java - Spring OAuth2 checkUserScopes is not working as expected -


first of all, according spring doc , if want map user roles scopes, should use setcheckuserscopes(true) defaultoauth2requestfactory. 1 way this, injecting own defaultoauth2requestfactory bean, doc says: 

the authorizationserverendpointsconfigurer allows inject custom oauth2requestfactory can use feature set factory if use @enableauthorizationserver.

then do

@configuration @enableauthorizationserver public class oauth2authorizationserverconfig extends         authorizationserverconfigureradapter {      ...      @override     public void configure(authorizationserverendpointsconfigurer endpoints)             throws exception {         endpoints.authenticationmanager(authenticationmanager)                 .tokenstore(tokenstore)                 .tokenservices(tokenservices());         endpoints             .getoauth2requestfactory(); // doesn't return me own defaultoauth2requestfactory       }      @bean     @primary     public oauth2requestfactory defaultoauth2requestfactory() {         defaultoauth2requestfactory defaultoauth2requestfactory = new defaultoauth2requestfactory(                 clientdetailsservice);         defaultoauth2requestfactory.setcheckuserscopes(true);         return defaultoauth2requestfactory;     } }

edit

i've overlooked method requestfactory() authorizationserverendpointsconfigurer. correct way pass spring security. setting oauth2requestfactory bean primary didn't work. i've deleted things focus on real problem:

after observation, actual problem:

as understand, if user has authorities , b, , app has scope a, gets 'a' scope. not happening. happening if app has scope a, , app (not user) has authorities , b, user gets a. doesn't make sense. defaultoauth2requestfactory method resolve user's scopes:

private set<string> extractscopes(map<string, string> requestparameters, string clientid) {     ... // avoid unimportant lines not make post long     if ((scopes == null || scopes.isempty())) {         scopes = clientdetails.getscope();     }      if (checkuserscopes) {         scopes = checkuserscopes(scopes, clientdetails);     }     return scopes; }  private set<string> checkuserscopes(set<string> scopes, clientdetails clientdetails) {     if (!securitycontextaccessor.isuser()) {         return scopes;     }     set<string> result = new linkedhashset<string>();     set<string> authorities = authorityutils.authoritylisttoset(securitycontextaccessor.getauthorities());     (string scope : scopes) {         if (authorities.contains(scope) || authorities.contains(scope.touppercase())                 || authorities.contains("role_" + scope.touppercase())) {             result.add(scope);         }     }     return result; }

is bug? please tell me if wrong. regards

you need wire oauth2requestfactory code like here.

if authorities set clientdetailsservice should good. if looking map logged-in user authorities don't have luck there either.


Comments

Post a Comment

Popular posts from this blog

javascript - Using jquery append to add option values into a select element not working -

i'm looking dynamically populate select element names of items stored array. for reason it's not working , i'm not sure why. html: <div class="col-md-4 col-md-offset-4"> <select class="select1"> </select> , <select class="select2"> </select> </div> note i'm using bootstrap layout. here's jquery i'm using try , populate ".select1" jquery: select: function() { $.each(state.greens, function(index, value) { $(".select1").append("<option value =' " + index + " '>" + state.greens[index].name + "</option>"); }); } note function 'select' stored within object called 'display'. state.greens name of array i'm trying access. so @ end of html page call display.select(); call function. no error messages showing in console. also, saw question: appending
Read more

Android soft keyboard reverts to default keyboard on orientation change -

i'm building android soft keyboard , can't seem fix bug - have arabic , qwerty keyboard , when rotate device on qwerty keyboard (or arabic shift), it's if program has "restarted" , becomes arabic keyboard without shift. the onsaveinstancestate(bundle savedinstancestate) not work because application not extend activity inputmethodservice . i put following in android manifest android:configchanges="keyboard|keyboardhidden|orientation" android:windowsoftinputmode="stateunchanged|adjustresize"> i tried using @override public void onconfigurationchanged(configuration newconfig) { super.onconfigurationchanged(newconfig); log.i(mydebug, "config changed " + currentkeyboard.equals(qwerty)); } however, currentkeyboard.equals(qwerty)) results false , made sure true before orientation change. any appreciated. i think applications fault. if application restarting on orientation change
Read more

Rendering JButton to get the JCheckBox behavior in a JTable by using images does not update my table -

i rendering jbutton image on simulate jcheckbox behavior. why don't let jtable render jcheckbox? because need bigger checkboxes , there's no way can resize them (as far know). so, have own table cell renderer , editor. both renders jbutton , checkbox images on them. trying change image checked image unchecked image (or vice versa) , update cell value (boolean true or false). however, reason, getcelleditorvalue() not update table. so, release mouse, value goes original one. any appreciated! lot! public class tableexample extends jframe { jscrollpane pane; jpanel panel; jtable table; object[][] data; mytablemodel tm; renderer buttoncolumn; public tableexample(object[][] data) throws ioexception { string[] columns = {"column#1", "column#2", "column#3", "column#4", "column#5", "column#6"}; this.data = data; this.setpreferredsize(new dimension(700, 500));
Read more