    • isRelatedPartyAuthorizedToPlaceOrder

      public boolean isRelatedPartyAuthorizedToPlaceOrder(org.springframework.security.core.Authentication authentication, ProductOrder productOrder)
      From the list of related parties provided in the productOrder object the first item is used for checking if it matches with the principal for which authorization has been obtained.
      Parameters:
      authentication - authentication object
      productOrder - the product order from where the related party being checked is obtained
      Returns:
      true in case the authentication is not client only and if the principal matches with the id of thew first related party provided

    • isRelatedPartyAuthorizedToPlaceOrder

      public boolean isRelatedPartyAuthorizedToPlaceOrder(org.springframework.security.core.Authentication authentication, List<RelatedPartyRef> relatedParties)
      From the list of related parties provided the first item is used for checking if it matches with the principal for which authorization has been obtained.
      Parameters:
      authentication - authentication object
      relatedParties - related parties being checked
      Returns:
      true in case the authentication is not client only and if the principal matches with the id of thew first related party provided

    • isNotAnonymous

      public boolean isNotAnonymous(String userId)
      Checks if the user provided is not Anonymous.
      Parameters:
      userId - The userId provided.
      Returns:
      False if user is anonymous, otherwise true.

    • isNotAnonymous

      public boolean isNotAnonymous(ProductOrder productOrder)
      Checks if the user provided is not Anonymous.
      Parameters:
      productOrder - the product order from where the related party being checked is obtained.
      Returns:
      False if user is anonymous, otherwise true.

    • isNotAnonymous

      public boolean isNotAnonymous(List<RelatedPartyRef> relatedParties)
      Checks if user provided in the RelatedPartyRef list is anonymous. .
      Parameters:
      relatedParties - the product order from where the related party being checked is obtained.
      Returns:
      False if user is anonymous, otherwise true.

    • isAnonymous

      public boolean isAnonymous(org.springframework.security.core.Authentication authentication, String userId)
      Checks if the user provided is Anonymous and the client is authenticated.
      Parameters:
      authentication - - the authenticated client
      userId - The userId provided.
      Returns:
      true if user is anonymous, otherwise false.

    • isRelatedPartyAuthorizedToUpdateShoppingCart

      @Deprecated(since="1911", forRemoval=true) public boolean isRelatedPartyAuthorizedToUpdateShoppingCart(org.springframework.security.core.Authentication authentication, ShoppingCartUnderscoreUpdate shoppingCart)
      Deprecated, for removal: This API element is subject to removal in a future version.
      since 1911. Use isRelatedPartyAuthorizedShoppingCartUser(Authentication, ShoppingCart)
      From the list of related parties provided in theShoppingCartUnderscoreUpdate object the first item is used for checking if it matches with the principal for which authorization has been obtained.
      Parameters:
      authentication - authentication object
      shoppingCart - the shopping cart from where the list of related parties being checked is obtained
      Returns:
      true in case the authentication is not client only and if the principal matches with the id of the first related party provided

    • isRelatedPartyAuthorizedShoppingCartUser

      public boolean isRelatedPartyAuthorizedShoppingCartUser(org.springframework.security.core.Authentication authentication, ShoppingCart shoppingCart)
      From the list of related parties provided in theShoppingCart object the first item is used for checking if it matches with the principal for which authorization has been obtained.
      Parameters:
      authentication - authentication object
      shoppingCart - the shopping cart from where the list of related parties being checked is obtained
      Returns:
      true in case the authentication is not client only and if the principal matches with the id of the first related party provided

    • isRelatedPartyAuthorizedToCreateShoppingCart

      @Deprecated(since="1911", forRemoval=true) public boolean isRelatedPartyAuthorizedToCreateShoppingCart(org.springframework.security.core.Authentication authentication, ShoppingCartUnderscoreCreate shoppingCart)
      Deprecated, for removal: This API element is subject to removal in a future version.
      since 1911. Use isRelatedPartyAuthorizedShoppingCartUser(Authentication, ShoppingCart)
      From the list of related parties provided in the ShoppingCartUnderscoreCreate object the first item is used for checking if it matches with the principal for which authorization has been obtained.
      Parameters:
      authentication - authentication object
      shoppingCart - the shopping cart from where the list of related parties being checked is obtained
      Returns:
      true in case the authentication is not client only and if the principal matches with the id of the first related party provided

    • isAnonymous

      public boolean isAnonymous(org.springframework.security.core.Authentication authentication, ShoppingCart shoppingCart)
      Checks if the first user provided in the list of related parties of the shopping cart is Anonymous and the client is authenticated.
      Parameters:
      authentication - the authenticated client
      shoppingCart - the shopping cart from where the list of related parties being checked is obtained
      Returns:
      true if user is anonymous, otherwise false.

    • isAnonymous

      @Deprecated(since="1911", forRemoval=true) public boolean isAnonymous(org.springframework.security.core.Authentication authentication, ShoppingCartUnderscoreUpdate shoppingCart)
      Deprecated, for removal: This API element is subject to removal in a future version.
      since 1911. Use isAnonymous(Authentication, ShoppingCart)
      Checks if the first user provided in the list of related parties of the shopping cart is Anonymous and the client is authenticated.
      Parameters:
      authentication - the authenticated client
      shoppingCart - the shopping cart from where the list of related parties being checked is obtained
      Returns:
      true if user is anonymous, otherwise false.

    • isAnonymous

      @Deprecated(since="1911", forRemoval=true) public boolean isAnonymous(org.springframework.security.core.Authentication authentication, ShoppingCartUnderscoreCreate shoppingCart)
      Deprecated, for removal: This API element is subject to removal in a future version.
      since 1911. Use isAnonymous(Authentication, ShoppingCart)
      Checks if the first user provided in the list of related parties of the shopping cart is Anonymous and the client is authenticated.
      Parameters:
      authentication - the authenticated client
      shoppingCart - the shopping cart from where the list of related parties being checked is obtained
      Returns:
      true if user is anonymous, otherwise false.

    • isAnonymous

      public boolean isAnonymous(org.springframework.security.core.Authentication authentication, List<RelatedPartyRef> relatedParties)
      Checks if the first user provided in the list of related parties is Anonymous and the client is authenticated.
      Parameters:
      authentication - the authenticated client
      relatedParties - the list of related parties
      Returns:
      true if user is anonymous, otherwise false.

    • isRelatedPartyAuthorizedUserOrAdmin

      public boolean isRelatedPartyAuthorizedUserOrAdmin(org.springframework.security.core.Authentication authentication, List<RelatedPartyRef> relatedParties)
      From the list of related parties provided the first item is used for checking if it matches with the principal for which authorization has been obtained.
      Parameters:
      authentication - authentication object
      relatedParties - the list of related parties
      Returns:
      true in case the authentication is not client only and if the principal matches with the id of the first related party provided

    • isRelatedPartyTrustedClientAndUpdateStatus

      public boolean isRelatedPartyTrustedClientAndUpdateStatus(org.springframework.security.core.Authentication authentication, ShoppingCart shoppingCart)
      Checks if the request is for updating cart status, related party id matches with principal for which authorization has been obtained and if the client id is trusted or not.
      Parameters:
      authentication - authentication object
      shoppingCart - The shopping cart
      Returns:
      true if request is to update cart status and if the principal matches with the id of the first related party provided and client is trusted, otherwise false

    • isAuthorizedSubscriptionUser

      public boolean isAuthorizedSubscriptionUser(org.springframework.security.core.Authentication authentication, String identifier)
      Checks if the user has access to the subscribed product or subscription base of given id and the client is authenticated.
      Parameters:
      authentication - the authenticated client
      identifier - identifier of subscribed product or subscription base
      Returns:
      true if user has Owner or Beneficiary access to subscribed product or subscription base, otherwise false.

    • canUserListOrders

      public boolean canUserListOrders(org.springframework.security.core.Authentication authentication, String relatedPartyId)
      Checks if the user is able to access orders. The business logic of the access to orders is defined in the corresponding order service.
      Parameters:
      authentication - the authenticated client
      relatedPartyId - identifier of the related party
      Returns:
      true if related party provided is able to access orders, otherwise false.

    • isAuthorizedForProductOrderUpdate

      public boolean isAuthorizedForProductOrderUpdate(org.springframework.security.core.Authentication authentication, ProductOrder productOrder, String orderId)
      Checks if the authenticated party has required permissions to access the requested product order.
      Parameters:
      authentication - The authentication object
      productOrder - The product order
      Returns:
      True if the authenticated object has the required permissions to access the requested product order, otherwise false

    • isAuthorizedForProductOrderUpdate

      public boolean isAuthorizedForProductOrderUpdate(org.springframework.security.core.Authentication authentication, List<RelatedPartyRef> relatedParties, String orderId)
      Checks if the authenticated party has required permissions to access the requested product order.
      Parameters:
      authentication - The authentication object
      relatedParties - The related party list of the product order
      Returns:
      True if the authenticated object has the required permissions to access the requested product order, otherwise false

    • isPaymentMethodResourceOwner

      public boolean isPaymentMethodResourceOwner(org.springframework.security.core.Authentication authentication, String id)
      Checks if the logged in user is the owner of the credit card payment method having the given id
      Parameters:
      id - the payment method id
      Returns:
      False if user is not the owner, otherwise true.

    • hasRole

      protected boolean hasRole(String role, org.springframework.security.core.Authentication authentication)
      Checks if the user has given role.
      Parameters:
      role - The role is provided as string
      authentication - The authentication object
      Returns:
      False if logged in user doesn't have given role, otherwise true.

    • getTmaSubscribedProductFacade

      protected TmaSubscribedProductFacade getTmaSubscribedProductFacade()

    • getTmaSubscriptionBaseFacade

      protected TmaSubscriptionBaseFacade getTmaSubscriptionBaseFacade()

    • getOrderFacade

      protected TmaOrderFacade getOrderFacade()

    • getTmaCustomerFacade

      protected TmaCustomerFacade getTmaCustomerFacade()