public void ensureRefreshTokenCreationNotRestricted(ArrayList<String> tokenScopes) { if (isRestrictRefreshGrant && !tokenScopes.contains(UAA_REFRESH_TOKEN)) { throw new InsufficientScopeException(String.format("Expected scope %s is missing", UAA_REFRESH_TOKEN)); } }
public InsufficientScopeException(String msg, Set<String> validScope) { this(msg); addAdditionalInformation("scope", OAuth2Utils.formatParameterList(validScope)); }
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) { int result = ACCESS_ABSTAIN; if (!(authentication instanceof OAuth2Authentication)) { return result; } for (ConfigAttribute attribute : attributes) { if (denyAccess.equals(attribute.getAttribute())) { return ACCESS_DENIED; } } OAuth2Request clientAuthentication = ((OAuth2Authentication) authentication).getOAuth2Request(); for (ConfigAttribute attribute : attributes) { if (this.supports(attribute)) { result = ACCESS_DENIED; Set<String> scopes = clientAuthentication.getScope(); for (String scope : scopes) { if (attribute.getAttribute().toUpperCase().equals((scopePrefix + scope).toUpperCase())) { return ACCESS_GRANTED; } } if (result == ACCESS_DENIED && throwException) { InsufficientScopeException failure = new InsufficientScopeException( "Insufficient scope for this resource", Collections.singleton(attribute.getAttribute() .substring(scopePrefix.length()))); throw new AccessDeniedException(failure.getMessage(), failure); } } } return result; }
Throwable failure = new InsufficientScopeException("Insufficient scope for this resource", missingScopes); throw new AccessDeniedException(failure.getMessage(), failure);
InsufficientScopeException failure = new InsufficientScopeException( "Insufficient scope for this resource", client.getScope()); throw new AccessDeniedException(failure.getMessage(), failure);
public InsufficientScopeException(String msg, Set<String> validScope) { this(msg); addAdditionalInformation("scope", OAuth2Utils.formatParameterList(validScope)); }
/** * Makes sure the authentication contains the given scope, throws an exception otherwise * @param auth the authentication object to check * @param scope the scope to look for * @throws InsufficientScopeException if the authentication does not contain that scope */ public static void ensureOAuthScope(Authentication auth, String scope) { // if auth is OAuth, make sure we've got the right scope if (auth instanceof OAuth2Authentication) { OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) auth; if (oAuth2Authentication.getOAuth2Request().getScope() == null || !oAuth2Authentication.getOAuth2Request().getScope().contains(scope)) { throw new InsufficientScopeException("Insufficient scope", ImmutableSet.of(scope)); } } }
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) { int result = ACCESS_ABSTAIN; if (!(authentication instanceof OAuth2Authentication)) { return result; } for (ConfigAttribute attribute : attributes) { if (denyAccess.equals(attribute.getAttribute())) { return ACCESS_DENIED; } } OAuth2Request clientAuthentication = ((OAuth2Authentication) authentication).getOAuth2Request(); for (ConfigAttribute attribute : attributes) { if (this.supports(attribute)) { result = ACCESS_DENIED; Set<String> scopes = clientAuthentication.getScope(); for (String scope : scopes) { if (attribute.getAttribute().toUpperCase().equals((scopePrefix + scope).toUpperCase())) { return ACCESS_GRANTED; } } if (result == ACCESS_DENIED && throwException) { InsufficientScopeException failure = new InsufficientScopeException( "Insufficient scope for this resource", Collections.singleton(attribute.getAttribute() .substring(scopePrefix.length()))); throw new AccessDeniedException(failure.getMessage(), failure); } } } return result; }
ex = new InsufficientScopeException(errorMessage, OAuth2Utils.parseParameterList((String) errorParams .get("scope")));
InsufficientScopeException failure = new InsufficientScopeException( "Insufficient scope for this resource", client.getScope()); throw new AccessDeniedException(failure.getMessage(), failure);
ex = new InsufficientScopeException(errorMessage, OAuth2Utils.parseParameterList((String) errorParams .get("scope")));
@Override public PermissionTicket createTicket(ResourceSet resourceSet, Set<String> scopes) { // check to ensure that the scopes requested are a subset of those in the resource set if (!scopeService.scopesMatch(resourceSet.getScopes(), scopes)) { throw new InsufficientScopeException("Scopes of resource set are not enough for requested permission."); } Permission perm = new Permission(); perm.setResourceSet(resourceSet); perm.setScopes(scopes); PermissionTicket ticket = new PermissionTicket(); ticket.setPermission(perm); ticket.setTicket(UUID.randomUUID().toString()); ticket.setExpiration(new Date(System.currentTimeMillis() + permissionExpirationSeconds * 1000L)); return repository.save(ticket); }
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { if (authentication instanceof OAuth2Authentication) { OAuth2Request creq = ((OAuth2Authentication) authentication).getOAuth2Request(); List<String> scopes = dedup(creq.getScope()); int matches = 0; int requiredMatches = getRequiredScopes().size(); for (String scope : scopes) { if (requiredScopes.contains(scope)) { matches++; } } if (matches==requiredMatches) { authentication.setAuthenticated(true); return authentication; } else if (isThrowOnNotAuthenticated()) { throw new InsufficientScopeException("Insufficient scopes"); } } else if (isThrowOnNotAuthenticated()) { throw new InvalidTokenException("Missing Oauth 2 authentication."); } return authentication; }
Throwable failure = new InsufficientScopeException("Insufficient scope for this resource", missingScopes); throw new AccessDeniedException(failure.getMessage(), failure);
/** * Makes sure the authentication contains the given scope, throws an exception otherwise * @param auth the authentication object to check * @param scope the scope to look for * @throws InsufficientScopeException if the authentication does not contain that scope */ public static void ensureOAuthScope(Authentication auth, String scope) { // if auth is OAuth, make sure we've got the right scope if (auth instanceof OAuth2Authentication) { OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) auth; if (oAuth2Authentication.getOAuth2Request().getScope() == null || !oAuth2Authentication.getOAuth2Request().getScope().contains(scope)) { throw new InsufficientScopeException("Insufficient scope", ImmutableSet.of(scope)); } } }
ex = new InsufficientScopeException(errorMessage, OAuth2Utils.parseParameterList((String) errorParams .get("scope")));
@Override public PermissionTicket createTicket(ResourceSet resourceSet, Set<String> scopes) { // check to ensure that the scopes requested are a subset of those in the resource set if (!scopeService.scopesMatch(resourceSet.getScopes(), scopes)) { throw new InsufficientScopeException("Scopes of resource set are not enough for requested permission."); } Permission perm = new Permission(); perm.setResourceSet(resourceSet); perm.setScopes(scopes); PermissionTicket ticket = new PermissionTicket(); ticket.setPermission(perm); ticket.setTicket(UUID.randomUUID().toString()); ticket.setExpiration(new Date(System.currentTimeMillis() + permissionExpirationSeconds * 1000L)); return repository.save(ticket); }
ex = new InsufficientScopeException(errorMessage, OAuth2Utils.parseParameterList((String) errorParams .get("scope")));