org.springframework.security.oauth2.provider
Interface AuthorizationRequestManager

All Known Implementing Classes:
DefaultAuthorizationRequestManager

public interface AuthorizationRequestManager

Strategy for managing AuthorizationRequest instances during a token grant.

Author:
Dave Syer

Method Summary
 AuthorizationRequest createAuthorizationRequest(Map<String,String> authorizationParameters)
          Create a new AuthorizationRequest extracting all the needed information from the incoming parameter map.
 void validateParameters(Map<String,String> parameters, ClientDetails clientDetails)
           Validate the parameters provided by the client.
 

Method Detail

createAuthorizationRequest

AuthorizationRequest createAuthorizationRequest(Map<String,String> authorizationParameters)
Create a new AuthorizationRequest extracting all the needed information from the incoming parameter map. Typical implementations would load the client details from the client id provided and validate the grant type and scopes, populating any fields in the request that are known only to the authorization server.

Parameters:
authorizationParameters - the parameters in the request
Returns:
a new AuthorizationRequest

validateParameters

void validateParameters(Map<String,String> parameters,
                        ClientDetails clientDetails)

Validate the parameters provided by the client. Called by the AuthorizationEndpoint and also by the TokenEndpoint before a response is sent back to the client. Note that during an authorization code flow both endpoints will call this method, but the TokenEndpoint in that case has very little if anything to validate since all the parameters neeeded for the access token were provided to the AuthorizationEndpoint.

Implementations should at a minimum check that the scope values requested are legal for the client.

Parameters:
parameters - the request parameters
clientDetails - the client requesting the token


Copyright © 2012. All Rights Reserved.