Source code

001/*******************************************************************************
002 * Copyright 2017 The MIT Internet Trust Consortium
003 *
004 * Portions copyright 2011-2013 The MITRE Corporation
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License");
007 * you may not use this file except in compliance with the License.
008 * You may obtain a copy of the License at
009 *
010 *   http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 *******************************************************************************/
018/**
019 *
020 */
021package org.mitre.oauth2.token;
022
023import java.util.Set;
024
025import org.mitre.oauth2.service.SystemScopeService;
026import org.springframework.beans.factory.annotation.Autowired;
027import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
028import org.springframework.security.oauth2.provider.AuthorizationRequest;
029import org.springframework.security.oauth2.provider.ClientDetails;
030import org.springframework.security.oauth2.provider.OAuth2RequestValidator;
031import org.springframework.security.oauth2.provider.TokenRequest;
032
033/**
034 *
035 * Validates the scopes on a request by comparing them against a client's
036 * allowed scopes, but allow custom scopes to function through the system scopes
037 *
038 * @author jricher
039 *
040 */
041public class ScopeServiceAwareOAuth2RequestValidator implements OAuth2RequestValidator {
042
043        @Autowired
044        private SystemScopeService scopeService;
045
046        /* (non-Javadoc)
047         * @see org.springframework.security.oauth2.provider.OAuth2RequestValidator#validateScope(java.util.Map, java.util.Set)
048         */
049        private void validateScope(Set<String> requestedScopes, Set<String> clientScopes) throws InvalidScopeException {
050                if (requestedScopes != null && !requestedScopes.isEmpty()) {
051                        if (clientScopes != null && !clientScopes.isEmpty()) {
052                                if (!scopeService.scopesMatch(clientScopes, requestedScopes)) {
053                                        throw new InvalidScopeException("Invalid scope; requested:" + requestedScopes, clientScopes);
054                                }
055                        }
056                }
057        }
058
059        @Override
060        public void validateScope(AuthorizationRequest authorizationRequest, ClientDetails client) throws InvalidScopeException {
061                validateScope(authorizationRequest.getScope(), client.getScope());
062        }
063
064        @Override
065        public void validateScope(TokenRequest tokenRequest, ClientDetails client) throws InvalidScopeException {
066                validateScope(tokenRequest.getScope(), client.getScope());
067        }
068
069}