org.springframework.security.oauth2.provider.vote.ClientScopeVoter Maven / Gradle / Ivy
package org.springframework.security.oauth2.provider.vote;
import java.util.Collection;
import java.util.Set;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
/**
* This voter checks scope in request is consistent with that held by the client. If there is no user in the request
* (client_credentials grant) it checks against authorities of client instead of scopes by default. Activate by adding
* CLIENT_HAS_SCOPE
to security attributes.
*
* @author Dave Syer
*
*/
public class ClientScopeVoter implements AccessDecisionVoter