OAuth2SecurityExpressionMethods (OAuth for Spring Security 2.4.0.BUILD-SNAPSHOT API)

java.lang.Object
- org.springframework.security.oauth2.provider.expression.OAuth2SecurityExpressionMethods

```
public class OAuth2SecurityExpressionMethods
extends Object
```
A convenience object for security expressions in OAuth2 protected resources, providing public methods that act on the current authentication.

Author:

Dave Syer, Rob Winch, Radek Ostrowski

Constructor Summary

Constructors
Constructor and Description

OAuth2SecurityExpressionMethods(org.springframework.security.core.Authentication authentication)

Constructors
Constructor and Description
`OAuth2SecurityExpressionMethods(org.springframework.security.core.Authentication authentication)`

Method Summary

Methods
Modifier and Type	Method and Description
`boolean`	`clientHasAnyRole(String... roles)` Check if the OAuth2 client (not the user) has one of the roles specified.
`boolean`	`clientHasRole(String role)` Check if the OAuth2 client (not the user) has the role specified.
`boolean`	`denyOAuthClient()` Deny access to oauth requests, so used for example to only allow web UI users to access a resource.
`boolean`	`hasAnyScope(String... scopes)` Check if the current OAuth2 authentication has one of the scopes specified.
`boolean`	`hasAnyScopeMatching(String... scopesRegex)` Check if the current OAuth2 authentication has one of the scopes matching a specified regex expression.
`boolean`	`hasScope(String scope)` Check if the current OAuth2 authentication has the scope specified.
`boolean`	`hasScopeMatching(String scopeRegex)` Check if the current OAuth2 authentication has one of the scopes matching a specified regex expression.
`boolean`	`isClient()` Check if the current authentication is acting as an authenticated client application not on behalf of a user.
`boolean`	`isOAuth()` Permit access to oauth requests, so used for example to only allow machine clients to access a resource.
`boolean`	`isUser()` Check if the current authentication is acting on behalf of an authenticated user.
`boolean`	`throwOnError(boolean decision)` Check if any scope decisions have been denied in the current context and throw an exception if so.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - OAuth2SecurityExpressionMethods
```
public OAuth2SecurityExpressionMethods(org.springframework.security.core.Authentication authentication)
```
- Method Detail
  - throwOnError
```
public boolean throwOnError(boolean decision)
```
    Check if any scope decisions have been denied in the current context and throw an exception if so. This method automatically wraps any expressions when using OAuth2MethodSecurityExpressionHandler or OAuth2WebSecurityExpressionHandler. OAuth2Example usage:
```
 access = "#oauth2.hasScope('read') or (#oauth2.hasScope('other') and hasRole('ROLE_USER'))"
 
```
    Will automatically be wrapped to ensure that explicit errors are propagated rather than a generic error when returning false:
```
 access = "#oauth2.throwOnError(#oauth2.hasScope('read') or (#oauth2.hasScope('other') and hasRole('ROLE_USER'))"
 
```
    N.B. normally this method will be automatically wrapped around all your access expressions. You could use it explicitly to get more control, or if you have registered your own ExpressionParser you might need it.
    Parameters:
    decision - the existing access decision
    
    Returns:
    true if the OAuth2 token has one of these scopes
    
    Throws:
    
    InsufficientScopeException - if the scope is invalid and we the flag is set to throw the exception
  - clientHasRole
```
public boolean clientHasRole(String role)
```
    Check if the OAuth2 client (not the user) has the role specified. To check the user's roles see clientHasRole(String).
    
    Parameters:
    role - the role to check
    
    Returns:
    true if the OAuth2 client has this role
  - clientHasAnyRole
```
public boolean clientHasAnyRole(String... roles)
```
    Check if the OAuth2 client (not the user) has one of the roles specified. To check the user's roles see clientHasAnyRole(String...).
    
    Parameters:
    roles - the roles to check
    
    Returns:
    true if the OAuth2 client has one of these roles
  - hasScope
```
public boolean hasScope(String scope)
```
    Check if the current OAuth2 authentication has the scope specified.
    
    Parameters:
    scope - the scope to check
    
    Returns:
    true if the OAuth2 authentication has the required scope
  - hasAnyScope
```
public boolean hasAnyScope(String... scopes)
```
    Check if the current OAuth2 authentication has one of the scopes specified.
    
    Parameters:
    scopes - the scopes to check
    
    Returns:
    true if the OAuth2 token has one of these scopes
    
    Throws:
    
    org.springframework.security.access.AccessDeniedException - if the scope is invalid and we the flag is set to throw the exception
  - hasScopeMatching
```
public boolean hasScopeMatching(String scopeRegex)
```
    Check if the current OAuth2 authentication has one of the scopes matching a specified regex expression.
```
 access = "#oauth2.hasScopeMatching('.*_admin:manage_scopes')))"
 
```
    Parameters:
    scopeRegex - the scope regex to match
    
    Returns:
    true if the OAuth2 authentication has the required scope
  - hasAnyScopeMatching
```
public boolean hasAnyScopeMatching(String... scopesRegex)
```
    Check if the current OAuth2 authentication has one of the scopes matching a specified regex expression.
```
 access = "#oauth2.hasAnyScopeMatching('admin:manage_scopes','.*_admin:manage_scopes','.*_admin:read_scopes')))"
 
```
    Parameters:
    scopesRegex - the scopes regex to match
    
    Returns:
    true if the OAuth2 token has one of these scopes
    
    Throws:
    
    org.springframework.security.access.AccessDeniedException - if the scope is invalid and we the flag is set to throw the exception
  - denyOAuthClient
```
public boolean denyOAuthClient()
```
    Deny access to oauth requests, so used for example to only allow web UI users to access a resource.
    
    Returns:
    true if the current authentication is not an OAuth2 type
  - isOAuth
```
public boolean isOAuth()
```
    Permit access to oauth requests, so used for example to only allow machine clients to access a resource.
    
    Returns:
    true if the current authentication is not an OAuth2 type
  - isUser
```
public boolean isUser()
```
    Check if the current authentication is acting on behalf of an authenticated user.
    
    Returns:
    true if the current authentication represents a user
  - isClient
```
public boolean isClient()
```
    Check if the current authentication is acting as an authenticated client application not on behalf of a user.
    
    Returns:
    true if the current authentication represents a client application

Class OAuth2SecurityExpressionMethods

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

OAuth2SecurityExpressionMethods

Method Detail

throwOnError

clientHasRole

clientHasAnyRole

hasScope

hasAnyScope

hasScopeMatching

hasAnyScopeMatching

denyOAuthClient

isOAuth

isUser

isClient