• Home
• org.springframework.security.oauth
• spring-security-oauth2
• 2.1.6.RELEASE
• source code
• AuthorizationRequest.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.springframework.security.oauth2.provider.AuthorizationRequest Maven / Gradle / Ivy

package org.springframework.security.oauth2.provider;

import java.io.Serializable;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.web.bind.annotation.SessionAttributes;

/**
 * A request for authorization by an OAuth 2 Client, normally received and
 * processed by the AuthorizationEndpoint. This class is meant to be manipulated
 * throughout the authorization process, and is therefore treated as ephemeral
 * and not to be stored long term. For long term storage, use the read-only
 * {@link OAuth2Request} class.
 * 
 * HTTP request parameters are stored in the parameters map, and any processing
 * the server makes throughout the lifecycle of a request are stored on
 * individual properties. The original request parameters will remain available
 * through the parameters map. For convenience, constants are defined in order
 * to get at those original values. However, the parameters map is unmodifiable
 * so that processing cannot drop the original values.
 * 
 * This class is {@link Serializable} in order to support storage of the
 * authorization request as a {@link SessionAttributes} member while the end
 * user through the authorization process (which may span several page
 * requests).
 * 
 * @author Ryan Heaton
 * @author Dave Syer
 * @author Amanda Anganes
 */
@SuppressWarnings("serial")
public class AuthorizationRequest extends BaseRequest implements Serializable {

	/**
	 * Map to hold the original, unchanged parameter set submitted by a user to
	 * signal approval of the token grant approval. Once set this should not be
	 * modified.
	 */
	private Map approvalParameters = Collections.unmodifiableMap(new HashMap());

	/**
	 * The value of the "state" parameter sent by the client in the request, if
	 * sent by the client. As this must be echoed back to the client unchanged,
	 * it should not be modified by any processing classes.
	 */
	private String state;

	/**
	 * Resolved requested response types initialized (by the
	 * OAuth2RequestFactory) with the response types originally requested.
	 */
	private Set responseTypes = new HashSet();

	/**
	 * Resolved resource IDs. This set may change during request processing.
	 */
	private Set resourceIds = new HashSet();

	/**
	 * Resolved granted authorities for this request. May change during request
	 * processing.
	 */
	private Collection authorities = new HashSet();

	/**
	 * Whether the request has been approved by the end user (or other process).
	 * This will be altered by the User Approval Endpoint and/or the
	 * UserApprovalHandler as appropriate.
	 */
	private boolean approved = false;

	/**
	 * The resolved redirect URI of this request. A URI may be present in the
	 * original request, in the authorizationParameters, or it may not be
	 * provided, in which case it will be defaulted (by processing classes) to
	 * the Client's default registered value.
	 */
	private String redirectUri;

	/**
	 * Extension point for custom processing classes which may wish to store
	 * additional information about the OAuth2 request. Since this class will
	 * create a serializable OAuth2Request, all members of this extension map
	 * must be serializable.
	 */
	private Map extensions = new HashMap();

	/**
	 * Default constructor.
	 */
	public AuthorizationRequest() {
	}

	/**
	 * Full constructor.
	 */
	public AuthorizationRequest(Map authorizationParameters, Map approvalParameters, String clientId, Set scope, Set resourceIds, Collection authorities, boolean approved, String state, String redirectUri,
	        Set responseTypes) {
		setClientId(clientId);
		setRequestParameters(authorizationParameters); // in case we need to
													   // wrap the collection
		setScope(scope); // in case we need to parse
		if (resourceIds != null) {
			this.resourceIds = new HashSet(resourceIds);
		}
		if (authorities != null) {
			this.authorities = new HashSet(authorities);
		}
		this.approved = approved;
		this.resourceIds = resourceIds;
		this.redirectUri = redirectUri;
		if (responseTypes != null) {
			this.responseTypes = responseTypes;
		}
		this.state = state;
	}

	public OAuth2Request createOAuth2Request() {
		return new OAuth2Request(getRequestParameters(), getClientId(), getAuthorities(), isApproved(), getScope(), getResourceIds(), getRedirectUri(), getResponseTypes(), getExtensions());
	}

	/**
	 * Convenience constructor for unit tests, where client ID and scope are
	 * often the only needed fields.
	 * 
	 * @param clientId
	 * @param scopes
	 */
	public AuthorizationRequest(String clientId, Collection scopes) {
		setClientId(clientId);
		setScope(scopes); // in case we need to parse
	}

	/**
	 * Convenience method to set resourceIds and authorities on this request by
	 * inheriting from a ClientDetails object.
	 * 
	 * @param clientDetails
	 */
	public void setResourceIdsAndAuthoritiesFromClientDetails(ClientDetails clientDetails) {
		setResourceIds(clientDetails.getResourceIds());
		setAuthorities(clientDetails.getAuthorities());
	}

	public Map getApprovalParameters() {
		return approvalParameters;
	}

	public void setApprovalParameters(Map approvalParameters) {
		this.approvalParameters = approvalParameters;
	}

	public String getState() {
		return state;
	}

	public void setState(String state) {
		this.state = state;
	}

	public Set getResponseTypes() {
		return responseTypes;
	}

	public void setResponseTypes(Set responseTypes) {
		this.responseTypes = responseTypes;
	}

	public void setRedirectUri(String redirectUri) {
		this.redirectUri = redirectUri;
	}

	public void setApproved(boolean approved) {
		this.approved = approved;
	}

	public void setAuthorities(Collection authorities) {
		if (authorities != null) {
			this.authorities = new HashSet(authorities);
		}
	}

	/**
	 * @return the extensions
	 */
	public Map getExtensions() {
		return extensions;
	}

	public void setExtensions(Map extensions) {
		this.extensions = extensions;
	}

	public void setResourceIds(Set resourceIds) {
		this.resourceIds = resourceIds;
	}

	public void setClientId(String clientId) {
		super.setClientId(clientId);
	}

	/**
	 * Set the scope value. If the collection contains only a single scope
	 * value, this method will parse that value into a collection using
	 * {@link OAuth2Utils#parseParameterList}.
	 * 
	 * @see TokenRequest#setScope
	 * 
	 * @param scope
	 */
	public void setScope(Collection scope) {
		super.setScope(scope);
	}

	/**
	 * Set the Request Parameters on this authorization request, which represent
	 * the original request parameters and should never be changed during
	 * processing. The map passed in is wrapped in an unmodifiable map instance.
	 * 
	 * @see TokenRequest#setRequestParameters
	 * 
	 * @param requestParameters
	 */
	public void setRequestParameters(Map requestParameters) {
		super.setRequestParameters(requestParameters);
	}

	/**
	 * @return the resourceIds
	 */
	public Set getResourceIds() {
		return resourceIds;
	}

	/**
	 * @return the authorities
	 */
	public Collection getAuthorities() {
		return authorities;
	}

	/**
	 * @return the approved
	 */
	public boolean isApproved() {
		return approved;
	}

	/**
	 * @return the redirectUri
	 */
	public String getRedirectUri() {
		return redirectUri;
	}

	@Override
	public int hashCode() {
		final int prime = 31;
		int result = super.hashCode();
		result = prime * result + ((approvalParameters == null) ? 0 : approvalParameters.hashCode());
		result = prime * result + ((responseTypes == null) ? 0 : responseTypes.hashCode());
		result = prime * result + ((state == null) ? 0 : state.hashCode());
		return result;
	}

	@Override
	public boolean equals(Object obj) {
		if (this == obj)
			return true;
		if (!super.equals(obj))
			return false;
		if (getClass() != obj.getClass())
			return false;
		AuthorizationRequest other = (AuthorizationRequest) obj;
		if (approvalParameters == null) {
			if (other.approvalParameters != null)
				return false;
		} else if (!approvalParameters.equals(other.approvalParameters))
			return false;
		if (responseTypes == null) {
			if (other.responseTypes != null)
				return false;
		} else if (!responseTypes.equals(other.responseTypes))
			return false;
		if (state == null) {
			if (other.state != null)
				return false;
		} else if (!state.equals(other.state))
			return false;
		return true;
	}

}