Skip to content

Commit

Permalink
AuthZEN - fixed bug with client's scope check
Browse files Browse the repository at this point in the history 
Signed-off-by: YuriyZ <[email protected]>
  • Loading branch information
@yuriyz
yuriyz committed Nov 8, 2024
1 parent e22df90 commit 6ec6bd6
Showing 1 changed file with 9 additions and 2 deletions.
11 changes: 9 additions & 2 deletions ...-server/server/src/main/java/io/jans/as/server/authzen/ws/rs/AccessEvaluationService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
import io.jans.as.server.model.common.AuthorizationGrant;
import io.jans.as.server.model.common.ExecutionContext;
import io.jans.as.server.service.ClientService;
import io.jans.as.server.service.ScopeService;
import io.jans.as.server.service.external.ExternalAccessEvaluationService;
import io.jans.as.server.service.token.TokenService;
import io.jans.model.authzen.AccessEvaluationRequest;
Expand All @@ -18,11 +19,13 @@
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.ArrayUtils;
import org.slf4j.Logger;

import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;

import static org.apache.commons.lang3.BooleanUtils.isTrue;

Expand Down Expand Up @@ -55,6 +58,9 @@ public class AccessEvaluationService {
@Inject
private AppConfiguration appConfiguration;

@Inject
private ScopeService scopeService;

public AccessEvaluationResponse evaluation(AccessEvaluationRequest request, ExecutionContext executionContext) {
errorResponseFactory.validateFeatureEnabled(FeatureFlagType.ACCESS_EVALUATION);

Expand Down Expand Up @@ -103,7 +109,8 @@ public void validateAuthorization(String authorization) {
log.info("Authorized with basic client authentication.");

final Client client = clientService.getClient(clientId);
if (ArrayUtils.contains(client.getScopes(), ACCESS_EVALUATION_SCOPE)) {
List<String> clientScopes = scopeService.getScopeIdsByDns(client.getScopes() != null ? Arrays.asList(client.getScopes()) : new ArrayList<>());
if (clientScopes.contains(ACCESS_EVALUATION_SCOPE)) {
log.info("Granted access to /evaluation endpoint. Client {} has scope {}.", clientId, ACCESS_EVALUATION_SCOPE);
return;
} else {
Expand Down

0 comments on commit 6ec6bd6

Please sign in to comment.