ClientScopeVoter (OAuth2 for Spring Security 2.4.1.RELEASE API)

java.lang.Object
- org.springframework.security.oauth2.provider.vote.ClientScopeVoter

All Implemented Interfaces:

org.springframework.security.access.AccessDecisionVoter<Object>

Deprecated.
See the OAuth 2.0 Migration Guide for Spring Security 5.
```
@Deprecated
public class ClientScopeVoter
extends Object
implements org.springframework.security.access.AccessDecisionVoter<Object>
```
This voter checks scope in request is consistent with that held by the client. If there is no user in the request (client_credentials grant) it checks against authorities of client instead of scopes by default. Activate by adding CLIENT_HAS_SCOPE to security attributes.

Author:

Dave Syer

Field Summary
- Fields inherited from interface org.springframework.security.access.AccessDecisionVoter
  ACCESS_ABSTAIN, ACCESS_DENIED, ACCESS_GRANTED

Constructor Summary

Constructors
Constructor and Description

ClientScopeVoter()
Deprecated.

Constructors
Constructor and Description
`ClientScopeVoter()` Deprecated.

Method Summary

All Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`void`	`setClientAuthoritiesAreScopes(boolean clientAuthoritiesAreScopes)` Deprecated. Flag to signal that when there is no user authentication client authorities are to be treated as scopes.
`void`	`setClientDetailsService(ClientDetailsService clientDetailsService)` Deprecated. ClientDetailsService for looking up clients by ID.
`void`	`setDenyAccess(String denyAccess)` Deprecated. The name of the config attribute that can be used to deny access to OAuth2 client.
`void`	`setThrowException(boolean throwException)` Deprecated. Flag to determine the behaviour on access denied.
`boolean`	`supports(Class<?> clazz)` Deprecated. This implementation supports any type of class, because it does not query the presented secure object.
`boolean`	`supports(org.springframework.security.access.ConfigAttribute attribute)` Deprecated.
`int`	`vote(org.springframework.security.core.Authentication authentication, Object object, Collection<org.springframework.security.access.ConfigAttribute> attributes)` Deprecated.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - ClientScopeVoter
```
public ClientScopeVoter()
```
    Deprecated.
- Method Detail
  - setClientDetailsService
```
public void setClientDetailsService(ClientDetailsService clientDetailsService)
```
    Deprecated.
    
    ClientDetailsService for looking up clients by ID.
    
    Parameters:
    
    clientDetailsService - the client details service (mandatory)
  - setThrowException
```
public void setThrowException(boolean throwException)
```
    Deprecated.
    
    Flag to determine the behaviour on access denied. If set then we throw an InsufficientScopeException instead of returning AccessDecisionVoter.ACCESS_DENIED. This is unconventional for an access decision voter because it vetos the other voters in the chain, but it enables us to pass a message to the caller with information about the required scope.
    
    Parameters:
    
    throwException - the flag to set (default true)
  - setClientAuthoritiesAreScopes
```
public void setClientAuthoritiesAreScopes(boolean clientAuthoritiesAreScopes)
```
    Deprecated.
    
    Flag to signal that when there is no user authentication client authorities are to be treated as scopes.
    
    Parameters:
    
    clientAuthoritiesAreScopes - the flag value (default true)
  - setDenyAccess
```
public void setDenyAccess(String denyAccess)
```
    Deprecated.
    
    The name of the config attribute that can be used to deny access to OAuth2 client. Defaults to DENY_OAUTH.
    
    Parameters:
    
    denyAccess - the deny access attribute value to set
  - supports
```
public boolean supports(org.springframework.security.access.ConfigAttribute attribute)
```
    Deprecated.
    
    Specified by:
    
    supports in interface org.springframework.security.access.AccessDecisionVoter<Object>
  - supports
```
public boolean supports(Class<?> clazz)
```
    Deprecated.
    
    This implementation supports any type of class, because it does not query the presented secure object.
    
    Specified by:
    
    supports in interface org.springframework.security.access.AccessDecisionVoter<Object>
    
    Parameters:
    
    clazz - the secure object
    
    Returns:
    
    always true
  - vote
```
public int vote(org.springframework.security.core.Authentication authentication,
                Object object,
                Collection<org.springframework.security.access.ConfigAttribute> attributes)
```
    Deprecated.
    
    Specified by:
    
    vote in interface org.springframework.security.access.AccessDecisionVoter<Object>

Class ClientScopeVoter

Field Summary

Fields inherited from interface org.springframework.security.access.AccessDecisionVoter

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

ClientScopeVoter

Method Detail

setClientDetailsService

setThrowException

setClientAuthoritiesAreScopes

setDenyAccess

supports

supports

vote