本文整理汇总了Java中org.springframework.security.oauth2.provider.AuthorizationRequest.isApproved方法的典型用法代码示例。如果您正苦于以下问题:Java AuthorizationRequest.isApproved方法的具体用法?Java AuthorizationRequest.isApproved怎么用?Java AuthorizationRequest.isApproved使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.springframework.security.oauth2.provider.AuthorizationRequest的用法示例。
在下文中一共展示了AuthorizationRequest.isApproved方法的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: checkForPreApproval
import org.springframework.security.oauth2.provider.AuthorizationRequest; //导入方法依赖的package包/类
/**
* Allows automatic approval for a white list of clients in the implicit grant case.
*
* @param authorizationRequest The authorization request.
* @param userAuthentication the current user authentication
*
* @return An updated request if it has already been approved by the current user.
*/
@Override
public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest,
Authentication userAuthentication) {
boolean approved = false;
// If we are allowed to check existing approvals this will short circuit the decision
if (useApprovalStore) {
authorizationRequest = super.checkForPreApproval(authorizationRequest, userAuthentication);
approved = authorizationRequest.isApproved();
}
else {
if (clientDetailsService != null) {
Collection<String> requestedScopes = authorizationRequest.getScope();
try {
ClientDetails client = clientDetailsService
.loadClientByClientId(authorizationRequest.getClientId());
for (String scope : requestedScopes) {
if (client.isAutoApprove(scope) || client.isAutoApprove("all")) {
approved = true;
break;
}
}
}
catch (ClientRegistrationException e) {
}
}
}
authorizationRequest.setApproved(approved);
return authorizationRequest;
}
示例2: checkForPreApproval
import org.springframework.security.oauth2.provider.AuthorizationRequest; //导入方法依赖的package包/类
/**
* Allows automatic approval for a white list of clients in the implicit grant case.
*
* @param authorizationRequest The authorization request.
* @param userAuthentication the current user authentication
*
* @return An updated request if it has already been approved by the current user.
*/
@Override
public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest,
Authentication userAuthentication) {
boolean approved = false;
// If we are allowed to check existing approvals this will short circuit the decision
if (useApprovalStore) {
authorizationRequest = super.checkForPreApproval(authorizationRequest, userAuthentication);
approved = authorizationRequest.isApproved();
}
else {
if (clientDetailsService != null) {
Collection<String> requestedScopes = authorizationRequest.getScope();
try {
ClientDetails client = clientDetailsService
.loadClientByClientId(authorizationRequest.getClientId());
for (String scope : requestedScopes) {
if (client.isAutoApprove(scope) || client.isAutoApprove("all")) {
approved = true;
break;
}
}
}
catch (ClientRegistrationException e) {
}
}
}
authorizationRequest.setApproved(approved);
return authorizationRequest;
}
示例3: isApproved
import org.springframework.security.oauth2.provider.AuthorizationRequest; //导入方法依赖的package包/类
public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return authorizationRequest.isApproved();
}
示例4: authorize
import org.springframework.security.oauth2.provider.AuthorizationRequest; //导入方法依赖的package包/类
@RequestMapping
public ModelAndView authorize(Map<String, Object> model, @RequestParam Map<String, String> parameters,
SessionStatus sessionStatus, Principal principal) {
//Pull out the authorization request first, using the OAuth2RequestFactory. All further logic should
//query off of the authorization request instead of referring back to the parameters map. The contents of the
//parameters map will be stored without change in the AuthorizationRequest object once it is created.
AuthorizationRequest authorizationRequest = getOAuth2RequestFactory().createAuthorizationRequest(parameters);
Set<String> responseTypes = authorizationRequest.getResponseTypes();
if (!responseTypes.contains("token") && !responseTypes.contains("code")) {
throw new UnsupportedResponseTypeException("Unsupported response types: " + responseTypes);
}
if (authorizationRequest.getClientId() == null) {
throw new InvalidClientException("A client id must be provided");
}
try {
if (!(principal instanceof Authentication) || !((Authentication) principal).isAuthenticated()) {
throw new InsufficientAuthenticationException(
"User must be authenticated with Spring Security before authorization can be completed.");
}
ClientDetails client = getClientDetailsService().loadClientByClientId(authorizationRequest.getClientId());
// The resolved redirect URI is either the redirect_uri from the parameters or the one from
// clientDetails. Either way we need to store it on the AuthorizationRequest.
String redirectUriParameter = authorizationRequest.getRequestParameters().get(OAuth2Utils.REDIRECT_URI);
String resolvedRedirect = redirectResolver.resolveRedirect(redirectUriParameter, client);
if (!StringUtils.hasText(resolvedRedirect)) {
throw new RedirectMismatchException(
"A redirectUri must be either supplied or preconfigured in the ClientDetails");
}
authorizationRequest.setRedirectUri(resolvedRedirect);
// We intentionally only validate the parameters requested by the client (ignoring any data that may have
// been added to the request by the manager).
oAuth2RequestValidator.validateScope(authorizationRequest, client);
//Some systems may allow for approval decisions to be remembered or approved by default. Check for
//such logic here, and set the approved flag on the authorization request accordingly.
authorizationRequest = userApprovalHandler.checkForPreApproval(authorizationRequest, (Authentication) principal);
// TODO: is this call necessary?
boolean approved = userApprovalHandler.isApproved(authorizationRequest, (Authentication) principal);
authorizationRequest.setApproved(approved);
// Validation is all done, so we can check for auto approval...
if (authorizationRequest.isApproved()) {
if (responseTypes.contains("token")) {
return getImplicitGrantResponse(authorizationRequest);
}
if (responseTypes.contains("code")) {
return new ModelAndView(getAuthorizationCodeResponse(authorizationRequest, (Authentication) principal));
}
}
// Place auth request into the model so that it is stored in the session
// for approveOrDeny to use. That way we make sure that auth request comes from the session,
// so any auth request parameters passed to approveOrDeny will be ignored and retrieved from the session.
model.put("authorizationRequest", authorizationRequest);
return getUserApprovalPageResponse(model, authorizationRequest);
}
catch (RuntimeException e) {
sessionStatus.setComplete();
throw e;
}
}
示例5: approveOrDeny
import org.springframework.security.oauth2.provider.AuthorizationRequest; //导入方法依赖的package包/类
@RequestMapping(method = RequestMethod.POST, params = OAuth2Utils.USER_OAUTH_APPROVAL)
public View approveOrDeny(@RequestParam Map<String, String> approvalParameters, Map<String, ?> model,
SessionStatus sessionStatus, Principal principal) {
if (!(principal instanceof Authentication)) {
sessionStatus.setComplete();
throw new InsufficientAuthenticationException(
"User must be authenticated with Spring Security before authorizing an access token.");
}
AuthorizationRequest authorizationRequest = (AuthorizationRequest) model.get("authorizationRequest");
if (authorizationRequest == null) {
sessionStatus.setComplete();
throw new InvalidRequestException("Cannot approve uninitialized authorization request.");
}
try {
Set<String> responseTypes = authorizationRequest.getResponseTypes();
authorizationRequest.setApprovalParameters(approvalParameters);
authorizationRequest = userApprovalHandler.updateAfterApproval(authorizationRequest, (Authentication) principal);
boolean approved = userApprovalHandler.isApproved(authorizationRequest, (Authentication) principal);
authorizationRequest.setApproved(approved);
if (authorizationRequest.getRedirectUri() == null) {
sessionStatus.setComplete();
throw new InvalidRequestException("Cannot approve request when no redirect URI is provided.");
}
if (!authorizationRequest.isApproved()) {
return new RedirectView(getUnsuccessfulRedirect(authorizationRequest, new UserDeniedAuthorizationException(
"User denied access"), responseTypes.contains("token")), false, true, false);
}
if (responseTypes.contains("token")) {
return getImplicitGrantResponse(authorizationRequest).getView();
}
return getAuthorizationCodeResponse(authorizationRequest, (Authentication) principal);
}
finally {
sessionStatus.setComplete();
}
}
示例6: isApproved
import org.springframework.security.oauth2.provider.AuthorizationRequest; //导入方法依赖的package包/类
/**
* Basic implementation just requires the authorization request to be explicitly approved and the user to be
* authenticated.
*
* @param authorizationRequest The authorization request.
* @param userAuthentication the current user authentication
*
* @return Whether the specified request has been approved by the current user.
*/
public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
if (authorizationRequest.isApproved()) {
return true;
}
return false;
}
示例7: isApproved
import org.springframework.security.oauth2.provider.AuthorizationRequest; //导入方法依赖的package包/类
/**
* Basic implementation just requires the authorization request to be explicitly approved and the user to be
* authenticated.
*
* @param authorizationRequest The authorization request.
* @param userAuthentication the current user authentication
*
* @return Whether the specified request has been approved by the current user.
*/
public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
return authorizationRequest.isApproved();
}