List of usage examples for org.springframework.security.oauth2.client.resource OAuth2AccessDeniedException OAuth2AccessDeniedException
public OAuth2AccessDeniedException(OAuth2ProtectedResourceDetails resource)
From source file:eu.trentorise.smartcampus.resourceprovider.filter.ResourceAuthenticationManager.java
/** * Check whether the access to the specific resource is granted. The The * resource is identified from the {@link ResourceCallAuthenticationToken} * fields {@link ResourceCallAuthenticationToken#getRequestPath()} and * {@link ResourceCallAuthenticationToken#getHttpMethod()}. * /*from ww w.j av a 2 s . com*/ * @param authentication * the authentication token object as instance of * {@link ResourceCallAuthenticationToken}. */ @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { assert authentication instanceof ResourceCallAuthenticationToken; ResourceCallAuthenticationToken rcAuth = (ResourceCallAuthenticationToken) authentication; String token = (String) rcAuth.getPrincipal(); OAuth2Authentication auth = loadAuthentication(token); if (auth == null) { throw new InvalidTokenException("Invalid token: " + token); } String resourceUri; try { resourceUri = getUriManager().getUriFromRequest(rcAuth.getRequestPath(), rcAuth.getHttpMethod(), auth.getAuthorities()); } catch (IOException e) { throw new OAuth2Exception("Problem accessing resource descriptor"); } String resourceID = resourceUri;// resourceStore.loadResourceByResourceUri(resourceUri); // test senza lettura db Collection<String> resourceIds = auth.getAuthorizationRequest().getScope(); if (resourceID == null || resourceIds.isEmpty() || !resourceIds.contains(resourceID)) { throw new OAuth2AccessDeniedException( "Invalid token does not contain resource id (" + resourceUri + ")"); } String authority = authServices.loadResourceAuthorityByResourceUri(resourceUri); if (ROLE_USER.equals(authority) && auth.isClientOnly()) { throw new OAuth2AccessDeniedException("Incorrect access method"); } if (ROLE_CLIENT.equals(authority) && !auth.isClientOnly()) { throw new OAuth2AccessDeniedException("Incorrect access method"); } auth.setDetails(authentication.getDetails()); return auth; }
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServices.java
private void validateClient(String clientId) throws AuthenticationException { if (clientId != null) { try {//from ww w . j av a2s . co m clientDetailsService.loadClientByClientId(clientId); } catch (NoSuchClientException x) { throw new OAuth2AccessDeniedException("Invalid client:" + clientId); } catch (ClientRegistrationException x) { throw new OAuth2AccessDeniedException("Invalid client:" + clientId); } catch (InvalidClientException x) { throw new OAuth2AccessDeniedException("Invalid client:" + clientId); } } }