Java tutorial
package com.blstream.patronage.ctf.security; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.Authentication; import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler; import java.util.Collection; import java.util.HashSet; /** * Copyright 2013 BLStream * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * User: lahim * Date: 1/29/13 * * This class is a representation of REST token handler which is using by Spring Security for users * authentication process (OAuth 2.0). * * @see <a href="http://static.springsource.org/spring-security/site/docs/3.2.x/reference/springsecurity-single.html">Spring-Security 3.2 reference</a> */ public class TokenHandler extends TokenServicesUserApprovalHandler { private static final Logger logger = LoggerFactory.getLogger(TokenHandler.class); private Collection<String> autoApproveClients = new HashSet<String>(); private boolean useTokenServices = true; /** * @param useTokenServices the useTokenServices to set */ public void setUseTokenServices(boolean useTokenServices) { this.useTokenServices = useTokenServices; } /** * @param autoApproveClients the auto approve clients to set */ public void setAutoApproveClients(Collection<String> autoApproveClients) { this.autoApproveClients = autoApproveClients; } @Override public AuthorizationRequest updateBeforeApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { return super.updateBeforeApproval(authorizationRequest, userAuthentication); } /** * Allows automatic approval for a white list of clients in the implicit grant case. * * @param authorizationRequest The authorization request. * @param userAuthentication the current user authentication * * @return Whether the specified request has been approved by the current user. */ @Override public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { if (logger.isDebugEnabled()) { logger.debug("---- isApproved"); } // If we are allowed to check existing approvals this will short circuit the decision if (useTokenServices && super.isApproved(authorizationRequest, userAuthentication)) { if (logger.isInfoEnabled()) { logger.info("return: true"); } return true; } if (!userAuthentication.isAuthenticated()) { if (logger.isInfoEnabled()) { logger.info("return: false"); } return false; } String flag = authorizationRequest.getApprovalParameters().get(AuthorizationRequest.USER_OAUTH_APPROVAL); boolean approved = flag != null && flag.toLowerCase().equals("true"); return approved || (authorizationRequest.getResponseTypes().contains("token") && autoApproveClients.contains(authorizationRequest.getClientId())); } }