View Javadoc
1   /*
2    * Copyright 2002-2011 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.security.oauth2.provider.approval;
18  
19  import java.util.HashMap;
20  import java.util.Map;
21  
22  import org.springframework.security.core.Authentication;
23  import org.springframework.security.oauth2.common.util.OAuth2Utils;
24  import org.springframework.security.oauth2.provider.AuthorizationRequest;
25  
26  /**
27   * A default user approval handler that doesn't remember any decisions.
28   * 
29   * @author Dave Syer
30   * 
31   */
32  public class DefaultUserApprovalHandler implements UserApprovalHandler {
33  
34  	private String approvalParameter = OAuth2Utils.USER_OAUTH_APPROVAL;
35  	
36  	/**
37  	 * @param approvalParameter the approvalParameter to set
38  	 */
39  	public void setApprovalParameter(String approvalParameter) {
40  		this.approvalParameter = approvalParameter;
41  	}
42  
43  	/**
44  	 * Basic implementation just requires the authorization request to be explicitly approved and the user to be
45  	 * authenticated.
46  	 * 
47  	 * @param authorizationRequest The authorization request.
48  	 * @param userAuthentication the current user authentication
49  	 * 
50  	 * @return Whether the specified request has been approved by the current user.
51  	 */
52  	public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
53  		if (authorizationRequest.isApproved()) {
54  			return true;
55  		}
56  		return false;
57  	}
58  
59  	public AuthorizationRequestringframework/security/oauth2/provider/AuthorizationRequest.html#AuthorizationRequest">AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
60  		return authorizationRequest;
61  	}
62  
63  	@Override
64  	public AuthorizationRequestringframework/security/oauth2/provider/AuthorizationRequest.html#AuthorizationRequest">AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
65  		Map<String, String> approvalParameters = authorizationRequest.getApprovalParameters();
66  		String flag = approvalParameters.get(approvalParameter);
67  		boolean approved = flag != null && flag.toLowerCase().equals("true");
68  		authorizationRequest.setApproved(approved);
69  		return authorizationRequest;
70  	}
71  	
72  	@Override
73  	public Map<String, Object> getUserApprovalRequest(AuthorizationRequest authorizationRequest,
74  			Authentication userAuthentication) {
75  		Map<String, Object> model = new HashMap<String, Object>();
76  		// In case of a redirect we might want the request parameters to be included
77  		model.putAll(authorizationRequest.getRequestParameters());
78  		return model;
79  	}
80  
81  }