API에 scope이 적용되어 있지 않은 경우, Client에 API 적용여부를 확인하도록 수정
This commit is contained in:
@@ -24,6 +24,8 @@ import com.nimbusds.jose.JWSVerifier;
|
|||||||
import com.nimbusds.jose.crypto.RSASSAVerifier;
|
import com.nimbusds.jose.crypto.RSASSAVerifier;
|
||||||
import com.nimbusds.jose.util.IOUtils;
|
import com.nimbusds.jose.util.IOUtils;
|
||||||
import com.nimbusds.jwt.SignedJWT;
|
import com.nimbusds.jwt.SignedJWT;
|
||||||
|
|
||||||
|
import org.apache.commons.collections.CollectionUtils;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.springframework.core.io.ClassPathResource;
|
import org.springframework.core.io.ClassPathResource;
|
||||||
import org.springframework.core.io.Resource;
|
import org.springframework.core.io.Resource;
|
||||||
@@ -142,6 +144,11 @@ public class ApiAuthFilter implements HttpAdapterFilter {
|
|||||||
OAuth2Manager manager = OAuth2Manager.getInstance();
|
OAuth2Manager manager = OAuth2Manager.getInstance();
|
||||||
HashSet<String> scopeSet = manager.getApiScopeMap().get(apiId);
|
HashSet<String> scopeSet = manager.getApiScopeMap().get(apiId);
|
||||||
|
|
||||||
|
// API에 scope 설정이 안되어 있는 경우, scope 체크를 pass하고 나중에 client API 맵을 체크한다.
|
||||||
|
if(CollectionUtils.isEmpty(scopeSet))
|
||||||
|
isPassScope = true;
|
||||||
|
|
||||||
|
if(!isPassScope) {
|
||||||
String[] scopeArr = signedJWT.getJWTClaimsSet().getStringArrayClaim(PAYLOAD_PARAM_NAME_SCOPE);
|
String[] scopeArr = signedJWT.getJWTClaimsSet().getStringArrayClaim(PAYLOAD_PARAM_NAME_SCOPE);
|
||||||
if (scopeArr == null || scopeArr.length == 0) {
|
if (scopeArr == null || scopeArr.length == 0) {
|
||||||
throw new JwtAuthException(ERROR_AUTHORIZATION_FAIL,
|
throw new JwtAuthException(ERROR_AUTHORIZATION_FAIL,
|
||||||
@@ -160,6 +167,7 @@ public class ApiAuthFilter implements HttpAdapterFilter {
|
|||||||
String.format("Insufficient [Scope](Allowed Scope=%s)", scopeSet.toString()));
|
String.format("Insufficient [Scope](Allowed Scope=%s)", scopeSet.toString()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// header 값으로 전송된 clientId와 토큰 소유 clientId check
|
// header 값으로 전송된 clientId와 토큰 소유 clientId check
|
||||||
if (!verifyClientId(prop, signedJWT)) {
|
if (!verifyClientId(prop, signedJWT)) {
|
||||||
|
|||||||
Reference in New Issue
Block a user