These are the key components relevant for vendor security and narrowing.
This is the central component responsible for performing security policy validation.
It extends from
DefaultTrackablePolicyUtils to include vendor considerations on top of the base validation.
Additionally, it exposes utility methods for other components to leverage vendor-specific behavior.
This is a utility internally used by
VendorAwareTrackablePolicyUtils to extract vendor privilege information from an authentication’s claims.
It ultimately converts these details into an easier-to-understand
Implementations should not need to change the behavior in this component unless there is a change in the structure/content of the interesting token claims produced by the authentication service.
This is the top-level component that consumers should typically rely on when needing to perform entity-specific vendor-related operations.
It itself injects all
VendorVisibilityHandler components and is responsible for delegating to the appropriate handler given a particular entity type.
This is the main component that should be implemented in order to make an entity vendor-discriminated.
Each entity may have different requirements about how it associates to vendors or what its security/narrowing behavior should be.
VendorVisibilityHandler abstraction encapsulates all entity-specific behavior, which simultaneously maximizes implementation flexibility and minimizes the code needed to get things working.
Responsible for registering a vendor-narrowing
QueryInfluencer on each API request’s
TrackableRepository implementation will then apply the
QueryInfluencer to build vendor-narrowing filters for the queries that are run.
If a vendor discriminated entity needs to be cacheable, then cache key generation needs to account for the differences in API callers' vendor restrictions.
This component provides a mechanism by which a key generator can include these details in the cache key.
CatalogVendorAwareCacheKeyEnhancer for default implementations, and see
DataTrackingKeyGen for how to use them.