diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/KeyValidator.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/KeyValidator.java index cb8e8fe308..e677d048ba 100644 --- a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/KeyValidator.java +++ b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/KeyValidator.java @@ -86,22 +86,13 @@ public static boolean validateScopes(TokenValidationContext validationContext) t ResourceConfig matchedResource = validationContext.getMatchingResourceConfig(); boolean scopesValidated = false; - if (matchedResource.getSecuritySchemas().entrySet().size() > 0) { - for (Map.Entry> pair : matchedResource.getSecuritySchemas().entrySet()) { - boolean validate = false; - if (pair.getValue() != null && pair.getValue().size() > 0) { - scopesValidated = false; - for (String scope : pair.getValue()) { - if (scopesSet.contains(scope)) { - scopesValidated = true; - validate = true; - break; - } - } - } else { + + List requiredScopes = matchedResource.getSecuritySchemas() + .get(validationContext.getSecurityScheme()); + if (requiredScopes != null && !requiredScopes.isEmpty()) { + for (String scope : requiredScopes) { + if (scopesSet.contains(scope)) { scopesValidated = true; - } - if (validate) { break; } } diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/TokenValidationContext.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/TokenValidationContext.java index a460c09b06..93d5ed3471 100644 --- a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/TokenValidationContext.java +++ b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/TokenValidationContext.java @@ -46,6 +46,7 @@ public class TokenValidationContext { private AccessTokenInfo tokenInfo; private String authorizationCode; private String tenantDomain; + private String securityScheme; private List keyManagers = new ArrayList<>(); public AccessTokenInfo getTokenInfo() { @@ -179,5 +180,13 @@ public void setKeyManagers(List keyManagers) { this.keyManagers = keyManagers; } + + public String getSecurityScheme() { + return securityScheme; + } + + public void setSecurityScheme(String securityScheme) { + this.securityScheme = securityScheme; + } } diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/JWTAuthenticator.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/JWTAuthenticator.java index 925f3e4763..a1cd2e7239 100644 --- a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/JWTAuthenticator.java +++ b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/JWTAuthenticator.java @@ -83,6 +83,7 @@ public class JWTAuthenticator implements Authenticator { private static final Logger log = LogManager.getLogger(JWTAuthenticator.class); + private static final String SWAGGER_OAUTH2_SECURITY_SCHEME_NAME = "default"; private final JWTValidator jwtValidator = new JWTValidator(); private final boolean isGatewayTokenCacheEnabled; private AbstractAPIMgtGatewayJWTGenerator jwtGenerator; @@ -573,6 +574,7 @@ private void validateScopes(String apiContext, String apiVersion, ResourceConfig tokenValidationContext.setMatchingResourceConfig(matchingResource); tokenValidationContext.setContext(apiContext); tokenValidationContext.setVersion(apiVersion); + tokenValidationContext.setSecurityScheme(SWAGGER_OAUTH2_SECURITY_SCHEME_NAME); boolean valid = KeyValidator.validateScopes(tokenValidationContext); if (valid) {