public List<Permission> getPermissions() { if (this.authzToken == null) { return Collections.emptyList(); } Authorization authorization = this.authzToken.getAuthorization(); if (authorization == null) { return Collections.emptyList(); } return Collections.unmodifiableList(new ArrayList<>(authorization.getPermissions())); }
public boolean hasScopePermission(String scopeName) { if (this.authzToken == null) { return false; } Authorization authorization = this.authzToken.getAuthorization(); if (authorization == null) { return false; } for (Permission permission : authorization.getPermissions()) { if (permission.getScopes().contains(scopeName)) { return true; } } return false; }
public boolean hasPermission(String resourceName, String scopeName) { if (this.authzToken == null) { return false; } Authorization authorization = this.authzToken.getAuthorization(); if (authorization == null) { return false; } for (Permission permission : authorization.getPermissions()) { if (resourceName.equalsIgnoreCase(permission.getResourceName()) || resourceName.equalsIgnoreCase(permission.getResourceId())) { if (scopeName == null) { return true; } if (permission.getScopes().contains(scopeName)) { return true; } } } if (current != null) { if (current.getName().equals(resourceName)) { return true; } } return false; }
@Override protected boolean isAuthorized(PathConfig pathConfig, PolicyEnforcerConfig.MethodConfig methodConfig, AccessToken accessToken, OIDCHttpFacade httpFacade, Map<String, List<String>> claims) { AccessToken original = accessToken; if (super.isAuthorized(pathConfig, methodConfig, accessToken, httpFacade, claims)) { return true; } accessToken = requestAuthorizationToken(pathConfig, methodConfig, httpFacade, claims); if (accessToken == null) { return false; } AccessToken.Authorization authorization = original.getAuthorization(); if (authorization == null) { authorization = new AccessToken.Authorization(); authorization.setPermissions(new ArrayList<Permission>()); } AccessToken.Authorization newAuthorization = accessToken.getAuthorization(); if (newAuthorization != null) { Collection<Permission> grantedPermissions = authorization.getPermissions(); Collection<Permission> newPermissions = newAuthorization.getPermissions(); for (Permission newPermission : newPermissions) { if (!grantedPermissions.contains(newPermission)) { grantedPermissions.add(newPermission); } } } original.setAuthorization(authorization); return super.isAuthorized(pathConfig, methodConfig, accessToken, httpFacade, claims); }
AuthorizationRequest authzRequest = new AuthorizationRequest(); if (isBearerAuthorization(httpFacade) || accessToken.getAuthorization() != null) { authzRequest.addPermission(pathConfig.getId(), methodConfig.getScopes()); if (accessToken.getAuthorization() != null) { authzRequest.setRpt(accessTokenString);
Authorization authorization = accessToken.getAuthorization();