Fix scope validation issue when multiple security schemes are configured

Author: mevan-karu

enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/KeyValidator.java

@@ -86,22 +86,13 @@ public static boolean validateScopes(TokenValidationContext validationContext) t
 
         ResourceConfig matchedResource = validationContext.getMatchingResourceConfig();
         boolean scopesValidated = false;
-        if (matchedResource.getSecuritySchemas().entrySet().size() > 0) {
-            for (Map.Entry<String, List<String>> pair : matchedResource.getSecuritySchemas().entrySet()) {
-                boolean validate = false;
-                if (pair.getValue() != null && pair.getValue().size() > 0) {
-                    scopesValidated = false;
-                    for (String scope : pair.getValue()) {
-                        if (scopesSet.contains(scope)) {
-                            scopesValidated = true;
-                            validate = true;
-                            break;
-                        }
-                    }
-                } else {
+
+        List<String> requiredScopes = matchedResource.getSecuritySchemas()
+                .get(validationContext.getSecurityScheme());
+        if (requiredScopes != null && !requiredScopes.isEmpty()) {
+            for (String scope : requiredScopes) {
+                if (scopesSet.contains(scope)) {
                     scopesValidated = true;
-                }
-                if (validate) {
                     break;
                 }
             }

enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/TokenValidationContext.java

@@ -46,6 +46,7 @@ public class TokenValidationContext {
     private AccessTokenInfo tokenInfo;
     private String authorizationCode;
     private String tenantDomain;
+    private String securityScheme;
     private List<String> keyManagers = new ArrayList<>();
 
     public AccessTokenInfo getTokenInfo() {
@@ -179,5 +180,13 @@ public void setKeyManagers(List<String> keyManagers) {
 
         this.keyManagers = keyManagers;
     }
+
+    public String getSecurityScheme() {
+        return securityScheme;
+    }
+
+    public void setSecurityScheme(String securityScheme) {
+        this.securityScheme = securityScheme;
+    }
 }
 

enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/JWTAuthenticator.java

@@ -83,6 +83,7 @@
 public class JWTAuthenticator implements Authenticator {
 
     private static final Logger log = LogManager.getLogger(JWTAuthenticator.class);
+    private static final String SWAGGER_OAUTH2_SECURITY_SCHEME_NAME = "default";
     private final JWTValidator jwtValidator = new JWTValidator();
     private final boolean isGatewayTokenCacheEnabled;
     private AbstractAPIMgtGatewayJWTGenerator jwtGenerator;
@@ -573,6 +574,7 @@ private void validateScopes(String apiContext, String apiVersion, ResourceConfig
             tokenValidationContext.setMatchingResourceConfig(matchingResource);
             tokenValidationContext.setContext(apiContext);
             tokenValidationContext.setVersion(apiVersion);
+            tokenValidationContext.setSecurityScheme(SWAGGER_OAUTH2_SECURITY_SCHEME_NAME);
 
             boolean valid = KeyValidator.validateScopes(tokenValidationContext);
             if (valid) {