@ -221,13 +221,22 @@ public class ResourceSetRegistrationEndpoint {
logger . warn ( "Unauthorized resource set request from bad user; expected " + rs . getOwner ( ) + " got " + auth . getName ( ) ) ; logger . warn ( "Unauthorized resource set request from bad user; expected " + rs . getOwner ( ) + " got " + auth . getName ( ) ) ;
// it wasn't issued to this user
// it wasn't issued to this user
m . addAttribute ( "code" , HttpStatus . FORBIDDEN ) ; m . addAttribute ( HttpCodeView . CODE , HttpStatus . FORBIDDEN ) ;
return JsonErrorView . VIEWNAME ;
} else if ( auth instanceof OAuth2Authentication & &
! ( ( OAuth2Authentication ) auth ) . getOAuth2Request ( ) . getClientId ( ) . equals ( rs . getClientId ( ) ) ) {
logger . warn ( "Unauthorized resource set request from bad client; expected " + rs . getClientId ( ) + " got " + ( ( OAuth2Authentication ) auth ) . getOAuth2Request ( ) . getClientId ( ) ) ;
// it wasn't issued to this user
m . addAttribute ( HttpCodeView . CODE , HttpStatus . FORBIDDEN ) ;
return JsonErrorView . VIEWNAME ; return JsonErrorView . VIEWNAME ;
} else { } else {
// user and client matched
resourceSetService . remove ( rs ) ; resourceSetService . remove ( rs ) ;
m . addAttribute ( "code" , HttpStatus . NO_CONTENT ) ; m . addAttribute ( HttpCodeView . CODE , HttpStatus . NO_CONTENT ) ;
return HttpCodeView . VIEWNAME ; return HttpCodeView . VIEWNAME ;
} }
Justin Richer
10 years ago