|
|
|
@ -79,6 +79,9 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
@Autowired
|
|
|
|
|
private TokenEnhancer tokenEnhancer;
|
|
|
|
|
|
|
|
|
|
@Autowired
|
|
|
|
|
private SystemScopeService scopeService;
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public Set<OAuth2AccessTokenEntity> getAllAccessTokensForUser(String id) {
|
|
|
|
|
|
|
|
|
@ -144,6 +147,8 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
//not unmodifiable. Unmodifiables don't play nicely with Eclipselink, which
|
|
|
|
|
//wants to use the clone operation.
|
|
|
|
|
Set<String> scopes = Sets.newHashSet(clientAuth.getScope());
|
|
|
|
|
// remove any of the special system scopes
|
|
|
|
|
scopes = scopeService.removeRestrictedScopes(scopes);
|
|
|
|
|
token.setScope(scopes);
|
|
|
|
|
|
|
|
|
|
// make it expire if necessary
|
|
|
|
@ -254,8 +259,13 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|
|
|
|
|
|
|
|
|
// get the stored scopes from the authentication holder's authorization request; these are the scopes associated with the refresh token
|
|
|
|
|
Set<String> refreshScopes = new HashSet<String>(refreshToken.getAuthenticationHolder().getAuthentication().getOAuth2Request().getScope());
|
|
|
|
|
// remove any of the special system scopes
|
|
|
|
|
refreshScopes = scopeService.removeRestrictedScopes(refreshScopes);
|
|
|
|
|
|
|
|
|
|
Set<String> scope = authRequest.getScope() == null ? new HashSet<String>() : new HashSet<String>(authRequest.getScope());
|
|
|
|
|
// remove any of the special system scopes
|
|
|
|
|
scope = scopeService.removeRestrictedScopes(scope);
|
|
|
|
|
|
|
|
|
|
if (scope != null && !scope.isEmpty()) {
|
|
|
|
|
// ensure a proper subset of scopes
|
|
|
|
|
if (refreshScopes != null && refreshScopes.containsAll(scope)) {
|
|
|
|
|