From e1db108cb9cb6c957271c8693435baec2c42cc30 Mon Sep 17 00:00:00 2001
From: Mario Petrovski <marivce12@gmail.com>
Date: Wed, 13 Sep 2023 14:41:07 +0200
Subject: [PATCH] Improvements and unit tests.

---
 ....java => OAuth2AuthorizationManagers.java} | 28 +++++++--
 .../OAuth2AuthorizationManagersTests.java     | 58 +++++++++++++++++++
 2 files changed, 80 insertions(+), 6 deletions(-)
 rename oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/{ScopeAuthorizationManagerFactory.java => OAuth2AuthorizationManagers.java} (60%)
 create mode 100644 oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AuthorizationManagersTests.java

diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ScopeAuthorizationManagerFactory.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationManagers.java
similarity index 60%
rename from oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ScopeAuthorizationManagerFactory.java
rename to oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationManagers.java
index 409c5a5f5b..7f0368f902 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ScopeAuthorizationManagerFactory.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AuthorizationManagers.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,25 +16,41 @@
 
 package org.springframework.security.oauth2.core;
 
-import java.util.Arrays;
-
 import org.springframework.security.authorization.AuthorityAuthorizationManager;
 
 /**
  * @author Mario Petrovski
+ * @since 6.2
  */
-public final class ScopeAuthorizationManagerFactory {
+public final class OAuth2AuthorizationManagers {
 
-	private ScopeAuthorizationManagerFactory() {
+	private OAuth2AuthorizationManagers() {
 	}
 
 	public static <T> AuthorityAuthorizationManager<T> hasScope(String scope) {
+		verifyScope(scope);
 		return AuthorityAuthorizationManager.hasAuthority("SCOPE_" + scope);
 	}
 
 	public static <T> AuthorityAuthorizationManager<T> hasAnyScope(String... scopes) {
-		String[] mappedScopes = Arrays.stream(scopes).map((String s) -> "SCOPE_" + s).toArray(String[]::new);
+		verifyScopes(scopes);
+		String[] mappedScopes = new String[scopes.length];
+		for (int i = 0; i < scopes.length; i++) {
+			mappedScopes[i] = "SCOPE_" + scopes[i];
+		}
 		return AuthorityAuthorizationManager.hasAnyAuthority(mappedScopes);
 	}
 
+	private static void verifyScopes(String... scopes) throws IllegalArgumentException {
+		for (String scope : scopes) {
+			verifyScope(scope);
+		}
+	}
+
+	private static void verifyScope(String scope) {
+		if (scope.startsWith("SCOPE_")) {
+			throw new IllegalArgumentException("Scope '" + scope + "' start with 'SCOPE_' prefix.");
+		}
+	}
+
 }
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AuthorizationManagersTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AuthorizationManagersTests.java
new file mode 100644
index 0000000000..4b833fdd42
--- /dev/null
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AuthorizationManagersTests.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2002-2023 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.oauth2.core;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.security.authorization.AuthorityAuthorizationManager;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+/**
+ * Tests for {@link OAuth2AuthorizationManagers}
+ *
+ * @author Mario Petrovski
+ */
+public class OAuth2AuthorizationManagersTests {
+
+	@Test
+	void hasScope_withInvalidScope_shouldThrowIllegalArgumentException() {
+		String scope = "SCOPE_invalid";
+		assertThrows(IllegalArgumentException.class, () -> OAuth2AuthorizationManagers.hasScope(scope));
+	}
+
+	@Test
+	void hasScopes_withInvalidScope_shouldThrowIllegalArgumentException() {
+		String[] scopes = { "read", "write", "SCOPE_invalid" };
+		assertThrows(IllegalArgumentException.class, () -> OAuth2AuthorizationManagers.hasAnyScope(scopes));
+	}
+
+	@Test
+	void hasScope_withValidScope_shouldPass() {
+		String scope = "read";
+		AuthorityAuthorizationManager<Object> authorizationManager = OAuth2AuthorizationManagers.hasScope(scope);
+		assertNotNull(authorizationManager);
+	}
+
+	@Test
+	void hasScope_withValidScopes_shouldPass() {
+		String[] scopes = { "read", "write" };
+		AuthorityAuthorizationManager<Object> authorizationManager = OAuth2AuthorizationManagers.hasAnyScope(scopes);
+		assertNotNull(authorizationManager);
+	}
+
+}