From b2c70301ee95da5502759b536a5efd0c746461d6 Mon Sep 17 00:00:00 2001 From: Madhavi Gayathri Date: Thu, 14 Dec 2023 13:24:34 +0530 Subject: [PATCH] Add role based scope validation config enabled check. --- .../oauth2/validators/scope/RoleBasedScopeIssuer.java | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/scope/RoleBasedScopeIssuer.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/scope/RoleBasedScopeIssuer.java index 50eb80cc500..f9481505617 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/scope/RoleBasedScopeIssuer.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/scope/RoleBasedScopeIssuer.java @@ -102,11 +102,16 @@ public class RoleBasedScopeIssuer extends AbstractRoleBasedScopeIssuer implement private static final String ISSUER_PREFIX = "default"; OAuthServerConfiguration oAuthServerConfiguration = OAuthServerConfiguration.getInstance(); private static final String REFRESH_TOKEN_GRANT_TYPE = "refresh_token"; + private static final String ROLE_BASE_SCOPE_VALIDATION_ENABLED = + "GlobalScopeValidators.RoleBasedScopeIssuer.Enable"; @Override public boolean validateScope(OAuthAuthzReqMessageContext oAuthAuthzReqMessageContext) throws IdentityOAuth2Exception { + if (!Boolean.parseBoolean(IdentityUtil.getProperty(ROLE_BASE_SCOPE_VALIDATION_ENABLED))) { + return true; + } List authScopes = getScopes(oAuthAuthzReqMessageContext); oAuthAuthzReqMessageContext.setApprovedScope(authScopes.toArray(new String[0])); return true; @@ -116,6 +121,9 @@ public boolean validateScope(OAuthAuthzReqMessageContext oAuthAuthzReqMessageCon public boolean validateScope(OAuthTokenReqMessageContext oAuthTokenReqMessageContext) throws IdentityOAuth2Exception { + if (!Boolean.parseBoolean(IdentityUtil.getProperty(ROLE_BASE_SCOPE_VALIDATION_ENABLED))) { + return true; + } String grantType = oAuthTokenReqMessageContext.getOauth2AccessTokenReqDTO().getGrantType(); boolean isRefreshRequest = OAuthConstants.GrantTypes.REFRESH_TOKEN.equals(grantType); boolean isFederatedUser = oAuthTokenReqMessageContext.getAuthorizedUser().isFederatedUser(); @@ -131,6 +139,9 @@ public boolean validateScope(OAuthTokenReqMessageContext oAuthTokenReqMessageCon public boolean validateScope(OAuth2TokenValidationMessageContext oAuth2TokenValidationMessageContext) throws IdentityOAuth2Exception { + if (!Boolean.parseBoolean(IdentityUtil.getProperty(ROLE_BASE_SCOPE_VALIDATION_ENABLED))) { + return true; + } AccessTokenDO accessTokenDO = (AccessTokenDO) oAuth2TokenValidationMessageContext.getProperty(ACCESS_TOKEN_DO); if (accessTokenDO == null) { return false;