1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.springframework.security.oauth.provider.attributes;
18
19 import org.springframework.security.core.Authentication;
20 import org.springframework.security.core.GrantedAuthority;
21 import org.springframework.security.access.AccessDecisionVoter;
22 import org.springframework.security.access.ConfigAttribute;
23 import org.springframework.security.oauth.provider.OAuthAuthenticationDetails;
24
25 import java.util.List;
26 import java.util.Collection;
27
28
29
30
31
32 public class ConsumerSecurityVoter implements AccessDecisionVoter<Object> {
33
34
35
36
37
38
39
40 public boolean supports(ConfigAttribute attribute) {
41 return attribute instanceof ConsumerSecurityConfig;
42 }
43
44
45
46
47
48
49
50 public boolean supports(Class<?> clazz) {
51 return true;
52 }
53
54
55
56
57
58
59
60
61
62 public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) {
63 int result = ACCESS_ABSTAIN;
64
65 if (authentication.getDetails() instanceof OAuthAuthenticationDetails) {
66 OAuthAuthenticationDetails/springframework/security/oauth/provider/OAuthAuthenticationDetails.html#OAuthAuthenticationDetails">OAuthAuthenticationDetails details = (OAuthAuthenticationDetails) authentication.getDetails();
67 for (Object configAttribute : configAttributes) {
68 ConfigAttribute attribute = (ConfigAttribute) configAttribute;
69
70 if (ConsumerSecurityConfig.PERMIT_ALL_ATTRIBUTE.equals(attribute)) {
71 return ACCESS_GRANTED;
72 }
73 else if (ConsumerSecurityConfig.DENY_ALL_ATTRIBUTE.equals(attribute)) {
74 return ACCESS_DENIED;
75 }
76 else if (supports(attribute)) {
77 ConsumerSecurityConfig./org/springframework/security/oauth/provider/attributes/ConsumerSecurityConfig.html#ConsumerSecurityConfig">ConsumerSecurityConfig config = (ConsumerSecurityConfig) attribute;
78 if ((config.getSecurityType() == ConsumerSecurityConfig.ConsumerSecurityType.CONSUMER_KEY)
79 && (config.getAttribute().equals(details.getConsumerDetails().getConsumerKey()))) {
80 return ACCESS_GRANTED;
81 }
82 else if (config.getSecurityType() == ConsumerSecurityConfig.ConsumerSecurityType.CONSUMER_ROLE) {
83 List<GrantedAuthority> authorities = details.getConsumerDetails().getAuthorities();
84 if (authorities != null) {
85 for (GrantedAuthority authority : authorities) {
86 if (authority.getAuthority().equals(config.getAttribute())) {
87 return ACCESS_GRANTED;
88 }
89 }
90 }
91 }
92 }
93 }
94 }
95
96 return result;
97 }
98 }