001/*******************************************************************************
002 * Copyright 2018 The MIT Internet Trust Consortium
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *   http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *******************************************************************************/
016
017package org.mitre.oauth2.introspectingfilter.service.impl;
018
019import java.util.ArrayList;
020import java.util.List;
021import java.util.Set;
022
023import org.mitre.oauth2.introspectingfilter.service.IntrospectionAuthorityGranter;
024import org.springframework.security.core.GrantedAuthority;
025import org.springframework.security.core.authority.AuthorityUtils;
026import org.springframework.security.core.authority.SimpleGrantedAuthority;
027import org.springframework.security.oauth2.common.util.OAuth2Utils;
028
029import com.google.gson.JsonObject;
030
031/**
032 * @author jricher
033 *
034 */
035public class ScopeBasedIntrospectionAuthoritiesGranter implements IntrospectionAuthorityGranter {
036
037        private List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_API");
038
039        /* (non-Javadoc)
040         * @see org.mitre.oauth2.introspectingfilter.IntrospectionAuthorityGranter#getAuthorities(net.minidev.json.JSONObject)
041         */
042        @Override
043        public List<GrantedAuthority> getAuthorities(JsonObject introspectionResponse) {
044                List<GrantedAuthority> auth = new ArrayList<>(getAuthorities());
045
046                if (introspectionResponse.has("scope") && introspectionResponse.get("scope").isJsonPrimitive()) {
047                        String scopeString = introspectionResponse.get("scope").getAsString();
048                        Set<String> scopes = OAuth2Utils.parseParameterList(scopeString);
049                        for (String scope : scopes) {
050                                auth.add(new SimpleGrantedAuthority("OAUTH_SCOPE_" + scope));
051                        }
052                }
053
054                return auth;
055        }
056
057        /**
058         * @return the authorities
059         */
060        public List<GrantedAuthority> getAuthorities() {
061                return authorities;
062        }
063
064        /**
065         * @param authorities the authorities to set
066         */
067        public void setAuthorities(List<GrantedAuthority> authorities) {
068                this.authorities = authorities;
069        }
070
071}