AuthenticationUtilities.java

  1. /*******************************************************************************
  2.  * Copyright 2017 The MIT Internet Trust Consortium
  3.  *
  4.  * Licensed under the Apache License, Version 2.0 (the "License");
  5.  * you may not use this file except in compliance with the License.
  6.  * You may obtain a copy of the License at
  7.  *
  8.  *   http://www.apache.org/licenses/LICENSE-2.0
  9.  *
  10.  * Unless required by applicable law or agreed to in writing, software
  11.  * distributed under the License is distributed on an "AS IS" BASIS,
  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13.  * See the License for the specific language governing permissions and
  14.  * limitations under the License.
  15.  *******************************************************************************/

  17. package org.mitre.oauth2.web;

  19. import org.springframework.security.core.Authentication;
  20. import org.springframework.security.core.GrantedAuthority;
  21. import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
  22. import org.springframework.security.oauth2.provider.OAuth2Authentication;

  24. import com.google.common.collect.ImmutableSet;

  26. /**
  27.  *
  28.  * Utility class to enforce OAuth scopes in authenticated requests.
  29.  *
  30.  * @author jricher
  31.  *
  32.  */
  33. public abstract class AuthenticationUtilities {

  35.     /**
  36.      * Makes sure the authentication contains the given scope, throws an exception otherwise
  37.      * @param auth the authentication object to check
  38.      * @param scope the scope to look for
  39.      * @throws InsufficientScopeException if the authentication does not contain that scope
  40.      */
  41.     public static void ensureOAuthScope(Authentication auth, String scope) {
  42.         // if auth is OAuth, make sure we've got the right scope
  43.         if (auth instanceof OAuth2Authentication) {
  44.             OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) auth;
  45.             if (oAuth2Authentication.getOAuth2Request().getScope() == null
  46.                     || !oAuth2Authentication.getOAuth2Request().getScope().contains(scope)) {
  47.                 throw new InsufficientScopeException("Insufficient scope", ImmutableSet.of(scope));
  48.             }
  49.         }
  50.     }

  52.     /**
  53.      * Check to see if the given auth object has ROLE_ADMIN assigned to it or not
  54.      * @param auth
  55.      * @return
  56.      */
  57.     public static boolean isAdmin(Authentication auth) {
  58.         for (GrantedAuthority grantedAuthority : auth.getAuthorities()) {
  59.             if (grantedAuthority.getAuthority().equals("ROLE_ADMIN")) {
  60.                 return true;
  61.             }
  62.         }
  63.         return false;
  64.     }


  67.     public static boolean hasRole(Authentication auth, String role) {
  68.         for (GrantedAuthority grantedAuthority : auth.getAuthorities()) {
  69.             if (grantedAuthority.getAuthority().equals(role)) {
  70.                 return true;
  71.             }
  72.         }
  73.         return false;

  75.     }

  77. }
Created with JaCoCo 0.7.9.201702052155