OAuth2SecurityExpressionMethods (OAuth2 for Spring Security 1.1.0.BUILD-SNAPSHOT API)

概述

软件包

类

使用

树

已过时

索引

帮助

上一个类 下一个类

框架 无框架

摘要：嵌套 | 字段 | 构造方法 | 方法

详细信息：字段 | 构造方法 | 方法

org.springframework.security.oauth2.provider.expression
类 OAuth2SecurityExpressionMethods

java.lang.Object
  org.springframework.security.oauth2.provider.expression.OAuth2SecurityExpressionMethods

public class OAuth2SecurityExpressionMethods
extends Object
extends Object

A convenience object for security expressions in OAuth2 protected resources, providing public methods that act on the current authentication.

作者：: Dave Syer, Rob Winch

构造方法摘要
`OAuth2SecurityExpressionMethods(org.springframework.security.core.Authentication authentication, boolean throwExceptionOnInvalidScope)`

方法摘要
`boolean`	`clientHasAnyRole(String... roles)` Check if the OAuth2 client (not the user) has one of the roles specified.
`boolean`	`clientHasRole(String role)` Check if the OAuth2 client (not the user) has the role specified.
`boolean`	`denyOAuthClient()` Deny access to oauth requests, so used for example to only allow web UI users to access a resource.
`boolean`	`hasAnyScope(String... scopes)` Check if the current OAuth2 authentication has one of the scopes specified.
`boolean`	`hasScope(String scope)` Check if the current OAuth2 authentication has one of the scopes specified.
`boolean`	`isClient()` Check if the current authentication is acting as an authenticated client application not on behalf of a user.
`boolean`	`isUser()` Check if the current authentication is acting on behalf of an authenticated user.
`void`	`setThrowExceptionOnInvalidScope(boolean throwExceptionOnInvalidScope)` A flag to indicate that an exception should be thrown if a scope decision is negative.
`boolean`	`sufficientScope(boolean decision)` Check if any scope decisions have been denied in the current context and throw an exception if so.

从类 java.lang.Object 继承的方法
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

构造方法详细信息

OAuth2SecurityExpressionMethods

public OAuth2SecurityExpressionMethods(org.springframework.security.core.Authentication authentication,
                                       boolean throwExceptionOnInvalidScope)

方法详细信息

sufficientScope

public boolean sufficientScope(boolean decision)

Check if any scope decisions have been denied in the current context and throw an exception if so. Example usage:

 access = "#oauth2.sufficientScope(#oauth2.hasScope('read') or (#oauth2.hasScope('other') and hasRole('ROLE_USER')))"

参数：: decision - the existing access decision
返回：: true if the OAuth2 token has one of these scopes
抛出：: InsufficientScopeException - if the scope is invalid and we the flag is set to throw the exception

clientHasRole

public boolean clientHasRole(String role)

Check if the OAuth2 client (not the user) has the role specified. To check the user's roles see #hasRole(String).

参数：: role - the role to check
返回：: true if the OAuth2 client has this role

clientHasAnyRole

public boolean clientHasAnyRole(String... roles)

Check if the OAuth2 client (not the user) has one of the roles specified. To check the user's roles see #hasAnyRole(String).

参数：: roles - the roles to check
返回：: true if the OAuth2 client has one of these roles

hasScope

public boolean hasScope(String scope)

Check if the current OAuth2 authentication has one of the scopes specified.

参数：: scope - the scope to check
返回：: true if the OAuth2 authentication has the required scope

hasAnyScope

public boolean hasAnyScope(String... scopes)

Check if the current OAuth2 authentication has one of the scopes specified.

参数：: roles - the scopes to check
返回：: true if the OAuth2 token has one of these scopes
抛出：: org.springframework.security.access.AccessDeniedException - if the scope is invalid and we the flag is set to throw the exception

denyOAuthClient

public boolean denyOAuthClient()

Deny access to oauth requests, so used for example to only allow web UI users to access a resource.

返回：: true if the current authentication is not an OAuth2 type

isUser

public boolean isUser()

Check if the current authentication is acting on behalf of an authenticated user.

返回：: true if the current authentication represents a user

isClient

public boolean isClient()

Check if the current authentication is acting as an authenticated client application not on behalf of a user.

返回：: true if the current authentication represents a client application

setThrowExceptionOnInvalidScope

public void setThrowExceptionOnInvalidScope(boolean throwExceptionOnInvalidScope)

A flag to indicate that an exception should be thrown if a scope decision is negative.

参数：: throwExceptionOnInvalidScope - flag value (default true)

概述