github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

made RPT granter ignore client's registered scopes (is this right?)

multiparty
Justin Richer 2016-01-20 16:52:44 -05:00
parent 0a4f36f692
commit 64ac9661de
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
uma-server/src/main/java/org/mitre/uma/token/RequestingPartyTokenGranter.java
View File

@ -49,6 +49,7 @@ import org.mitre.uma.service.UmaTokenService;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService; import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Authentication;
@ -164,9 +165,12 @@ public class RequestingPartyTokenGranter extends AbstractTokenGranter {
ClientDetailsEntity clientEntity = clientService.loadClientByClientId(client.getClientId()); ClientDetailsEntity clientEntity = clientService.loadClientByClientId(client.getClientId());
token.setClient(clientEntity); token.setClient(clientEntity);
// re-parse the incoming request
tokenRequest.setScope(OAuth2Utils.parseParameterList(tokenRequest.getRequestParameters().get(OAuth2Utils.SCOPE)));
Set<String> requestScopes = tokenRequest.getScope();
Set<String> ticketScopes = ticket.getPermission().getScopes(); Set<String> ticketScopes = ticket.getPermission().getScopes();
Set<String> policyScopes = result.getMatched().getScopes(); Set<String> policyScopes = result.getMatched().getScopes();
Set<String> requestScopes = tokenRequest.getScope();
Set<String> clientScopes = clientEntity.getScope(); Set<String> clientScopes = clientEntity.getScope();
Set<String> permissionScopes = new HashSet<>(); Set<String> permissionScopes = new HashSet<>();
@ -179,10 +183,12 @@ public class RequestingPartyTokenGranter extends AbstractTokenGranter {
permissionScopes.addAll(ticketScopes); permissionScopes.addAll(ticketScopes);
} }
/*
if (permissionScopes.isEmpty()) { if (permissionScopes.isEmpty()) {
// if still none are requested, go with what the client is registered for by default // if still none are requested, go with what the client is registered for by default
permissionScopes.addAll(clientScopes); permissionScopes.addAll(clientScopes);
} }
*/
if (permissionScopes.isEmpty()) { if (permissionScopes.isEmpty()) {
// if still none are requested, just go with the matched policy set // if still none are requested, just go with the matched policy set