Example usage for org.springframework.security.oauth2.client.resource OAuth2AccessDeniedException OAuth2AccessDeniedException

List of usage examples for org.springframework.security.oauth2.client.resource OAuth2AccessDeniedException OAuth2AccessDeniedException

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.oauth2.client.resource.*
  5. OAuth2AccessDeniedException
  6. OAuth2AccessDeniedException

Introduction

In this page you can find the example usage for org.springframework.security.oauth2.client.resource OAuth2AccessDeniedException OAuth2AccessDeniedException.

Prototype

public OAuth2AccessDeniedException(OAuth2ProtectedResourceDetails resource)

Source Link

Usage

From source file:eu.trentorise.smartcampus.resourceprovider.filter.ResourceAuthenticationManager.java

/**
 * Check whether the access to the specific resource is granted. The The
 * resource is identified from the {@link ResourceCallAuthenticationToken}
 * fields {@link ResourceCallAuthenticationToken#getRequestPath()} and
 * {@link ResourceCallAuthenticationToken#getHttpMethod()}.
 * /*from  ww w.j av  a  2 s .  com*/
 * @param authentication
 *            the authentication token object as instance of
 *            {@link ResourceCallAuthenticationToken}.
 */
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {

    assert authentication instanceof ResourceCallAuthenticationToken;
    ResourceCallAuthenticationToken rcAuth = (ResourceCallAuthenticationToken) authentication;

    String token = (String) rcAuth.getPrincipal();
    OAuth2Authentication auth = loadAuthentication(token);

    if (auth == null) {
        throw new InvalidTokenException("Invalid token: " + token);
    }

    String resourceUri;
    try {
        resourceUri = getUriManager().getUriFromRequest(rcAuth.getRequestPath(), rcAuth.getHttpMethod(),
                auth.getAuthorities());
    } catch (IOException e) {
        throw new OAuth2Exception("Problem accessing resource descriptor");
    }

    String resourceID = resourceUri;// resourceStore.loadResourceByResourceUri(resourceUri);
    // test senza lettura db

    Collection<String> resourceIds = auth.getAuthorizationRequest().getScope();

    if (resourceID == null || resourceIds.isEmpty() || !resourceIds.contains(resourceID)) {
        throw new OAuth2AccessDeniedException(
                "Invalid token does not contain resource id (" + resourceUri + ")");
    }

    String authority = authServices.loadResourceAuthorityByResourceUri(resourceUri);
    if (ROLE_USER.equals(authority) && auth.isClientOnly()) {
        throw new OAuth2AccessDeniedException("Incorrect access method");
    }
    if (ROLE_CLIENT.equals(authority) && !auth.isClientOnly()) {
        throw new OAuth2AccessDeniedException("Incorrect access method");
    }

    auth.setDetails(authentication.getDetails());

    return auth;
}

From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServices.java

private void validateClient(String clientId) throws AuthenticationException {
    if (clientId != null) {
        try {//from   ww w  . j  av  a2s  . co  m
            clientDetailsService.loadClientByClientId(clientId);
        } catch (NoSuchClientException x) {
            throw new OAuth2AccessDeniedException("Invalid client:" + clientId);
        } catch (ClientRegistrationException x) {
            throw new OAuth2AccessDeniedException("Invalid client:" + clientId);
        } catch (InvalidClientException x) {
            throw new OAuth2AccessDeniedException("Invalid client:" + clientId);
        }
    }
}