added scope-based authorities granter for introspections services, closes mitreid-connect#835

Author: jricher

openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/impl/ScopeBasedIntrospectionAuthoritiesGranter.java

@@ -0,0 +1,72 @@
+/*******************************************************************************
+ * Copyright 2015 The MITRE Corporation
+ * and the MIT Kerberos and Internet Trust Consortium
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *******************************************************************************/
+
+package org.mitre.oauth2.introspectingfilter.service.impl;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+
+import org.mitre.oauth2.introspectingfilter.service.IntrospectionAuthorityGranter;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.oauth2.common.util.OAuth2Utils;
+
+import com.google.gson.JsonObject;
+
+/**
+ * @author jricher
+ *
+ */
+public class ScopeBasedIntrospectionAuthoritiesGranter implements IntrospectionAuthorityGranter {
+
+private List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_API");
+
+/* (non-Javadoc)
+ * @see org.mitre.oauth2.introspectingfilter.IntrospectionAuthorityGranter#getAuthorities(net.minidev.json.JSONObject)
+ */
+@Override
+public List<GrantedAuthority> getAuthorities(JsonObject introspectionResponse) {
+List<GrantedAuthority> auth = new ArrayList<>(getAuthorities());
+
+if (introspectionResponse.has("scope") && introspectionResponse.get("scope").isJsonPrimitive()) {
+String scopeString = introspectionResponse.get("scope").getAsString();
+Set<String> scopes = OAuth2Utils.parseParameterList(scopeString);
+for (String scope : scopes) {
+auth.add(new SimpleGrantedAuthority("OAUTH_SCOPE_" + scope));
+}
+}
+
+return auth;
+}
+
+/**
+ * @return the authorities
+ */
+public List<GrantedAuthority> getAuthorities() {
+return authorities;
+}
+
+/**
+ * @param authorities the authorities to set
+ */
+public void setAuthorities(List<GrantedAuthority> authorities) {
+this.authorities = authorities;
+}
+
+}

openid-connect-client/src/test/java/org/mitre/oauth2/introspectingfilter/service/impl/TestScopeBasedIntrospectionAuthoritiesGranter.java

@@ -0,0 +1,85 @@
+/*******************************************************************************
+ * Copyright 2015 The MITRE Corporation
+ * and the MIT Kerberos and Internet Trust Consortium
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *******************************************************************************/
+
+package org.mitre.oauth2.introspectingfilter.service.impl;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+
+import com.google.gson.JsonObject;
+
+import static org.junit.Assert.assertTrue;
+
+/**
+ * @author jricher
+ *
+ */
+public class TestScopeBasedIntrospectionAuthoritiesGranter {
+
+private JsonObject introspectionResponse;
+
+private ScopeBasedIntrospectionAuthoritiesGranter granter = new ScopeBasedIntrospectionAuthoritiesGranter();
+
+/**
+ * @throws java.lang.Exception
+ */
+@Before
+public void setUp() throws Exception {
+introspectionResponse = new JsonObject();
+}
+
+/**
+ * Test method for {@link org.mitre.oauth2.introspectingfilter.service.impl.ScopeBasedIntrospectionAuthoritiesGranter#getAuthorities(com.google.gson.JsonObject)}.
+ */
+@Test
+public void testGetAuthoritiesJsonObject_withScopes() {
+introspectionResponse.addProperty("scope", "foo bar baz batman");
+
+List<GrantedAuthority> expected = new ArrayList<>();
+expected.add(new SimpleGrantedAuthority("ROLE_API"));
+expected.add(new SimpleGrantedAuthority("OAUTH_SCOPE_foo"));
+expected.add(new SimpleGrantedAuthority("OAUTH_SCOPE_bar"));
+expected.add(new SimpleGrantedAuthority("OAUTH_SCOPE_baz"));
+expected.add(new SimpleGrantedAuthority("OAUTH_SCOPE_batman"));
+
+List<GrantedAuthority> authorities = granter.getAuthorities(introspectionResponse);
+
+assertTrue(authorities.containsAll(expected));
+assertTrue(expected.containsAll(authorities));
+}
+
+/**
+ * Test method for {@link org.mitre.oauth2.introspectingfilter.service.impl.ScopeBasedIntrospectionAuthoritiesGranter#getAuthorities(com.google.gson.JsonObject)}.
+ */
+@Test
+public void testGetAuthoritiesJsonObject_withoutScopes() {
+
+List<GrantedAuthority> expected = new ArrayList<>();
+expected.add(new SimpleGrantedAuthority("ROLE_API"));
+
+List<GrantedAuthority> authorities = granter.getAuthorities(introspectionResponse);
+
+assertTrue(authorities.containsAll(expected));
+assertTrue(expected.containsAll(authorities));
+}
+
+}