mirror of
https://github.com/scm-manager/scm-manager.git
synced 2026-07-04 10:37:32 +02:00
use preexisiting scope by default but prevent overriding of builder scope and update unit tests
This commit is contained in:
@@ -40,9 +40,7 @@ import java.time.Clock;
|
||||
import java.time.Instant;
|
||||
import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
/**
|
||||
@@ -71,7 +69,6 @@ public final class JwtAccessTokenBuilder implements AccessTokenBuilder {
|
||||
private Instant refreshExpiration;
|
||||
private String parentKeyId;
|
||||
private Scope scope = Scope.empty();
|
||||
private Set<String> groups = new HashSet<>();
|
||||
|
||||
private final Map<String,Object> custom = Maps.newHashMap();
|
||||
|
||||
@@ -155,8 +152,13 @@ public final class JwtAccessTokenBuilder implements AccessTokenBuilder {
|
||||
|
||||
@Override
|
||||
public JwtAccessToken build() {
|
||||
if (SecurityUtils.getSubject().getPrincipals().getRealmNames().contains(ApiKeyRealm.NAME)) {
|
||||
scope = Scope.valueOf(SecurityUtils.getSubject().getPrincipals().oneByType(Scope.class));
|
||||
final Scope principalScope = SecurityUtils.getSubject().getPrincipals().oneByType(Scope.class);
|
||||
if (principalScope != null) {
|
||||
if (scope != null && !scope.isEmpty()) {
|
||||
throw new AuthorizationException(String.format("cannot merge builder scope (%s) with principal scope (%s)", scope, principalScope));
|
||||
}
|
||||
LOG.debug("using existing scope for new access token: {}", principalScope);
|
||||
scope = principalScope;
|
||||
}
|
||||
String id = keyGenerator.createKey();
|
||||
|
||||
|
||||
Reference in New Issue
Block a user