1
2
3
4
5
6
7
8
9
10
11
12
13 package org.springframework.security.oauth2.provider.expression;
14
15 import java.util.Collection;
16 import java.util.Set;
17
18 import org.springframework.security.core.Authentication;
19 import org.springframework.security.core.GrantedAuthority;
20 import org.springframework.security.core.authority.AuthorityUtils;
21 import org.springframework.security.oauth2.provider.OAuth2Authentication;
22 import org.springframework.security.oauth2.provider.OAuth2Request;
23
24
25
26
27
28
29 public abstract class OAuth2ExpressionUtils {
30
31 public static boolean clientHasAnyRole(Authentication authentication, String... roles) {
32 if (authentication instanceof OAuth2Authentication) {
33 OAuth2Request clientAuthentication = ((OAuth2Authentication) authentication).getOAuth2Request();
34 Collection<? extends GrantedAuthority> clientAuthorities = clientAuthentication.getAuthorities();
35 if (clientAuthorities != null) {
36 Set<String> roleSet = AuthorityUtils.authorityListToSet(clientAuthorities);
37 for (String role : roles) {
38 if (roleSet.contains(role)) {
39 return true;
40 }
41 }
42 }
43 }
44
45 return false;
46 }
47
48 public static boolean isOAuth(Authentication authentication) {
49
50 if (authentication instanceof OAuth2Authentication) {
51 return true;
52 }
53
54 return false;
55 }
56
57 public static boolean isOAuthClientAuth(Authentication authentication) {
58
59 if (authentication instanceof OAuth2Authentication) {
60 return authentication.isAuthenticated() && ((OAuth2Authentication)authentication).isClientOnly();
61 }
62
63 return false;
64 }
65
66 public static boolean isOAuthUserAuth(Authentication authentication) {
67
68 if (authentication instanceof OAuth2Authentication) {
69 return authentication.isAuthenticated() && !((OAuth2Authentication)authentication).isClientOnly();
70 }
71
72 return false;
73 }
74
75 public static boolean hasAnyScope(Authentication authentication, String[] scopes) {
76
77 if (authentication instanceof OAuth2Authentication) {
78 OAuth2Request clientAuthentication = ((OAuth2Authentication) authentication).getOAuth2Request();
79 Collection<String> assigned = clientAuthentication.getScope();
80 if (assigned != null) {
81 for (String scope : scopes) {
82 if (assigned.contains(scope)) {
83 return true;
84 }
85 }
86 }
87 }
88
89 return false;
90 }
91
92 public static boolean hasAnyScopeMatching(Authentication authentication, String[] scopesRegex) {
93
94 if (authentication instanceof OAuth2Authentication) {
95 OAuth2Request clientAuthentication = ((OAuth2Authentication) authentication).getOAuth2Request();
96 for (String scope : clientAuthentication.getScope()) {
97 for (String regex : scopesRegex) {
98 if (scope.matches(regex)) {
99 return true;
100 }
101 }
102 }
103 }
104
105 return false;
106 }
107
108 }