View Javadoc
1   /*
2    * Copyright 2006-2011 the original author or authors.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
5    * the License. You may obtain a copy of the License at
6    * 
7    * https://www.apache.org/licenses/LICENSE-2.0
8    * 
9    * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
10   * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
11   * specific language governing permissions and limitations under the License.
12   */
13  package org.springframework.security.oauth2.provider.expression;
14  
15  import java.util.Collection;
16  import java.util.Set;
17  
18  import org.springframework.security.core.Authentication;
19  import org.springframework.security.core.GrantedAuthority;
20  import org.springframework.security.core.authority.AuthorityUtils;
21  import org.springframework.security.oauth2.provider.OAuth2Authentication;
22  import org.springframework.security.oauth2.provider.OAuth2Request;
23  
24  /**
25   * @author Dave Syer
26   * @author Radek Ostrowski
27   * 
28   */
29  public abstract class OAuth2ExpressionUtils {
30  
31  	public static boolean clientHasAnyRole(Authentication authentication, String... roles) {
32  		if (authentication instanceof OAuth2Authentication) {
33  			OAuth2Request clientAuthentication = ((OAuth2Authentication) authentication).getOAuth2Request();
34  			Collection<? extends GrantedAuthority> clientAuthorities = clientAuthentication.getAuthorities();
35  			if (clientAuthorities != null) {
36  				Set<String> roleSet = AuthorityUtils.authorityListToSet(clientAuthorities);
37  				for (String role : roles) {
38  					if (roleSet.contains(role)) {
39  						return true;
40  					}
41  				}
42  			}
43  		}
44  	
45  		return false;
46  	}
47  
48  	public static boolean isOAuth(Authentication authentication) {
49  		
50  		if (authentication instanceof OAuth2Authentication) {
51  			return true;
52  		}
53  	
54  		return false;
55  	}
56  
57  	public static boolean isOAuthClientAuth(Authentication authentication) {
58  		
59  		if (authentication instanceof OAuth2Authentication) {
60  			return authentication.isAuthenticated() && ((OAuth2Authentication)authentication).isClientOnly();
61  		}
62  	
63  		return false;
64  	}
65  
66  	public static boolean isOAuthUserAuth(Authentication authentication) {
67  		
68  		if (authentication instanceof OAuth2Authentication) {
69  			return authentication.isAuthenticated() && !((OAuth2Authentication)authentication).isClientOnly();
70  		}
71  	
72  		return false;
73  	}
74  
75  	public static boolean hasAnyScope(Authentication authentication, String[] scopes) {
76  
77  		if (authentication instanceof OAuth2Authentication) {
78  			OAuth2Request clientAuthentication = ((OAuth2Authentication) authentication).getOAuth2Request();
79  			Collection<String> assigned = clientAuthentication.getScope();
80  			if (assigned != null) {
81  				for (String scope : scopes) {
82  					if (assigned.contains(scope)) {
83  						return true;
84  					}
85  				}
86  			}
87  		}
88  	
89  		return false;
90  	}
91  
92  	public static boolean hasAnyScopeMatching(Authentication authentication, String[] scopesRegex) {
93  
94  		if (authentication instanceof OAuth2Authentication) {
95  			OAuth2Request clientAuthentication = ((OAuth2Authentication) authentication).getOAuth2Request();
96  			for (String scope : clientAuthentication.getScope()) {
97  				for (String regex : scopesRegex) {
98  					if (scope.matches(regex)) {
99  						return true;
100 					}
101 				}
102 			}
103 		}
104 
105 		return false;
106 	}
107 
108 }