@SessionAttributes(value={"authorizationRequest","org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.ORIGINAL_AUTHORIZATION_REQUEST"}) public class AuthorizationEndpoint extends AbstractEndpoint
Implementation of the Authorization Endpoint from the OAuth2 specification. Accepts authorization requests, and
handles user approval if the grant type is authorization code. The tokens themselves are obtained from the
Token Endpoint
, except in the implicit grant type (where they come from the Authorization
Endpoint via response_type=token
.
This endpoint should be secured so that it is only accessible to fully authenticated users (as a minimum requirement) since it represents a request from a valid user to act on his or her behalf.
logger
Constructor and Description |
---|
AuthorizationEndpoint() |
Modifier and Type | Method and Description |
---|---|
org.springframework.web.servlet.View |
approveOrDeny(Map<String,String> approvalParameters,
Map<String,?> model,
org.springframework.web.bind.support.SessionStatus sessionStatus,
Principal principal) |
org.springframework.web.servlet.ModelAndView |
authorize(Map<String,Object> model,
Map<String,String> parameters,
org.springframework.web.bind.support.SessionStatus sessionStatus,
Principal principal) |
org.springframework.web.servlet.ModelAndView |
handleClientRegistrationException(Exception e,
org.springframework.web.context.request.ServletWebRequest webRequest) |
org.springframework.web.servlet.ModelAndView |
handleHttpSessionRequiredException(org.springframework.web.HttpSessionRequiredException e,
org.springframework.web.context.request.ServletWebRequest webRequest) |
org.springframework.web.servlet.ModelAndView |
handleOAuth2Exception(OAuth2Exception e,
org.springframework.web.context.request.ServletWebRequest webRequest) |
void |
setAuthorizationCodeServices(AuthorizationCodeServices authorizationCodeServices) |
void |
setErrorPage(String errorPage) |
void |
setImplicitGrantService(ImplicitGrantService implicitGrantService) |
void |
setOAuth2RequestValidator(OAuth2RequestValidator oauth2RequestValidator) |
void |
setRedirectResolver(RedirectResolver redirectResolver) |
void |
setSessionAttributeStore(org.springframework.web.bind.support.SessionAttributeStore sessionAttributeStore) |
void |
setUserApprovalHandler(UserApprovalHandler userApprovalHandler) |
void |
setUserApprovalPage(String userApprovalPage) |
afterPropertiesSet, getClientDetailsService, getDefaultOAuth2RequestFactory, getExceptionTranslator, getOAuth2RequestFactory, getTokenGranter, setClientDetailsService, setOAuth2RequestFactory, setProviderExceptionHandler, setTokenGranter
public void setSessionAttributeStore(org.springframework.web.bind.support.SessionAttributeStore sessionAttributeStore)
public void setErrorPage(String errorPage)
@RequestMapping(value="/oauth/authorize") public org.springframework.web.servlet.ModelAndView authorize(Map<String,Object> model, @RequestParam Map<String,String> parameters, org.springframework.web.bind.support.SessionStatus sessionStatus, Principal principal)
@RequestMapping(value="/oauth/authorize", method=POST, params="user_oauth_approval") public org.springframework.web.servlet.View approveOrDeny(@RequestParam Map<String,String> approvalParameters, Map<String,?> model, org.springframework.web.bind.support.SessionStatus sessionStatus, Principal principal)
public void setUserApprovalPage(String userApprovalPage)
public void setAuthorizationCodeServices(AuthorizationCodeServices authorizationCodeServices)
public void setRedirectResolver(RedirectResolver redirectResolver)
public void setUserApprovalHandler(UserApprovalHandler userApprovalHandler)
public void setOAuth2RequestValidator(OAuth2RequestValidator oauth2RequestValidator)
public void setImplicitGrantService(ImplicitGrantService implicitGrantService)
@ExceptionHandler(value=ClientRegistrationException.class) public org.springframework.web.servlet.ModelAndView handleClientRegistrationException(Exception e, org.springframework.web.context.request.ServletWebRequest webRequest) throws Exception
Exception
@ExceptionHandler(value=OAuth2Exception.class) public org.springframework.web.servlet.ModelAndView handleOAuth2Exception(OAuth2Exception e, org.springframework.web.context.request.ServletWebRequest webRequest) throws Exception
Exception
@ExceptionHandler(value=org.springframework.web.HttpSessionRequiredException.class) public org.springframework.web.servlet.ModelAndView handleHttpSessionRequiredException(org.springframework.web.HttpSessionRequiredException e, org.springframework.web.context.request.ServletWebRequest webRequest) throws Exception
Exception
Copyright © 2019. All rights reserved.