public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) { int result = ACCESS_ABSTAIN; if (!(authentication instanceof OAuth2Authentication)) { return result; } for (ConfigAttribute attribute : attributes) { if (denyAccess.equals(attribute.getAttribute())) { return ACCESS_DENIED; } } OAuth2Request clientAuthentication = ((OAuth2Authentication) authentication).getOAuth2Request(); for (ConfigAttribute attribute : attributes) { if (this.supports(attribute)) { result = ACCESS_DENIED; Set<String> scopes = clientAuthentication.getScope(); for (String scope : scopes) { if (attribute.getAttribute().toUpperCase().equals((scopePrefix + scope).toUpperCase())) { return ACCESS_GRANTED; } } if (result == ACCESS_DENIED && throwException) { InsufficientScopeException failure = new InsufficientScopeException( "Insufficient scope for this resource", Collections.singleton(attribute.getAttribute() .substring(scopePrefix.length()))); throw new AccessDeniedException(failure.getMessage(), failure); } } } return result; }
InsufficientScopeException failure = new InsufficientScopeException( "Insufficient scope for this resource", client.getScope()); throw new AccessDeniedException(failure.getMessage(), failure);
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) { int result = ACCESS_ABSTAIN; if (!(authentication instanceof OAuth2Authentication)) { return result; } for (ConfigAttribute attribute : attributes) { if (denyAccess.equals(attribute.getAttribute())) { return ACCESS_DENIED; } } OAuth2Request clientAuthentication = ((OAuth2Authentication) authentication).getOAuth2Request(); for (ConfigAttribute attribute : attributes) { if (this.supports(attribute)) { result = ACCESS_DENIED; Set<String> scopes = clientAuthentication.getScope(); for (String scope : scopes) { if (attribute.getAttribute().toUpperCase().equals((scopePrefix + scope).toUpperCase())) { return ACCESS_GRANTED; } } if (result == ACCESS_DENIED && throwException) { InsufficientScopeException failure = new InsufficientScopeException( "Insufficient scope for this resource", Collections.singleton(attribute.getAttribute() .substring(scopePrefix.length()))); throw new AccessDeniedException(failure.getMessage(), failure); } } } return result; }
InsufficientScopeException failure = new InsufficientScopeException( "Insufficient scope for this resource", client.getScope()); throw new AccessDeniedException(failure.getMessage(), failure);