OAuth2SecurityExpressionMethods (OAuth2 for Spring Security 1.0.1.RELEASE API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.oauth2.provider.expression
Class OAuth2SecurityExpressionMethods

java.lang.Object
  org.springframework.security.oauth2.provider.expression.OAuth2SecurityExpressionMethods

public class OAuth2SecurityExpressionMethods
extends Object
extends Object

A convenience object for security expressions in OAuth2 protected resources, providing public methods that act on the current authentication.

Author:: Dave Syer, Rob Winch

Constructor Summary
`OAuth2SecurityExpressionMethods(org.springframework.security.core.Authentication authentication, boolean throwExceptionOnInvalidScope)`

Method Summary
`boolean`	`clientHasAnyRole(String... roles)` Check if the OAuth2 client (not the user) has one of the roles specified.
`boolean`	`clientHasRole(String role)` Check if the OAuth2 client (not the user) has the role specified.
`boolean`	`denyOAuthClient()` Deny access to oauth requests, so used for example to only allow web UI users to access a resource.
`boolean`	`hasAnyScope(String... scopes)` Check if the current OAuth2 authentication has one of the scopes specified.
`boolean`	`hasScope(String scope)` Check if the current OAuth2 authentication has one of the scopes specified.
`boolean`	`isClient()` Check if the current authentication is acting as an authenticated client application not on behalf of a user.
`boolean`	`isUser()` Check if the current authentication is acting on behalf of an authenticated user.
`void`	`setThrowExceptionOnInvalidScope(boolean throwExceptionOnInvalidScope)` A flag to indicate that an exception should be thrown if a scope decision is negative.
`boolean`	`sufficientScope(boolean decision)` Check if any scope decisions have been denied in the current context and throw an exception if so.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

OAuth2SecurityExpressionMethods

public OAuth2SecurityExpressionMethods(org.springframework.security.core.Authentication authentication,
                                       boolean throwExceptionOnInvalidScope)

Method Detail

sufficientScope

public boolean sufficientScope(boolean decision)

Check if any scope decisions have been denied in the current context and throw an exception if so. Example usage:

 access = "#oauth2.sufficientScope(#oauth2.hasScope('read') or (#oauth2.hasScope('other') and hasRole('ROLE_USER')))"

Parameters:: decision - the existing access decision
Returns:: true if the OAuth2 token has one of these scopes
Throws:: InsufficientScopeException - if the scope is invalid and we the flag is set to throw the exception

clientHasRole

public boolean clientHasRole(String role)

Check if the OAuth2 client (not the user) has the role specified. To check the user's roles see #hasRole(String).

Parameters:: role - the role to check
Returns:: true if the OAuth2 client has this role

clientHasAnyRole

public boolean clientHasAnyRole(String... roles)

Check if the OAuth2 client (not the user) has one of the roles specified. To check the user's roles see #hasAnyRole(String).

Parameters:: roles - the roles to check
Returns:: true if the OAuth2 client has one of these roles

hasScope

public boolean hasScope(String scope)

Check if the current OAuth2 authentication has one of the scopes specified.

Parameters:: scope - the scope to check
Returns:: true if the OAuth2 authentication has the required scope

hasAnyScope

public boolean hasAnyScope(String... scopes)