AuthorizationServiceImpl.java revision 890e45d5d1d4e645bdc383789987be390dd622ca
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions copyright [year] [name of copyright owner]".
*
* Copyright 2014-2015 ForgeRock AS.
*/
/**
* Handles authorization requests from OAuth2 clients to the OAuth2 provider to grant authorization for a specific
* client by a specific resource owner.
*
* @since 12.0.0
*/
public class AuthorizationServiceImpl implements AuthorizationService {
private final ResourceOwnerSessionValidator resourceOwnerSessionValidator;
private final OAuth2ProviderSettingsFactory providerSettingsFactory;
private final ResourceOwnerConsentVerifier consentVerifier;
private final ClientRegistrationStore clientRegistrationStore;
private final AuthorizationTokenIssuer tokenIssuer;
/**
* Constructs a new AuthorizationServiceImpl.
*
* @param requestValidators A {@code List} of AuthorizeRequestValidators.
* @param resourceOwnerSessionValidator An instance of the ResourceOwnerSessionValidator.
* @param providerSettingsFactory An instance of the OAuth2ProviderSettingsFactory.
* @param consentVerifier An instance of the ResourceOwnerConsentVerifier.
* @param clientRegistrationStore An instance of the ClientRegistrationStore.
* @param tokenIssuer An instance of the AuthorizationTokenIssuer.
*/
OAuth2ProviderSettingsFactory providerSettingsFactory, ResourceOwnerConsentVerifier consentVerifier,
this.requestValidators = requestValidators;
this.consentVerifier = consentVerifier;
this.tokenIssuer = tokenIssuer;
}
/**
* {@inheritDoc}
*/
public AuthorizationToken authorize(OAuth2Request request) throws ResourceOwnerAuthenticationRequired,
}
final ClientRegistration clientRegistration =
//plugin point
final Set<String> validatedScope = providerSettings.validateAuthorizationScope(clientRegistration, scope,
request);
// is resource owner authenticated?
//plugin point
if (!haveConsent) {
}
try {
} catch (UnauthorizedClientException e) {
}
throw new ResourceOwnerConsentRequired(clientName, clientDescription, scopeDescriptions, claimDescriptions,
}
return tokenIssuer.issueTokens(request, clientRegistration, resourceOwner, scope, providerSettings);
}
} else {
return null;
}
}
/**
* Gets the scope descriptions for the requested scopes.
*
* @param claims The claims being provided.
* @param claimDescriptions The descriptions for all possible allowed claims.
* @return A {@code Set} of requested scope descriptions.
*/
private Map<String, String> getClaimDescriptions(Map<String, Object> claims, Map<String, String> claimDescriptions) {
}
/**
* Gets the scope descriptions for the requested scopes.
*
* @param scopes The requested scopes.
* @param scopeDescriptions The descriptions for all possible allowed scopes.
* @return A {@code Set} of requested scope descriptions.
*/
private Map<String, String> getScopeDescriptions(Set<String> scopes, Map<String, String> scopeDescriptions) {
}
/**
* {@inheritDoc}
*/
public AuthorizationToken authorize(OAuth2Request request, boolean consentGiven, boolean saveConsent)
UnsupportedResponseTypeException, InvalidRequestException, RedirectUriMismatchException, ServerException,
LoginRequiredException, BadRequestException, InteractionRequiredException, InvalidScopeException, NotFoundException {
}
final ClientRegistration clientRegistration =
if (!consentGiven) {
throw new AccessDeniedException("Resource Owner did not authorize the request",
}
final Set<String> validatedScope = providerSettings.validateAuthorizationScope(clientRegistration, scope,
request);
if (saveConsent) {
}
return tokenIssuer.issueTokens(request, clientRegistration, resourceOwner, scope, providerSettings);
}
}