/*
* Copyright 2002-2011 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.clo.auth2;
import java.util.Collection;
import java.util.HashSet;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler;
/**
* @author Dave Syer
*
*/
public class KenoUserApprovalHandler extends TokenServicesUserApprovalHandler {
private static Log logger = LogFactory.getLog(KenoUserApprovalHandler.class);
private Collection<String> autoApproveClients = new HashSet<String>();
private boolean useTokenServices = true;
/**
* @param useTokenServices the useTokenServices to set
*/
public void setUseTokenServices(boolean useTokenServices) {
this.useTokenServices = useTokenServices;
}
/**
* @param autoApproveClients the auto approve clients to set
*/
public void setAutoApproveClients(Collection<String> autoApproveClients) {
this.autoApproveClients = autoApproveClients;
}
/**
* Allows automatic approval for a white list of clients in the authorization_code grant case.
* 从服务器端调用(Authorization Code)允许自动认证白名单中的客户端请求,进行绑定操作时候起作用
* @param authorizationRequest The authorization request.
* @param userAuthentication the current user authentication
*
* @return Whether the specified request has been approved by the current user.
*/
public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
logger.debug("------------------------->ResponseTypes :"+authorizationRequest.getResponseTypes().toString());
logger.debug("------------------------->is contains :"+autoApproveClients.contains(authorizationRequest.getClientId()));
// If we are allowed to check existing approvals this will short circuit the decision
if (useTokenServices && super.isApproved(authorizationRequest, userAuthentication)) {
return true;
}
if (!userAuthentication.isAuthenticated()) {
return false;
}
String flag = authorizationRequest.getApprovalParameters().get(AuthorizationRequest.USER_OAUTH_APPROVAL);
boolean approved = flag != null && flag.toLowerCase().equals("true");
logger.debug("------------------------->approved :"+approved);
logger.debug("------------------------->ResponseTypes :"+authorizationRequest.getResponseTypes().toString());
logger.debug("------------------------->is contains :"+autoApproveClients.contains(authorizationRequest.getClientId()));
boolean result = approved|| (authorizationRequest.getResponseTypes().contains("code") && autoApproveClients
.contains(authorizationRequest.getClientId()));
logger.debug("------------------------->result :"+result);
return result;
}
}