View Javadoc
1   /*
2    * Copyright 2006-2011 the original author or authors.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
5    * the License. You may obtain a copy of the License at
6    * 
7    * https://www.apache.org/licenses/LICENSE-2.0
8    * 
9    * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
10   * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
11   * specific language governing permissions and limitations under the License.
12   */
13  package org.springframework.security.oauth2.provider.token;
14  
15  import java.util.Collection;
16  
17  import org.apache.commons.logging.Log;
18  import org.apache.commons.logging.LogFactory;
19  import org.springframework.security.oauth2.common.OAuth2AccessToken;
20  import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
21  import org.springframework.security.oauth2.provider.ClientDetails;
22  import org.springframework.security.oauth2.provider.ClientDetailsService;
23  import org.springframework.security.oauth2.provider.OAuth2Authentication;
24  import org.springframework.security.oauth2.provider.OAuth2Request;
25  import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
26  import org.springframework.security.oauth2.provider.TokenGranter;
27  import org.springframework.security.oauth2.provider.TokenRequest;
28  
29  /**
30   * @author Dave Syer
31   * 
32   */
33  public abstract class AbstractTokenGranter implements TokenGranter {
34  	
35  	protected final Log logger = LogFactory.getLog(getClass());
36  
37  	private final AuthorizationServerTokenServices tokenServices;
38  
39  	private final ClientDetailsService clientDetailsService;
40  	
41  	private final OAuth2RequestFactory requestFactory;
42  	
43  	private final String grantType;
44  
45  	protected AbstractTokenGranter(AuthorizationServerTokenServices tokenServices,
46  			ClientDetailsService clientDetailsService, OAuth2RequestFactory requestFactory, String grantType) {
47  		this.clientDetailsService = clientDetailsService;
48  		this.grantType = grantType;
49  		this.tokenServices = tokenServices;
50  		this.requestFactory = requestFactory;
51  	}
52  
53  	public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
54  
55  		if (!this.grantType.equals(grantType)) {
56  			return null;
57  		}
58  		
59  		String clientId = tokenRequest.getClientId();
60  		ClientDetails client = clientDetailsService.loadClientByClientId(clientId);
61  		validateGrantType(grantType, client);
62  
63  		if (logger.isDebugEnabled()) {
64  			logger.debug("Getting access token for: " + clientId);
65  		}
66  
67  		return getAccessToken(client, tokenRequest);
68  
69  	}
70  
71  	protected OAuth2AccessToken getAccessToken(ClientDetails client, TokenRequest tokenRequest) {
72  		return tokenServices.createAccessToken(getOAuth2Authentication(client, tokenRequest));
73  	}
74  
75  	protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
76  		OAuth2Request storedOAuth2Request = requestFactory.createOAuth2Request(client, tokenRequest);
77  		return new OAuth2Authentication(storedOAuth2Request, null);
78  	}
79  
80  	protected void validateGrantType(String grantType, ClientDetails clientDetails) {
81  		Collection<String> authorizedGrantTypes = clientDetails.getAuthorizedGrantTypes();
82  		if (authorizedGrantTypes != null && !authorizedGrantTypes.isEmpty()
83  				&& !authorizedGrantTypes.contains(grantType)) {
84  			throw new InvalidClientException("Unauthorized grant type: " + grantType);
85  		}
86  	}
87  
88  	protected AuthorizationServerTokenServices getTokenServices() {
89  		return tokenServices;
90  	}
91  	
92  	protected OAuth2RequestFactory getRequestFactory() {
93  		return requestFactory;
94  	}
95  
96  }