wso2-extensions · sadilchamishka · Apr 28, 2024 · Apr 28, 2024
diff --git a/...nt/src/main/java/org/wso2/carbon/identity/oauth/endpoint/factory/ScopeServiceFactory.java b/...nt/src/main/java/org/wso2/carbon/identity/oauth/endpoint/factory/ScopeServiceFactory.java
@@ -18,11 +18,13 @@
 
 package org.wso2.carbon.identity.oauth.endpoint.factory;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.config.AbstractFactoryBean;
 import org.wso2.carbon.CarbonConstants;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
+import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
 import org.wso2.carbon.identity.oauth2.IdentityOAuth2ServerException;
 import org.wso2.carbon.identity.oauth2.OAuth2ScopeService;
 import org.wso2.carbon.identity.oauth2.scopeservice.APIResourceBasedScopeMetadataService;
@@ -51,43 +53,63 @@ protected ScopeMetadataService createInstance() throws Exception {
         if (this.scopeMetadataService != null) {
             return this.scopeMetadataService;
         }
+
+        ScopeMetadataService scopeMetadataService = getScopeMetadataService();
+        if (scopeMetadataService != null) {
+            this.scopeMetadataService = scopeMetadataService;
+            return this.scopeMetadataService;
+        }
         // Get the OSGi services registered for ScopeService interface.
         List<Object> scopeServices = PrivilegedCarbonContext
                 .getThreadLocalCarbonContext().getOSGiServices(ScopeMetadataService.class, null);
-        if (scopeServices == null || scopeServices.isEmpty()) {
-            throw new IdentityOAuth2ServerException("No ScopeService implementation found.");
-        }
-
-        ScopeMetadataService selectedService = null;
-        if (scopeServices.size() <= 2) {
-            for (Object scopeService : scopeServices) {
-                if (CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME && scopeService instanceof OAuth2ScopeService) {
-                    selectedService = (ScopeMetadataService) scopeService;
-                    break;
-                } else if (!CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME &&
-                        scopeService instanceof APIResourceBasedScopeMetadataService) {
-                    selectedService = (ScopeMetadataService) scopeService;
-                    break;
+        if (scopeServices != null && !scopeServices.isEmpty()) {
+            if (CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME) {
+                for (Object scopeService : scopeServices) {
+                    if (scopeService instanceof OAuth2ScopeService) {
+                        scopeMetadataService = (ScopeMetadataService) scopeService;
+                    }
                 }
-            }
-        } else {
-            for (Object scopeService : scopeServices) {
-                if (scopeService instanceof OAuth2ScopeService ||
-                        scopeService instanceof APIResourceBasedScopeMetadataService) {
-                    continue;
+            } else {
+                for (Object scopeService : scopeServices) {
+                    if (scopeService instanceof APIResourceBasedScopeMetadataService) {
+                        scopeMetadataService = (APIResourceBasedScopeMetadataService) scopeService;
+                    }
                 }
-                selectedService = (ScopeMetadataService) scopeService;
-                break;
             }
         }
 
-        if (selectedService == null) {
-            throw new IdentityOAuth2ServerException("Suitable ScopeService implementation not found.");
-        }
-        if (log.isDebugEnabled()) {
-            log.debug("Returning the ScopeService: " + selectedService.getClass().getName());
+        if (scopeMetadataService == null) {
+            throw new IdentityOAuth2ServerException("ScopeMetadataService is not available.");
         }
-        this.scopeMetadataService = selectedService;
+        this.scopeMetadataService = scopeMetadataService;
         return this.scopeMetadataService;
     }
+
+    private ScopeMetadataService getScopeMetadataService() {
+
+        String scopeMetadataServiceClassName = OAuthServerConfiguration.getInstance()
+                .getScopeMetadataExtensionImpl();
+        if (scopeMetadataServiceClassName != null) {
+            try {
+                String className = StringUtils.trimToEmpty(scopeMetadataServiceClassName);
+                Class<?> clazz = Class.forName(className);
+                Object obj = clazz.newInstance();
+                if (obj instanceof ScopeMetadataService) {
+                    return (ScopeMetadataService) obj;
+                } else {
+                    log.error(scopeMetadataServiceClassName + " is not an instance of " +
+                            ScopeMetadataService.class.getName());
+                }
+            } catch (ClassNotFoundException e) {
+                log.error("ClassNotFoundException while trying to find class " + scopeMetadataServiceClassName);
+            } catch (InstantiationException e) {
+                log.error("InstantiationException while trying to instantiate class " +
+                        scopeMetadataServiceClassName);
+            } catch (IllegalAccessException e) {
+                log.error("IllegalAccessException while trying to instantiate class " +
+                        scopeMetadataServiceClassName);
+            }
+        }
+        return null;
+    }
 }
diff --git a/...y.oauth/src/main/java/org/wso2/carbon/identity/oauth/config/OAuthServerConfiguration.java b/...y.oauth/src/main/java/org/wso2/carbon/identity/oauth/config/OAuthServerConfiguration.java
@@ -320,6 +320,7 @@ public class OAuthServerConfiguration {
     private String deviceAuthzEPUrl = null;
     private List<String> supportedTokenEndpointSigningAlgorithms = new ArrayList<>();
     private Boolean roleBasedScopeIssuerEnabledConfig = false;
+    private String scopeMetadataExtensionImpl = null;
 
     private OAuthServerConfiguration() {
         buildOAuthServerConfiguration();
@@ -525,6 +526,9 @@ private void buildOAuthServerConfiguration() {
 
         // Read config for using legacy permission access for user based auth.
         parseUseLegacyPermissionAccessForUserBasedAuth(oauthElem);
+
+        // Read config for scope metadata extension implementation.
+        parseScopeMetadataExtensionImpl(oauthElem);
     }
 
     /**
@@ -3722,6 +3726,31 @@ private void parseSupportedTokenEndpointSigningAlgorithms(OMElement algorithms)
         }
     }
 
+    /**
+     * Parse the OAuth2ScopeMetadataExtensionImpl configuration that used to set the scope metadata extension impl
+     * class.
+     *
+     * @param oauthConfigElem oauthConfigElem.
+     */
+    private void parseScopeMetadataExtensionImpl(OMElement oauthConfigElem) {
+
+        OMElement scopeMetadataExtensionImplElem = oauthConfigElem.getFirstChildWithName(
+                getQNameWithIdentityNS(ConfigElements.SCOPE_METADATA_EXTENSION_IMPL));
+        if (scopeMetadataExtensionImplElem != null) {
+            scopeMetadataExtensionImpl = scopeMetadataExtensionImplElem.getText();
+        }
+    }
+
+    /**
+     * Get scope metadata service extension impl class.
+     *
+     * @return ScopeMetadataExtensionImpl class name.
+     */
+    public String getScopeMetadataExtensionImpl() {
+
+        return scopeMetadataExtensionImpl;
+    }
+
     /**
      * Localpart names for the OAuth configuration in identity.xml.
      */
@@ -3986,6 +4015,7 @@ private class ConfigElements {
         private static final String USE_LEGACY_SCOPES_AS_ALIAS_FOR_NEW_SCOPES = "UseLegacyScopesAsAliasForNewScopes";
         private static final String USE_LEGACY_PERMISSION_ACCESS_FOR_USER_BASED_AUTH =
                 "UseLegacyPermissionAccessForUserBasedAuth";
+        private static final String SCOPE_METADATA_EXTENSION_IMPL = "ScopeMetadataService";
     }
 
 }