KenoUserApprovalHandler.java

/*
 * Copyright 2002-2011 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.clo.auth2;

import java.util.Collection;
import java.util.HashSet;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler;


/**
 * @author Dave Syer
 *
 */
public class KenoUserApprovalHandler extends TokenServicesUserApprovalHandler {

	private static Log logger = LogFactory.getLog(KenoUserApprovalHandler.class);

	private Collection<String> autoApproveClients = new HashSet<String>();

	private boolean useTokenServices = true;

	/**
	 * @param useTokenServices the useTokenServices to set
	 */
	public void setUseTokenServices(boolean useTokenServices) {
		this.useTokenServices = useTokenServices;
	}

	/**
	 * @param autoApproveClients the auto approve clients to set
	 */
	public void setAutoApproveClients(Collection<String> autoApproveClients) {
		this.autoApproveClients = autoApproveClients;
	}

	/**
	 * Allows automatic approval for a white list of clients in the authorization_code grant case.
	 * 从服务器端调用（Authorization Code）允许自动认证白名单中的客户端请求,进行绑定操作时候起作用
	 * @param authorizationRequest The authorization request.
	 * @param userAuthentication the current user authentication
	 *
	 * @return Whether the specified request has been approved by the current user.
	 */
	public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {

		logger.debug("------------------------->ResponseTypes :"+authorizationRequest.getResponseTypes().toString());
		logger.debug("------------------------->is contains :"+autoApproveClients.contains(authorizationRequest.getClientId()));

		// If we are allowed to check existing approvals this will short circuit the decision
		if (useTokenServices && super.isApproved(authorizationRequest, userAuthentication)) {
			return true;
		}

		if (!userAuthentication.isAuthenticated()) {
			return false;
		}

		String flag = authorizationRequest.getApprovalParameters().get(AuthorizationRequest.USER_OAUTH_APPROVAL);
		boolean approved = flag != null && flag.toLowerCase().equals("true");

		logger.debug("------------------------->approved :"+approved);
		logger.debug("------------------------->ResponseTypes :"+authorizationRequest.getResponseTypes().toString());
		logger.debug("------------------------->is contains :"+autoApproveClients.contains(authorizationRequest.getClientId()));

		boolean result = approved|| (authorizationRequest.getResponseTypes().contains("code") && autoApproveClients
				.contains(authorizationRequest.getClientId()));

		logger.debug("------------------------->result :"+result);

		return result;
	}

}