View Javadoc
1   package org.springframework.security.oauth2.common.exceptions;
2   
3   import java.util.Set;
4   
5   import org.springframework.security.access.AccessDeniedException;
6   import org.springframework.security.oauth2.common.util.OAuth2Utils;
7   
8   /**
9    * Exception representing insufficient scope in a token when a request is handled by a Resource Server. It is akin to an
10   * {@link AccessDeniedException} and should result in a 403 (FORBIDDEN) HTTP status.
11   * 
12   * @author Dave Syer
13   */
14  @SuppressWarnings("serial")
15  public class InsufficientScopeException extends OAuth2Exception {
16  
17  	public InsufficientScopeException(String msg, Set<String> validScope) {
18  		this(msg);
19  		addAdditionalInformation("scope", OAuth2Utils.formatParameterList(validScope));
20  	}
21  
22  	public InsufficientScopeException(String msg) {
23  		super(msg);
24  	}
25  
26  	@Override
27  	public int getHttpErrorCode() {
28  		return 403;
29  	}
30  
31  	@Override
32  	public String getOAuth2ErrorCode() {
33  		// Not defined in the spec, so not really an OAuth2Exception
34  		return "insufficient_scope";
35  	}
36  
37  }