Example 1 with UserDeniedAuthorizationException
use of org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException in project spring-security-oauth by spring-projects.
the class AuthorizationEndpoint method approveOrDeny.
@RequestMapping(value = "/oauth/authorize", method = RequestMethod.POST, params = OAuth2Utils.USER_OAUTH_APPROVAL)
public View approveOrDeny(@RequestParam Map<String, String> approvalParameters, Map<String, ?> model, SessionStatus sessionStatus, Principal principal) {
if (!(principal instanceof Authentication)) {
sessionStatus.setComplete();
throw new InsufficientAuthenticationException("User must be authenticated with Spring Security before authorizing an access token.");
}
AuthorizationRequest authorizationRequest = (AuthorizationRequest) model.get("authorizationRequest");
if (authorizationRequest == null) {
sessionStatus.setComplete();
throw new InvalidRequestException("Cannot approve uninitialized authorization request.");
}
try {
Set<String> responseTypes = authorizationRequest.getResponseTypes();
authorizationRequest.setApprovalParameters(approvalParameters);
authorizationRequest = userApprovalHandler.updateAfterApproval(authorizationRequest, (Authentication) principal);
boolean approved = userApprovalHandler.isApproved(authorizationRequest, (Authentication) principal);
authorizationRequest.setApproved(approved);
if (authorizationRequest.getRedirectUri() == null) {
sessionStatus.setComplete();
throw new InvalidRequestException("Cannot approve request when no redirect URI is provided.");
}
if (!authorizationRequest.isApproved()) {
return new RedirectView(getUnsuccessfulRedirect(authorizationRequest, new UserDeniedAuthorizationException("User denied access"), responseTypes.contains("token")), false, true, false);
}
if (responseTypes.contains("token")) {
return getImplicitGrantResponse(authorizationRequest).getView();
}
return getAuthorizationCodeResponse(authorizationRequest, (Authentication) principal);
} finally {
sessionStatus.setComplete();
}
}
Also used :
UserDeniedAuthorizationException(org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException)
AuthorizationRequest(org.springframework.security.oauth2.provider.AuthorizationRequest)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
RedirectView(org.springframework.web.servlet.view.RedirectView)
InvalidRequestException(org.springframework.security.oauth2.common.exceptions.InvalidRequestException)
InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Aggregations
InsufficientAuthenticationException (org.springframework.security.authentication.InsufficientAuthenticationException)1
Authentication (org.springframework.security.core.Authentication)1
InvalidRequestException (org.springframework.security.oauth2.common.exceptions.InvalidRequestException)1
UserDeniedAuthorizationException (org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException)1
AuthorizationRequest (org.springframework.security.oauth2.provider.AuthorizationRequest)1
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)1
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)1
RedirectView (org.springframework.web.servlet.view.RedirectView)1
