Description
Summary
There is data unique to scopes that, if preserved, would clean up code in a few places that need to recompute it each time.
For example, in BearerTokenAccessDeniedHandler, the scope attribute is returned with the list of scopes provided in the authentication token.
To find the scopes on the authentication token, though, it must rediscover the scope claim and then reparse it--two tasks that were already done during authentication.
ScopeGrantedAuthority would look something like:
public class ScopeGrantedAuthority extends GrantedAuthority {
private final String scopePrefix = "SCOPE_";
private final String authority;
private final String scope;
public ScopeGrantedAuthority(String scope) {
this.scope = scope;
this.authority = this.scopePrefix + scope;
}
public String getAuthority() {
return this.authority;
}
public String getScope() {
return this.scope;
}
// ... hashcode, equals, and toString
}This would require very little change to authority extraction:
.map(scope -> "SCOPE_" + scope)
.map(SimpleGrantedAuthority::new)would become
.map(ScopeGrantedAuthority::new)And about 20 lines in BearerTokenAccessDeniedHandler would become:
authentication.getAuthorities().stream()
.filter(authority -> authority instanceof ScopeGrantedAuthority)
.map(authority -> ((ScopeGrantedAuthority) authority).getScope())
.collect(Collectors.joining(" "));Another example of where remembering the original scope is helpful is when constructing a BearerTokenError with the scope parameter.