org.springframework.security.oauth2.provider.approval

Class ApprovalStoreUserApprovalHandler

java.lang.Object

org.springframework.security.oauth2.provider.approval.ApprovalStoreUserApprovalHandler

All Implemented Interfaces:

InitializingBean, UserApprovalHandler

public class ApprovalStoreUserApprovalHandler
extends Object
implements UserApprovalHandler, InitializingBean

A user approval handler that remembers approval decisions by consulting existing approvals.

Author:

Dave Syer

Constructor Summary

Constructors

Constructor and Description
ApprovalStoreUserApprovalHandler()

Method Summary

Methods

Modifier and Type	Method and Description
void	afterPropertiesSet()
AuthorizationRequest	checkForPreApproval(AuthorizationRequest authorizationRequest, org.springframework.security.core.Authentication userAuthentication) Provides a hook for allowing requests to be pre-approved (skipping the User Approval Page).
Map<String,Object>	getUserApprovalRequest(AuthorizationRequest authorizationRequest, org.springframework.security.core.Authentication userAuthentication) Generate a request for the authorization server to ask for the user's approval.
boolean	isApproved(AuthorizationRequest authorizationRequest, org.springframework.security.core.Authentication userAuthentication) Tests whether the specified authorization request has been approved by the current user (if there is one).
void	setApprovalExpiryInSeconds(int approvalExpirySeconds)
void	setApprovalStore(ApprovalStore store)
void	setClientDetailsService(ClientDetailsService clientDetailsService) Service to load client details (optional) for auto approval checks.
void	setRequestFactory(OAuth2RequestFactory requestFactory)
void	setScopePrefix(String scopePrefix) The prefix applied to incoming parameters that signal approval or denial of a scope.
AuthorizationRequest	updateAfterApproval(AuthorizationRequest authorizationRequest, org.springframework.security.core.Authentication userAuthentication) Requires the authorization request to be explicitly approved, including all individual scopes, and the user to be authenticated.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ApprovalStoreUserApprovalHandler

public ApprovalStoreUserApprovalHandler()

Method Detail

setClientDetailsService

public void setClientDetailsService(ClientDetailsService clientDetailsService)

Service to load client details (optional) for auto approval checks.

Parameters:

clientDetailsService - a client details service

setScopePrefix

public void setScopePrefix(String scopePrefix)

The prefix applied to incoming parameters that signal approval or denial of a scope.

Parameters:

scopePrefix - the prefix (default OAuth2Utils.SCOPE_PREFIX)

setApprovalStore

public void setApprovalStore(ApprovalStore store)

Parameters:

store - the approval to set

setRequestFactory

public void setRequestFactory(OAuth2RequestFactory requestFactory)

setApprovalExpiryInSeconds

public void setApprovalExpiryInSeconds(int approvalExpirySeconds)

afterPropertiesSet

public void afterPropertiesSet()

Specified by:

afterPropertiesSet in interface InitializingBean

isApproved

public boolean isApproved(AuthorizationRequest authorizationRequest,
                 org.springframework.security.core.Authentication userAuthentication)

Description copied from interface: UserApprovalHandler

Tests whether the specified authorization request has been approved by the current user (if there is one).

Specified by:

isApproved in interface UserApprovalHandler

Parameters:

authorizationRequest - the authorization request.

userAuthentication - the user authentication for the current user.

Returns:

true if the request has been approved, false otherwise

checkForPreApproval

public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest,
                                       org.springframework.security.core.Authentication userAuthentication)

Description copied from interface: UserApprovalHandler

Provides a hook for allowing requests to be pre-approved (skipping the User Approval Page). Some implementations may allow users to store approval decisions so that they only have to approve a site once. This method is called in the AuthorizationEndpoint before sending the user to the Approval page. If this method sets oAuth2Request.approved to true, the Approval page will be skipped.

Specified by:

checkForPreApproval in interface UserApprovalHandler

Parameters:

authorizationRequest - the authorization request.

userAuthentication - the user authentication

Returns:

the AuthorizationRequest, modified if necessary

updateAfterApproval

public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest,
                                       org.springframework.security.core.Authentication userAuthentication)

Requires the authorization request to be explicitly approved, including all individual scopes, and the user to be authenticated. A scope that was requested in the authorization request can be approved by sending a request parameter scope.<scopename> equal to "true" or "approved" (otherwise it will be assumed to have been denied). The ApprovalStore will be updated to reflect the inputs.

Specified by:

updateAfterApproval in interface UserApprovalHandler

Parameters:

authorizationRequest - The authorization request.

userAuthentication - the current user authentication

Returns:

An approved request if all scopes have been approved by the current user.

getUserApprovalRequest

public Map<String,Object> getUserApprovalRequest(AuthorizationRequest authorizationRequest,
                                        org.springframework.security.core.Authentication userAuthentication)

Description copied from interface: UserApprovalHandler

Generate a request for the authorization server to ask for the user's approval. Typically this will be rendered into a view (HTML etc.) to prompt for the approval, so it needs to contain information about the grant (scopes and client id for instance).

Specified by:

getUserApprovalRequest in interface UserApprovalHandler

Parameters:

authorizationRequest - the authorization request

userAuthentication - the user authentication

Returns:

a model map for rendering to the user to ask for approval