org.broadleafcommerce.profile.web.core.security

Class CustomerStateRequestProcessor

java.lang.Object

org.broadleafcommerce.common.web.AbstractBroadleafWebRequestProcessor

org.broadleafcommerce.profile.web.core.security.CustomerStateRequestProcessor

All Implemented Interfaces:

BroadleafWebRequestProcessor, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationEventPublisherAware

@Component(value="blCustomerStateRequestProcessor")
public class CustomerStateRequestProcessor
extends AbstractBroadleafWebRequestProcessor
implements org.springframework.context.ApplicationEventPublisherAware

Author:

Phillip Verheyden

See Also:

CustomerStateFilter}

Field Summary

Fields

Modifier and Type	Field and Description
static String	ANONYMOUS_CUSTOMER_ID_SESSION_ATTRIBUTE_NAME
static String	ANONYMOUS_CUSTOMER_MERGED_SESSION_ATTRIBUTE_NAME
static String	ANONYMOUS_CUSTOMER_SESSION_ATTRIBUTE_NAME
static String	BLC_RULE_MAP_PARAM
protected CustomerMergeExtensionManager	customerMergeExtensionManager
protected CustomerService	customerService
protected org.springframework.context.ApplicationEventPublisher	eventPublisher
protected org.apache.commons.logging.Log	logger Logger for this class and subclasses
static String	OVERRIDE_CUSTOMER_SESSION_ATTR_NAME

Constructor Summary

Constructors

Constructor and Description
CustomerStateRequestProcessor()

Method Summary

Methods

Modifier and Type	Method and Description
protected Customer	copyAnonymousCustomerInfoToCustomer(org.springframework.web.context.request.WebRequest request, Customer anonymous, Customer customer) This allows the customer object to be augmented by information that may have been stored on the anonymous customer or session.
Customer	getAnonymousCustomer(org.springframework.web.context.request.WebRequest request) Returns the anonymous customer that was saved in session.
static String	getAnonymousCustomerIdSessionAttributeName() Returns the session attribute to store the anonymous customer ID.
static String	getAnonymousCustomerMergedSessionAttributeName() This is the name of a session attribute that holds whether or not the anonymous customer has been merged into the logged in customer.
static String	getAnonymousCustomerSessionAttributeName() Returns the session attribute to store the anonymous customer.
static String	getCustomerRequestAttributeName() The request-scoped attribute that should store the Customer.
protected Customer	mergeCustomerIfRequired(org.springframework.web.context.request.WebRequest request, Customer customer) Allows the merging of anonymous customer data and / or session data, to the logged in customer, if required.
void	process(org.springframework.web.context.request.WebRequest request)
Customer	resolveAnonymousCustomer(org.springframework.web.context.request.WebRequest request) Implementors can subclass to change how anonymous customers are created.
Customer	resolveAuthenticatedCustomer(org.springframework.security.core.Authentication authentication) Subclasses can extend to resolve other types of Authentication tokens
void	setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher eventPublisher)

Methods inherited from class org.broadleafcommerce.common.web.AbstractBroadleafWebRequestProcessor

postProcess

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected final org.apache.commons.logging.Log logger

Logger for this class and subclasses

BLC_RULE_MAP_PARAM

public static final String BLC_RULE_MAP_PARAM

See Also:

Constant Field Values

customerService

protected CustomerService customerService

customerMergeExtensionManager

protected CustomerMergeExtensionManager customerMergeExtensionManager

eventPublisher

protected org.springframework.context.ApplicationEventPublisher eventPublisher

ANONYMOUS_CUSTOMER_SESSION_ATTRIBUTE_NAME

public static final String ANONYMOUS_CUSTOMER_SESSION_ATTRIBUTE_NAME

See Also:

Constant Field Values

ANONYMOUS_CUSTOMER_ID_SESSION_ATTRIBUTE_NAME

public static final String ANONYMOUS_CUSTOMER_ID_SESSION_ATTRIBUTE_NAME

See Also:

Constant Field Values

OVERRIDE_CUSTOMER_SESSION_ATTR_NAME

public static final String OVERRIDE_CUSTOMER_SESSION_ATTR_NAME

See Also:

Constant Field Values

ANONYMOUS_CUSTOMER_MERGED_SESSION_ATTRIBUTE_NAME

public static final String ANONYMOUS_CUSTOMER_MERGED_SESSION_ATTRIBUTE_NAME

See Also:

Constant Field Values

Constructor Detail

CustomerStateRequestProcessor

public CustomerStateRequestProcessor()

Method Detail

process

public void process(org.springframework.web.context.request.WebRequest request)

Specified by:

process in interface BroadleafWebRequestProcessor

mergeCustomerIfRequired

protected Customer mergeCustomerIfRequired(org.springframework.web.context.request.WebRequest request,
                               Customer customer)

Allows the merging of anonymous customer data and / or session data, to the logged in customer, if required. This is written to only require it to happen once.

Parameters:

request -

customer -

Returns:

copyAnonymousCustomerInfoToCustomer

protected Customer copyAnonymousCustomerInfoToCustomer(org.springframework.web.context.request.WebRequest request,
                                           Customer anonymous,
                                           Customer customer)

This allows the customer object to be augmented by information that may have been stored on the anonymous customer or session. After login, a new instance of customer is created that is different from the anonymous customer. In many cases, there are reasons that the anonymous customer may have had data associated with them that is required on the new customer. For example, customer attributes, promotions, promo codes, etc. may have been associated with the anonymous customer, and we want them to be copied to this customer. The default implementation does not copy data. It simply provides a hook for implementors to extend / implement this method. You should consider security when copying data from one customer to another.

Parameters:

request -

anonymous -

customer -

Returns:

resolveAuthenticatedCustomer

public Customer resolveAuthenticatedCustomer(org.springframework.security.core.Authentication authentication)

Subclasses can extend to resolve other types of Authentication tokens

Parameters:

authentication -

Returns:

resolveAnonymousCustomer

public Customer resolveAnonymousCustomer(org.springframework.web.context.request.WebRequest request)

Implementors can subclass to change how anonymous customers are created. Note that this method is intended to actually create the anonymous customer if one does not exist. If you are looking to just get the current anonymous customer (if it exists) then instead use the getAnonymousCustomer(WebRequest) method.

The intended behavior of this method is as follows:

• Look for a Customer on the session
• If a customer is found in session, keep using the session-based customer
• If a customer is not found in session
• Look for a customer ID in session
• If a customer ID is found in session:
• Look up the customer in the database
• If no there is no customer ID in session (and thus no Customer)
1. Create a new customer
2. Put the newly-created Customer in session

Parameters:

request -

Returns:

See Also:

#getAnonymousCustomer(WebRequest)}, #getAnonymousCustomerAttributeName()}, #getAnonymousCustomerIdAttributeName()}

getAnonymousCustomer

public Customer getAnonymousCustomer(org.springframework.web.context.request.WebRequest request)

Returns the anonymous customer that was saved in session. This first checks for a full customer in session (meaning that the customer has not already been persisted) and returns that. If there is no full customer in session (and there is instead just an anonymous customer ID) then this will look up the customer from the database using that and return it.

Parameters:

request - the current request

Returns:

the anonymous customer in session or null if there is no anonymous customer represented in session

See Also:

#getAnonymousCustomerSessionAttributeName()}, #getAnonymousCustomerIdSessionAttributeName()}

getAnonymousCustomerSessionAttributeName

public static String getAnonymousCustomerSessionAttributeName()

Returns the session attribute to store the anonymous customer. Some implementations may wish to have a different anonymous customer instance (and as a result a different cart). The entire Customer should be stored in session ONLY if that Customer has not already been persisted to the database. Once it has been persisted (like once the user has added something to the cart) then #getAnonymousCustomerIdAttributeName() should be used instead.

Returns:

the session attribute for an anonymous Customer that has not been persisted to the database yet

getAnonymousCustomerIdSessionAttributeName

public static String getAnonymousCustomerIdSessionAttributeName()

Returns the session attribute to store the anonymous customer ID. This session attribute should be used to track anonymous customers that have not registered but have state in the database. When users first visit the Broadleaf site, a new Customer is instantiated but is only saved in session and not persisted to the database. However, once that user adds something to the cart, that Customer is now saved in the database and it no longer makes sense to pull back a full Customer object from session, as any session-based Customer will be out of date in regards to Hibernate (specifically with lists).

So, once Broadleaf detects that the session-based Customer has been persisted, it should remove the session-based Customer and then utilize just the customer ID from session.

See Also:

CustomerStateRefresher}

setApplicationEventPublisher

public void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher eventPublisher)

Specified by:

setApplicationEventPublisher in interface org.springframework.context.ApplicationEventPublisherAware

getCustomerRequestAttributeName

public static String getCustomerRequestAttributeName()

The request-scoped attribute that should store the Customer.

 Customer customer = (Customer) request.getAttribute(CustomerStateRequestProcessor.getCustomerRequestAttributeName());
 //this is equivalent to the above invocation
 Customer customer = CustomerState.getCustomer();
 

Returns:

See Also:

CustomerState}

getAnonymousCustomerMergedSessionAttributeName

public static String getAnonymousCustomerMergedSessionAttributeName()

This is the name of a session attribute that holds whether or not the anonymous customer has been merged into the logged in customer. This is useful for tracking as often there is an anonymous customer that has customer attributes or other data that is saved on the customer in the database or in transient properties. It is often beneficial, after logging in, to copy certain properties to the logged in customer.

Returns: