View Javadoc
1   package org.springframework.security.oauth2.provider.request;
2   
3   import java.util.Set;
4   
5   import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
6   import org.springframework.security.oauth2.provider.AuthorizationRequest;
7   import org.springframework.security.oauth2.provider.ClientDetails;
8   import org.springframework.security.oauth2.provider.OAuth2RequestValidator;
9   import org.springframework.security.oauth2.provider.TokenRequest;
10  
11  /**
12   * Default implementation of {@link OAuth2RequestValidator}. 
13   * 
14   * @author Amanda Anganes
15   *
16   */
17  public class DefaultOAuth2RequestValidator implements OAuth2RequestValidator {
18  
19  	public void validateScope(AuthorizationRequest authorizationRequest, ClientDetails client) throws InvalidScopeException {
20  		validateScope(authorizationRequest.getScope(), client.getScope());
21  	}
22  
23  	public void validateScope(TokenRequest tokenRequest, ClientDetails client) throws InvalidScopeException {
24  		validateScope(tokenRequest.getScope(), client.getScope());
25  	}
26  	
27  	private void validateScope(Set<String> requestScopes, Set<String> clientScopes) {
28  
29  		if (clientScopes != null && !clientScopes.isEmpty()) {
30  			for (String scope : requestScopes) {
31  				if (!clientScopes.contains(scope)) {
32  					throw new InvalidScopeException("Invalid scope: " + scope, clientScopes);
33  				}
34  			}
35  		}
36  		
37  		if (requestScopes.isEmpty()) {
38  			throw new InvalidScopeException("Empty scope (either the client or the user is not allowed the requested scopes)");
39  		}
40  	}
41  
42  }