API에 scope이 적용되어 있지 않은 경우, Client에 API 적용여부를 확인하도록 수정
This commit is contained in:
@@ -24,6 +24,8 @@ import com.nimbusds.jose.JWSVerifier;
|
||||
import com.nimbusds.jose.crypto.RSASSAVerifier;
|
||||
import com.nimbusds.jose.util.IOUtils;
|
||||
import com.nimbusds.jwt.SignedJWT;
|
||||
|
||||
import org.apache.commons.collections.CollectionUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.core.io.ClassPathResource;
|
||||
import org.springframework.core.io.Resource;
|
||||
@@ -142,6 +144,11 @@ public class ApiAuthFilter implements HttpAdapterFilter {
|
||||
OAuth2Manager manager = OAuth2Manager.getInstance();
|
||||
HashSet<String> scopeSet = manager.getApiScopeMap().get(apiId);
|
||||
|
||||
// API에 scope 설정이 안되어 있는 경우, scope 체크를 pass하고 나중에 client API 맵을 체크한다.
|
||||
if(CollectionUtils.isEmpty(scopeSet))
|
||||
isPassScope = true;
|
||||
|
||||
if(!isPassScope) {
|
||||
String[] scopeArr = signedJWT.getJWTClaimsSet().getStringArrayClaim(PAYLOAD_PARAM_NAME_SCOPE);
|
||||
if (scopeArr == null || scopeArr.length == 0) {
|
||||
throw new JwtAuthException(ERROR_AUTHORIZATION_FAIL,
|
||||
@@ -160,6 +167,7 @@ public class ApiAuthFilter implements HttpAdapterFilter {
|
||||
String.format("Insufficient [Scope](Allowed Scope=%s)", scopeSet.toString()));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// header 값으로 전송된 clientId와 토큰 소유 clientId check
|
||||
if (!verifyClientId(prop, signedJWT)) {
|
||||
|
||||
Reference in New Issue
Block a user