Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * Copyright 2002-2011 the original author or authors.
   *
   * Licensed under the Apache License, Version 2.0 (the "License");
   * you may not use this file except in compliance with the License.
   * You may obtain a copy of the License at
   *
   *      http://www.apache.org/licenses/LICENSE-2.0
   *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
 package org.springframework.security.oauth2.provider.approval;
 
A user approval handler that remembers approval decisions by consulting existing tokens.

Author(s):
Dave Syer
 
 
 	private static Log logger = LogFactory.getLog(TokenServicesUserApprovalHandler.class);
 

Parameters:
approvalParameter the approvalParameter to set
 
 	public void setApprovalParameter(String approvalParameter) {
 		this. = approvalParameter;
 	}
 

Parameters:
tokenServices the token services to set
 
 	public void setTokenServices(AuthorizationServerTokenServices tokenServices) {
 		this. = tokenServices;
 	}
 
 	public void afterPropertiesSet() {
 		Assert.state( != null"AuthorizationServerTokenServices must be provided");
 	}
 	
 	public AuthorizationRequest updateBeforeApproval(AuthorizationRequest authorizationRequestAuthentication userAuthentication) {
 		return authorizationRequest;
 	}

Basic implementation just requires the authorization request to be explicitly approved and the user to be authenticated.

Parameters:
authorizationRequest The authorization request.
userAuthentication the current user authentication
Returns:
Whether the specified request has been approved by the current user.
 
 	public boolean isApproved(AuthorizationRequest authorizationRequestAuthentication userAuthentication) {
 
 		String flag = authorizationRequest.getApprovalParameters().get();
 		boolean approved = flag != null && flag.toLowerCase().equals("true");
 
 		OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequestuserAuthentication);
 		if (.isDebugEnabled()) {
 			StringBuilder builder = new StringBuilder("Looking up existing token for ");
 			builder.append("client_id=" + authorizationRequest.getClientId());
 			builder.append(", scope=" + authorizationRequest.getScope());
 			builder.append(" and username=" + userAuthentication.getName());
 			.debug(builder.toString());
 		}
 
 		OAuth2AccessToken accessToken = .getAccessToken(authentication);
 		.debug("Existing access token=" + accessToken);
 		if (accessToken != null && !accessToken.isExpired()) {
 			.debug("User already approved with token=" + accessToken);
 			// A token was already granted and is still valid, so this is already approved
 			approved = true;
 		}
 		else {
 			.debug("Checking explicit approval");
 			approved = userAuthentication.isAuthenticated() && approved;
 		}
 		
		return approved;
	}
New to GrepCode? Check out our FAQ X