github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

made permission service enforce scoping

pull/708/merge
Justin Richer 2015-03-06 15:50:14 -05:00
parent 5ff9cd1bbb
commit e59e988809
2 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openid-connect-common/src/main/java/org/mitre/uma/service/PermissionService.java
View File

@ -21,6 +21,7 @@ import java.util.Set;
import org.mitre.uma.model.Permission; import org.mitre.uma.model.Permission;
import org.mitre.uma.model.ResourceSet; import org.mitre.uma.model.ResourceSet;
import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
/** /**
@ -33,6 +34,7 @@ public interface PermissionService {
* @param resourceSet the resource set to create the permission on * @param resourceSet the resource set to create the permission on
* @param scopes the set of scopes that this permission is for * @param scopes the set of scopes that this permission is for
* @return the created (and stored) permission object, with ticket * @return the created (and stored) permission object, with ticket
* @throws InsufficientScopeException if the scopes in scopes don't match those in resourceSet.getScopes
*/ */
public Permission create(ResourceSet resourceSet, Set<String> scopes); public Permission create(ResourceSet resourceSet, Set<String> scopes);

12
openid-connect-server/src/main/java/org/mitre/uma/service/impl/DefaultPermissionService.java
View File

@ -20,11 +20,13 @@ package org.mitre.uma.service.impl;
import java.util.Set; import java.util.Set;
import java.util.UUID; import java.util.UUID;
import org.mitre.oauth2.service.SystemScopeService;
import org.mitre.uma.model.Permission; import org.mitre.uma.model.Permission;
import org.mitre.uma.model.ResourceSet; import org.mitre.uma.model.ResourceSet;
import org.mitre.uma.repository.PermissionRepository; import org.mitre.uma.repository.PermissionRepository;
import org.mitre.uma.service.PermissionService; import org.mitre.uma.service.PermissionService;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
/** /**
@ -37,11 +39,21 @@ public class DefaultPermissionService implements PermissionService {
@Autowired @Autowired
private PermissionRepository repository; private PermissionRepository repository;
@Autowired
private SystemScopeService scopeService;
/* (non-Javadoc) /* (non-Javadoc)
* @see org.mitre.uma.service.PermissionService#create(org.mitre.uma.model.ResourceSet, java.util.Set) * @see org.mitre.uma.service.PermissionService#create(org.mitre.uma.model.ResourceSet, java.util.Set)
*/ */
@Override @Override
public Permission create(ResourceSet resourceSet, Set<String> scopes) { public Permission create(ResourceSet resourceSet, Set<String> scopes) {
// check to ensure that the scopes requested are a subset of those in the resource set
if (!scopeService.scopesMatch(resourceSet.getScopes(), scopes)) {
throw new InsufficientScopeException("Scopes of resource set are not enough for requested permission.");
}
Permission p = new Permission(); Permission p = new Permission();
p.setResourceSet(resourceSet); p.setResourceSet(resourceSet);
p.setScopes(scopes); p.setScopes(scopes);