I think someone exercising their legal rights, such as their right to enter a business open to the public and their right to free speech inside that establishment, in a way that harms the business should be something a business can "punish" by refusing to do business with that individual.

I do not think it would be good public policy to prohibit this. I also don't believe, in the United States at least, this conduct is currently legally prohibited.

I previously gave an example of a situation in which I think the correct resolution is for the business to, as you put it, retaliate against someone exercising their legal rights.

A second example of the same type of retaliation is a business denying future sales to an individual who repeatedly purchases and then returns physical merchandise. I think blacklisting that individual is both morally and legally sound.

For the record, I think the definition of "retaliation" needs to include a desire to harm the other party. If your only desire is self-protection, I do not believe it qualifies as retaliation.