org.springframework.security.oauth2.provider
Class DefaultAuthorizationRequestManager

java.lang.Object
  extended by org.springframework.security.oauth2.provider.DefaultAuthorizationRequestManager
All Implemented Interfaces:
AuthorizationRequestManager

public class DefaultAuthorizationRequestManager
extends Object
implements AuthorizationRequestManager

Default implementation of AuthorizationRequestManager which validates grant types and scopes and fills in scopes with the default values from the client if they are missing.

Author:
Dave Syer

Constructor Summary
DefaultAuthorizationRequestManager(ClientDetailsService clientDetailsService)
           
 
Method Summary
 AuthorizationRequest createAuthorizationRequest(Map<String,String> parameters)
          Create a new AuthorizationRequest extracting all the needed information from the incoming parameter map.
 void validateParameters(Map<String,String> parameters, ClientDetails clientDetails)
           Validate the parameters provided by the client.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DefaultAuthorizationRequestManager

public DefaultAuthorizationRequestManager(ClientDetailsService clientDetailsService)
Method Detail

createAuthorizationRequest

public AuthorizationRequest createAuthorizationRequest(Map<String,String> parameters)
Description copied from interface: AuthorizationRequestManager
Create a new AuthorizationRequest extracting all the needed information from the incoming parameter map. Typical implementations would load the client details from the client id provided and validate the grant type and scopes, populating any fields in the request that are known only to the authorization server.

Specified by:
createAuthorizationRequest in interface AuthorizationRequestManager
Parameters:
parameters - the parameters in the request
Returns:
a new AuthorizationRequest

validateParameters

public void validateParameters(Map<String,String> parameters,
                               ClientDetails clientDetails)
Description copied from interface: AuthorizationRequestManager

Validate the parameters provided by the client. Called by the AuthorizationEndpoint and also by the TokenEndpoint before a response is sent back to the client. Note that during an authorization code flow both endpoints will call this method, but the TokenEndpoint in that case has very little if anything to validate since all the parameters neeeded for the access token were provided to the AuthorizationEndpoint.

Implementations should at a minimum check that the scope values requested are legal for the client.

Specified by:
validateParameters in interface AuthorizationRequestManager
Parameters:
parameters - the request parameters
clientDetails - the client requesting the token


Copyright © 2012. All Rights Reserved.