This repository has been archived by the owner on May 31, 2022. It is now read-only.
/
AuthorizationRequest.java
304 lines (266 loc) · 9 KB
/
AuthorizationRequest.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
package org.springframework.security.oauth2.provider;
import java.io.Serializable;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.web.bind.annotation.SessionAttributes;
/**
* A request for authorization by an OAuth 2 Client, normally received and
* processed by the AuthorizationEndpoint. This class is meant to be manipulated
* throughout the authorization process, and is therefore treated as ephemeral
* and not to be stored long term. For long term storage, use the read-only
* {@link OAuth2Request} class.
*
* HTTP request parameters are stored in the parameters map, and any processing
* the server makes throughout the lifecycle of a request are stored on
* individual properties. The original request parameters will remain available
* through the parameters map. For convenience, constants are defined in order
* to get at those original values. However, the parameters map is unmodifiable
* so that processing cannot drop the original values.
*
* This class is {@link Serializable} in order to support storage of the
* authorization request as a {@link SessionAttributes} member while the end
* user through the authorization process (which may span several page
* requests).
*
* <p>
* @deprecated See the <a href="https://github.com/spring-projects/spring-security/wiki/OAuth-2.0-Migration-Guide">OAuth 2.0 Migration Guide</a> for Spring Security 5.
*
* @author Ryan Heaton
* @author Dave Syer
* @author Amanda Anganes
*/
@SuppressWarnings("serial")
@Deprecated
public class AuthorizationRequest extends BaseRequest implements Serializable {
/**
* Map to hold the original, unchanged parameter set submitted by a user to
* signal approval of the token grant approval. Once set this should not be
* modified.
*/
private Map<String, String> approvalParameters = Collections.unmodifiableMap(new HashMap<String, String>());
/**
* The value of the "state" parameter sent by the client in the request, if
* sent by the client. As this must be echoed back to the client unchanged,
* it should not be modified by any processing classes.
*/
private String state;
/**
* Resolved requested response types initialized (by the
* OAuth2RequestFactory) with the response types originally requested.
*/
private Set<String> responseTypes = new HashSet<String>();
/**
* Resolved resource IDs. This set may change during request processing.
*/
private Set<String> resourceIds = new HashSet<String>();
/**
* Resolved granted authorities for this request. May change during request
* processing.
*/
private Collection<? extends GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
/**
* Whether the request has been approved by the end user (or other process).
* This will be altered by the User Approval Endpoint and/or the
* UserApprovalHandler as appropriate.
*/
private boolean approved = false;
/**
* The resolved redirect URI of this request. A URI may be present in the
* original request, in the authorizationParameters, or it may not be
* provided, in which case it will be defaulted (by processing classes) to
* the Client's default registered value.
*/
private String redirectUri;
/**
* Extension point for custom processing classes which may wish to store
* additional information about the OAuth2 request. Since this class will
* create a serializable OAuth2Request, all members of this extension map
* must be serializable.
*/
private Map<String, Serializable> extensions = new HashMap<String, Serializable>();
/**
* Default constructor.
*/
public AuthorizationRequest() {
}
/**
* Full constructor.
*/
public AuthorizationRequest(Map<String, String> authorizationParameters, Map<String, String> approvalParameters, String clientId, Set<String> scope, Set<String> resourceIds, Collection<? extends GrantedAuthority> authorities, boolean approved, String state, String redirectUri,
Set<String> responseTypes) {
setClientId(clientId);
setRequestParameters(authorizationParameters); // in case we need to
// wrap the collection
setScope(scope); // in case we need to parse
if (resourceIds != null) {
this.resourceIds = new HashSet<String>(resourceIds);
}
if (authorities != null) {
this.authorities = new HashSet<GrantedAuthority>(authorities);
}
this.approved = approved;
this.resourceIds = resourceIds;
this.redirectUri = redirectUri;
if (responseTypes != null) {
this.responseTypes = responseTypes;
}
this.state = state;
}
public OAuth2Request createOAuth2Request() {
return new OAuth2Request(getRequestParameters(), getClientId(), getAuthorities(), isApproved(), getScope(), getResourceIds(), getRedirectUri(), getResponseTypes(), getExtensions());
}
/**
* Convenience constructor for unit tests, where client ID and scope are
* often the only needed fields.
*
* @param clientId
* @param scopes
*/
public AuthorizationRequest(String clientId, Collection<String> scopes) {
setClientId(clientId);
setScope(scopes); // in case we need to parse
}
/**
* Convenience method to set resourceIds and authorities on this request by
* inheriting from a ClientDetails object.
*
* @param clientDetails
*/
public void setResourceIdsAndAuthoritiesFromClientDetails(ClientDetails clientDetails) {
setResourceIds(clientDetails.getResourceIds());
setAuthorities(clientDetails.getAuthorities());
}
public Map<String, String> getApprovalParameters() {
return approvalParameters;
}
public void setApprovalParameters(Map<String, String> approvalParameters) {
this.approvalParameters = approvalParameters;
}
public String getState() {
return state;
}
public void setState(String state) {
this.state = state;
}
public Set<String> getResponseTypes() {
return responseTypes;
}
public void setResponseTypes(Set<String> responseTypes) {
this.responseTypes = responseTypes;
}
public void setRedirectUri(String redirectUri) {
this.redirectUri = redirectUri;
}
public void setApproved(boolean approved) {
this.approved = approved;
}
public void setAuthorities(Collection<? extends GrantedAuthority> authorities) {
if (authorities != null) {
this.authorities = new HashSet<GrantedAuthority>(authorities);
}
}
/**
* @return the extensions
*/
public Map<String, Serializable> getExtensions() {
return extensions;
}
public void setExtensions(Map<String, Serializable> extensions) {
this.extensions = extensions;
}
public void setResourceIds(Set<String> resourceIds) {
this.resourceIds = resourceIds;
}
public void setClientId(String clientId) {
super.setClientId(clientId);
}
/**
* Set the scope value. If the collection contains only a single scope
* value, this method will parse that value into a collection using
* {@link OAuth2Utils#parseParameterList}.
*
* @see TokenRequest#setScope
*
* @param scope
*/
public void setScope(Collection<String> scope) {
super.setScope(scope);
}
/**
* Set the Request Parameters on this authorization request, which represent
* the original request parameters and should never be changed during
* processing. The map passed in is wrapped in an unmodifiable map instance.
*
* @see TokenRequest#setRequestParameters
*
* @param requestParameters
*/
public void setRequestParameters(Map<String, String> requestParameters) {
super.setRequestParameters(requestParameters);
}
/**
* @return the resourceIds
*/
public Set<String> getResourceIds() {
return resourceIds;
}
/**
* @return the authorities
*/
public Collection<? extends GrantedAuthority> getAuthorities() {
return authorities;
}
/**
* @return the approved
*/
public boolean isApproved() {
return approved;
}
/**
* @return the redirectUri
*/
public String getRedirectUri() {
return redirectUri;
}
@Override
public int hashCode() {
final int prime = 31;
int result = super.hashCode();
result = prime * result + ((approvalParameters == null) ? 0 : approvalParameters.hashCode());
result = prime * result + ((responseTypes == null) ? 0 : responseTypes.hashCode());
result = prime * result + ((state == null) ? 0 : state.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (!super.equals(obj))
return false;
if (getClass() != obj.getClass())
return false;
AuthorizationRequest other = (AuthorizationRequest) obj;
if (approvalParameters == null) {
if (other.approvalParameters != null)
return false;
} else if (!approvalParameters.equals(other.approvalParameters))
return false;
if (responseTypes == null) {
if (other.responseTypes != null)
return false;
} else if (!responseTypes.equals(other.responseTypes))
return false;
if (state == null) {
if (other.state != null)
return false;
} else if (!state.equals(other.state))
return false;
return true;
}
}