org.springframework.security.oauth2.provider.request

Class DefaultOAuth2RequestFactory

java.lang.Object

org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory

All Implemented Interfaces:

OAuth2RequestFactory

public class DefaultOAuth2RequestFactory
extends Object
implements OAuth2RequestFactory

Default implementation of OAuth2RequestFactory which initializes fields from the parameters map, validates grant types and scopes, and fills in scopes with the default values from the client if they are missing.

Author:

Dave Syer, Amanda Anganes

Constructor Summary

Constructors

Constructor and Description
DefaultOAuth2RequestFactory(ClientDetailsService clientDetailsService)

Method Summary

Methods

Modifier and Type	Method and Description
AuthorizationRequest	createAuthorizationRequest(Map<String,String> authorizationParameters) Create a new AuthorizationRequest extracting all the needed information from the incoming parameter map, and initializing all individual fields on the AuthorizationRequest to reasonable values.
OAuth2Request	createOAuth2Request(AuthorizationRequest request) Create a new OAuth2Request by extracting the needed information from the current AuthorizationRequest object.
OAuth2Request	createOAuth2Request(ClientDetails client, TokenRequest tokenRequest) Create a new OAuth2Request by extracting the needed information from the current TokenRequest object.
TokenRequest	createTokenRequest(AuthorizationRequest authorizationRequest, String grantType) Create a new TokenRequest from an AuthorizationRequest.
TokenRequest	createTokenRequest(Map<String,String> requestParameters, ClientDetails authenticatedClient) Create a new TokenRequest by extracting the needed information from the incoming request parameter map.
void	setCheckUserScopes(boolean checkUserScopes) Flag to indicate that scopes should be interpreted as valid authorities.
void	setSecurityContextAccessor(SecurityContextAccessor securityContextAccessor)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultOAuth2RequestFactory

public DefaultOAuth2RequestFactory(ClientDetailsService clientDetailsService)

Method Detail

setSecurityContextAccessor

public void setSecurityContextAccessor(SecurityContextAccessor securityContextAccessor)

Parameters:

securityContextAccessor - the security context accessor to set

setCheckUserScopes

public void setCheckUserScopes(boolean checkUserScopes)

Flag to indicate that scopes should be interpreted as valid authorities. No scopes will be granted to a user unless they are permitted as a granted authority to that user.

Parameters:

checkUserScopes - the checkUserScopes to set (default false)

createAuthorizationRequest

public AuthorizationRequest createAuthorizationRequest(Map<String,String> authorizationParameters)

Description copied from interface: OAuth2RequestFactory

Create a new AuthorizationRequest extracting all the needed information from the incoming parameter map, and initializing all individual fields on the AuthorizationRequest to reasonable values. When a class uses the factory to create an AuthorizationRequest, it should not need to access the parameter map directly afterwards. Typical implementations would initialize the individual fields on the AuthorizationRequest with the values requested in the original parameter map. It may also load the client details from the client id provided and validate the grant type and scopes, populating any fields in the request that are known only to the authorization server.

Specified by:

createAuthorizationRequest in interface OAuth2RequestFactory

Parameters:

authorizationParameters - the parameters in the request

Returns:

a new AuthorizationRequest

createOAuth2Request

public OAuth2Request createOAuth2Request(AuthorizationRequest request)

Description copied from interface: OAuth2RequestFactory

Create a new OAuth2Request by extracting the needed information from the current AuthorizationRequest object.

Specified by:

createOAuth2Request in interface OAuth2RequestFactory

Parameters:

request - the request to be converted

Returns:

an immutable object for storage

createTokenRequest

public TokenRequest createTokenRequest(Map<String,String> requestParameters,
                              ClientDetails authenticatedClient)

Description copied from interface: OAuth2RequestFactory

Create a new TokenRequest by extracting the needed information from the incoming request parameter map.

Specified by:

createTokenRequest in interface OAuth2RequestFactory

Parameters:

requestParameters - the parameters in the request

authenticatedClient - the client that authenticated during the token request

Returns:

a new TokenRequest

createTokenRequest

public TokenRequest createTokenRequest(AuthorizationRequest authorizationRequest,
                              String grantType)

Description copied from interface: OAuth2RequestFactory

Create a new TokenRequest from an AuthorizationRequest. Principally used by the AuthorizationEndpoint during the implicit flow.

Specified by:

createTokenRequest in interface OAuth2RequestFactory

Parameters:

authorizationRequest - the incoming request

grantType - the grant type for the token request

Returns:

a new token request

createOAuth2Request

public OAuth2Request createOAuth2Request(ClientDetails client,
                                TokenRequest tokenRequest)

Description copied from interface: OAuth2RequestFactory

Create a new OAuth2Request by extracting the needed information from the current TokenRequest object.

Specified by:

createOAuth2Request in interface OAuth2RequestFactory

Parameters:

client - TODO

tokenRequest - the request to be converted

Returns:

am immutable object for storage