|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.security.oauth2.provider.expression.OAuth2SecurityExpressionMethods
public class OAuth2SecurityExpressionMethods
A convenience object for security expressions in OAuth2 protected resources, providing public methods that act on the current authentication.
Constructor Summary | |
---|---|
OAuth2SecurityExpressionMethods(org.springframework.security.core.Authentication authentication,
boolean throwExceptionOnInvalidScope)
|
Method Summary | |
---|---|
boolean |
clientHasAnyRole(String... roles)
Check if the OAuth2 client (not the user) has one of the roles specified. |
boolean |
clientHasRole(String role)
Check if the OAuth2 client (not the user) has the role specified. |
boolean |
denyOAuthClient()
Deny access to oauth requests, so used for example to only allow web UI users to access a resource. |
boolean |
hasAnyScope(String... scopes)
Check if the current OAuth2 authentication has one of the scopes specified. |
boolean |
hasScope(String scope)
Check if the current OAuth2 authentication has one of the scopes specified. |
boolean |
isClient()
Check if the current authentication is acting as an authenticated client application not on behalf of a user. |
boolean |
isUser()
Check if the current authentication is acting on behalf of an authenticated user. |
void |
setThrowExceptionOnInvalidScope(boolean throwExceptionOnInvalidScope)
A flag to indicate that an exception should be thrown if a scope decision is negative. |
boolean |
sufficientScope(boolean decision)
Check if any scope decisions have been denied in the current context and throw an exception if so. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public OAuth2SecurityExpressionMethods(org.springframework.security.core.Authentication authentication, boolean throwExceptionOnInvalidScope)
Method Detail |
---|
public boolean sufficientScope(boolean decision)
access = "#oauth2.sufficientScope(#oauth2.hasScope('read') or (#oauth2.hasScope('other') and hasRole('ROLE_USER')))"
decision
- the existing access decision
InsufficientScopeException
- if the scope is invalid and we the flag is set to throw the exceptionpublic boolean clientHasRole(String role)
#hasRole(String)
.
role
- the role to check
public boolean clientHasAnyRole(String... roles)
#hasAnyRole(String)
.
roles
- the roles to check
public boolean hasScope(String scope)
scope
- the scope to check
public boolean hasAnyScope(String... scopes)
roles
- the scopes to check
org.springframework.security.access.AccessDeniedException
- if the scope is invalid and we the flag is set to throw the exceptionpublic boolean denyOAuthClient()
public boolean isUser()
public boolean isClient()
public void setThrowExceptionOnInvalidScope(boolean throwExceptionOnInvalidScope)
throwExceptionOnInvalidScope
- flag value (default true)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |