-
-
Notifications
You must be signed in to change notification settings - Fork 3.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Ensure that only application wide and service scopes are allowed for …
…token requests
- Loading branch information
1 parent
aae9112
commit a38001f
Showing
14 changed files
with
374 additions
and
12 deletions.
There are no files selected for viewing
37 changes: 37 additions & 0 deletions
37
...th-core-api/src/main/java/org/apereo/cas/support/oauth/scopes/CompositeScopeResolver.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
package org.apereo.cas.support.oauth.scopes; | ||
|
||
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestContext; | ||
|
||
import lombok.RequiredArgsConstructor; | ||
|
||
import java.util.LinkedHashSet; | ||
import java.util.List; | ||
import java.util.Set; | ||
|
||
/** | ||
* This is {@link CompositeScopeResolver}. | ||
* | ||
* @author sbearcsiro | ||
* @since 6.6.0 | ||
*/ | ||
@RequiredArgsConstructor | ||
public class CompositeScopeResolver implements ScopeResolver { | ||
|
||
private final List<ScopeResolver> resolvers; | ||
|
||
@Override | ||
public boolean supportsService(final AccessTokenRequestContext requestContext) { | ||
return resolvers.stream().anyMatch(resolver -> resolver.supportsService(requestContext)); | ||
} | ||
|
||
@Override | ||
public Set<String> resolveRequestScopes(final AccessTokenRequestContext requestContext) { | ||
return resolvers | ||
.stream() | ||
.filter(resolver -> resolver.supportsService(requestContext)) | ||
.map(resolver -> resolver.resolveRequestScopes(requestContext)) | ||
.findFirst() | ||
.orElseGet(LinkedHashSet::new); | ||
} | ||
|
||
} |
30 changes: 30 additions & 0 deletions
30
...re-api/src/main/java/org/apereo/cas/support/oauth/scopes/DefaultOAuth20ScopeResolver.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
package org.apereo.cas.support.oauth.scopes; | ||
|
||
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestContext; | ||
import org.springframework.core.annotation.Order; | ||
|
||
import java.util.LinkedHashSet; | ||
import java.util.Set; | ||
|
||
/** | ||
* This is {@link DefaultOAuth20ScopeResolver}. | ||
* | ||
* Since OAuth services don't know about scopes all scopes are allowed. | ||
* | ||
* @author sbearcsiro | ||
* @since 6.6.0 | ||
*/ | ||
@Order | ||
public class DefaultOAuth20ScopeResolver implements ScopeResolver { | ||
|
||
@Override | ||
public boolean supportsService(final AccessTokenRequestContext requestContext) { | ||
return true; | ||
} | ||
|
||
@Override | ||
public Set<String> resolveRequestScopes(final AccessTokenRequestContext requestContext) { | ||
return new LinkedHashSet<>(requestContext.getScopes()); | ||
} | ||
|
||
} |
30 changes: 30 additions & 0 deletions
30
...pport-oauth-core-api/src/main/java/org/apereo/cas/support/oauth/scopes/ScopeResolver.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
package org.apereo.cas.support.oauth.scopes; | ||
|
||
import org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestContext; | ||
|
||
import java.util.Set; | ||
|
||
/** | ||
* Implementations of this interface resolve the allowed scopes for a given request context. | ||
* | ||
* @author sbearcsiro | ||
* @since 6.6.0 | ||
*/ | ||
public interface ScopeResolver { | ||
|
||
/** | ||
* Whether this {@link ScopeResolver} supports the given request context. | ||
* @param requestContext The request context | ||
* @return true if the resolver can handle the given context | ||
*/ | ||
boolean supportsService(AccessTokenRequestContext requestContext); | ||
|
||
/** | ||
* Resolves the scopes for the request context. | ||
* | ||
* @param requestContext The request context | ||
* @return The set of allowed scopes for this request | ||
*/ | ||
Set<String> resolveRequestScopes(AccessTokenRequestContext requestContext); | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.