protected void checkClientIdpAuthorization(BaseClientDetails client, UaaUser user) { List<String> allowedProviders = (List<String>)client.getAdditionalInformation().get(ClientConstants.ALLOWED_PROVIDERS); if (allowedProviders==null) { //null means any providers - no allowed providers means that we always allow it (backwards compatible) return; } else if (allowedProviders.isEmpty()){ throw new UnauthorizedClientException ("Client is not authorized for any identity providers."); } try { IdentityProvider provider = providerProvisioning.retrieveByOrigin(user.getOrigin(), user.getZoneId()); if (provider==null || !allowedProviders.contains(provider.getOriginKey())) { throw new DisallowedIdpException("Client is not authorized for specified user's identity provider."); } } catch (EmptyResultDataAccessException x) { //this should not happen...but if it does throw new UnauthorizedClientException ("User does not belong to a valid identity provider."); } }
ex = new UnauthorizedClientException(errorMessage);
return new UnauthorizedClientException(errorMessage);
ex = new UnauthorizedClientException(errorMessage);
ex = new UnauthorizedClientException(errorMessage);
return new UnauthorizedClientException(errorMessage);
ex = new UnauthorizedClientException(errorMessage);