View Javadoc
1   package org.springframework.security.oauth2.provider.approval;
2   
3   import java.util.Map;
4   
5   import org.springframework.security.core.Authentication;
6   import org.springframework.security.oauth2.provider.AuthorizationRequest;
7   
8   /**
9    * Basic interface for determining whether a given client authentication request has been
10   * approved by the current user.
11   * 
12   * @author Ryan Heaton
13   * @author Dave Syer
14   * @author Amanda Anganes
15   */
16  public interface UserApprovalHandler {
17  
18  	/**
19  	 * <p>
20  	 * Tests whether the specified authorization request has been approved by the current
21  	 * user (if there is one).
22  	 * </p>
23  	 * 
24  	 * @param authorizationRequest the authorization request.
25  	 * @param userAuthentication the user authentication for the current user.
26  	 * @return true if the request has been approved, false otherwise
27  	 */
28  	boolean isApproved(AuthorizationRequest authorizationRequest,
29  			Authentication userAuthentication);
30  
31  	/**
32  	 * <p>
33  	 * Provides a hook for allowing requests to be pre-approved (skipping the User
34  	 * Approval Page). Some implementations may allow users to store approval decisions so
35  	 * that they only have to approve a site once. This method is called in the
36  	 * AuthorizationEndpoint before sending the user to the Approval page. If this method
37  	 * sets oAuth2Request.approved to true, the Approval page will be skipped.
38  	 * </p>
39  	 * 
40  	 * @param authorizationRequest the authorization request.
41  	 * @param userAuthentication the user authentication
42  	 * @return the AuthorizationRequest, modified if necessary
43  	 */
44  	AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest,
45  			Authentication userAuthentication);
46  
47  	/**
48  	 * <p>
49  	 * Provides an opportunity to update the authorization request after the
50  	 * {@link AuthorizationRequest#setApprovalParameters(Map) approval parameters} are set
51  	 * but before it is checked for approval. Useful in cases where the incoming approval
52  	 * parameters contain richer information than just true/false (e.g. some scopes are
53  	 * approved, and others are rejected), implementations may need to be able to modify
54  	 * the {@link AuthorizationRequest} before a token is generated from it.
55  	 * </p>
56  	 * 
57  	 * @param authorizationRequest the authorization request.
58  	 * @param userAuthentication the user authentication
59  	 * @return the AuthorizationRequest, modified if necessary
60  	 */
61  	AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest,
62  			Authentication userAuthentication);
63  
64  	/**
65  	 * Generate a request for the authorization server to ask for the user's approval.
66  	 * Typically this will be rendered into a view (HTML etc.) to prompt for the approval,
67  	 * so it needs to contain information about the grant (scopes and client id for
68  	 * instance).
69  	 * 
70  	 * @param authorizationRequest the authorization request
71  	 * @param userAuthentication the user authentication
72  	 * @return a model map for rendering to the user to ask for approval
73  	 */
74  	Map<String, Object> getUserApprovalRequest(AuthorizationRequest authorizationRequest,
75  			Authentication userAuthentication);
76  
77  }