Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.oauth2.provider.approval
Class ApprovalStoreUserApprovalHandler

java.lang.Object
  extended by org.springframework.security.oauth2.provider.approval.ApprovalStoreUserApprovalHandler
All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean, UserApprovalHandler
public class ApprovalStoreUserApprovalHandler
extends Object
implements UserApprovalHandler, org.springframework.beans.factory.InitializingBean

A user approval handler that remembers approval decisions by consulting existing approvals.

Author:
Dave Syer

Constructor Summary
ApprovalStoreUserApprovalHandler()
           
 
Method Summary
 void afterPropertiesSet()
           
 AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, org.springframework.security.core.Authentication userAuthentication)
           Provides a hook for allowing requests to be pre-approved (skipping the User Approval Page).
 boolean isApproved(AuthorizationRequest authorizationRequest, org.springframework.security.core.Authentication userAuthentication)
           Tests whether the specified authorization request has been approved by the current user (if there is one).
 void setApprovalExpiryInSeconds(int approvalExpirySeconds)
           
 void setApprovalStore(ApprovalStore store)
           
 void setClientDetailsService(ClientDetailsService clientDetailsService)
          Service to load client details (optional) for auto approval checks.
 void setRequestFactory(OAuth2RequestFactory requestFactory)
           
 void setScopePrefix(String scopePrefix)
          The prefix applied to incoming parameters that signal approval or denial of a scope.
 AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, org.springframework.security.core.Authentication userAuthentication)
          Requires the authorization request to be explicitly approved, including all individual scopes, and the user to be authenticated.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ApprovalStoreUserApprovalHandler

public ApprovalStoreUserApprovalHandler()
Method Detail

setClientDetailsService

public void setClientDetailsService(ClientDetailsService clientDetailsService)
Service to load client details (optional) for auto approval checks.

Parameters:
clientDetailsService - a client details service

setScopePrefix

public void setScopePrefix(String scopePrefix)
The prefix applied to incoming parameters that signal approval or denial of a scope.

Parameters:
scopePrefix - the prefix (default OAuth2Utils.SCOPE_PREFIX)

setApprovalStore

public void setApprovalStore(ApprovalStore store)
Parameters:
store - the approval to set

setRequestFactory

public void setRequestFactory(OAuth2RequestFactory requestFactory)

setApprovalExpiryInSeconds

public void setApprovalExpiryInSeconds(int approvalExpirySeconds)

afterPropertiesSet

public void afterPropertiesSet()
Specified by:
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

isApproved

public boolean isApproved(AuthorizationRequest authorizationRequest,
                          org.springframework.security.core.Authentication userAuthentication)
Description copied from interface: UserApprovalHandler

Tests whether the specified authorization request has been approved by the current user (if there is one).

Specified by:
isApproved in interface UserApprovalHandler
Parameters:
authorizationRequest - the authorization request.
userAuthentication - the user authentication for the current user.
Returns:
true if the request has been approved, false otherwise

checkForPreApproval

public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest,
                                                org.springframework.security.core.Authentication userAuthentication)
Description copied from interface: UserApprovalHandler

Provides a hook for allowing requests to be pre-approved (skipping the User Approval Page). Some implementations may allow users to store approval decisions so that they only have to approve a site once. This method is called in the AuthorizationEndpoint before sending the user to the Approval page. If this method sets oAuth2Request.approved to true, the Approval page will be skipped.

Specified by:
checkForPreApproval in interface UserApprovalHandler
Parameters:
authorizationRequest - the authorization request.
userAuthentication - the user authentication
Returns:
the AuthorizationRequest, modified if necessary

updateAfterApproval

public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest,
                                                org.springframework.security.core.Authentication userAuthentication)
Requires the authorization request to be explicitly approved, including all individual scopes, and the user to be authenticated. A scope that was requested in the authorization request can be approved by sending a request parameter scope.<scopename> equal to "true" or "approved" (otherwise it will be assumed to have been denied). The ApprovalStore will be updated to reflect the inputs.

Specified by:
updateAfterApproval in interface UserApprovalHandler
Parameters:
authorizationRequest - The authorization request.
userAuthentication - the current user authentication
Returns:
An approved request if all scopes have been approved by the current user.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2013. All rights reserved.