Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
   * Copyright 2002-2011 the original author or authors.
   * Licensed under the Apache License, Version 2.0 (the "License");
   * you may not use this file except in compliance with the License.
   * You may obtain a copy of the License at
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
A user approval handler that remembers approval decisions by consulting existing tokens.

Dave Syer
 	private static Log logger = LogFactory.getLog(TokenServicesUserApprovalHandler.class);

approvalParameter the approvalParameter to set
 	public void setApprovalParameter(String approvalParameter) {
 		this. = approvalParameter;

tokenServices the token services to set
 	public void setTokenServices(AuthorizationServerTokenServices tokenServices) {
 		this. = tokenServices;
 	public void afterPropertiesSet() {
 		Assert.state( != null"AuthorizationServerTokenServices must be provided");
 	public AuthorizationRequest updateBeforeApproval(AuthorizationRequest authorizationRequestAuthentication userAuthentication) {
 		return authorizationRequest;

Basic implementation just requires the authorization request to be explicitly approved and the user to be authenticated.

authorizationRequest The authorization request.
userAuthentication the current user authentication
Whether the specified request has been approved by the current user.
 	public boolean isApproved(AuthorizationRequest authorizationRequestAuthentication userAuthentication) {
 		String flag = authorizationRequest.getApprovalParameters().get();
 		boolean approved = flag != null && flag.toLowerCase().equals("true");
 		OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequestuserAuthentication);
 		if (.isDebugEnabled()) {
 			StringBuilder builder = new StringBuilder("Looking up existing token for ");
 			builder.append("client_id=" + authorizationRequest.getClientId());
 			builder.append(", scope=" + authorizationRequest.getScope());
 			builder.append(" and username=" + userAuthentication.getName());
 		OAuth2AccessToken accessToken = .getAccessToken(authentication);
 		.debug("Existing access token=" + accessToken);
 		if (accessToken != null && !accessToken.isExpired()) {
 			.debug("User already approved with token=" + accessToken);
 			// A token was already granted and is still valid, so this is already approved
 			approved = true;
 		else {
 			.debug("Checking explicit approval");
 			approved = userAuthentication.isAuthenticated() && approved;
		return approved;
New to GrepCode? Check out our FAQ X