@RequestMapping(value = "/oauth2/authorize")
public ModelAndView authorize2(Map<String, Object> model, @RequestParam Map<String, String> parameters,
SessionStatus sessionStatus, Principal principal) {
logger.warn("authorize2");
for (Map.Entry<String, String> entry : parameters.entrySet()) {
logger.warn("key=" +entry.getKey() + ", value=" + entry.getValue());
}
// Pull out the authorization request first, using the OAuth2RequestFactory. All further logic should
// query off of the authorization request instead of referring back to the parameters map. The contents of the
// parameters map will be stored without change in the AuthorizationRequest object once it is created.
AuthorizationRequest authorizationRequest = getOAuth2RequestFactory().createAuthorizationRequest(parameters);
String username = parameters.get("username");
String password = parameters.get("password");
logger.warn("username=" + username + ", password=" + password);
UsernamePasswordAuthenticationToken userAuthentication = new UsernamePasswordAuthenticationToken(username,
password, Collections.singleton(new SimpleGrantedAuthority("ROLE_UNITY")));
authorizationRequest.setApproved(true);
OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication);
Authentication user = authenticationManager.authenticate(userAuthentication);
Object details = user.getDetails();
logger.warn("userAuthentication details=" + details);
HttpServletRequest wad = new HttpServletRequestN();
userAuthentication.setDetails(wad);
SecurityContextHolder.getContext().setAuthentication(userAuthentication);
principal = userAuthentication;
Set<String> responseTypes = authorizationRequest.getResponseTypes();
if (!responseTypes.contains("token") && !responseTypes.contains("code")) {
throw new UnsupportedResponseTypeException("Unsupported response types: " + responseTypes);
}
if (authorizationRequest.getClientId() == null) {
throw new InvalidClientException("A client id must be provided");
}
try {
logger.warn("(principal instanceof Authentication)=" + (principal instanceof Authentication) + ", (Authentication) principal).isAuthenticated()=" + ((Authentication) principal).isAuthenticated());
if (!(principal instanceof Authentication) || !((Authentication) principal).isAuthenticated()) {
throw new InsufficientAuthenticationException(
"User must be authenticated with Spring Security before authorization can be completed.");
}
ClientDetails client = getClientDetailsService().loadClientByClientId(authorizationRequest.getClientId());
// The resolved redirect URI is either the redirect_uri from the parameters or the one from
// clientDetails. Either way we need to store it on the AuthorizationRequest.
String redirectUriParameter = authorizationRequest.getRequestParameters().get(OAuth2Utils.REDIRECT_URI);
String resolvedRedirect = redirectResolver.resolveRedirect(redirectUriParameter, client);
if (!StringUtils.hasText(resolvedRedirect)) {
throw new RedirectMismatchException(
"A redirectUri must be either supplied or preconfigured in the ClientDetails");
}
authorizationRequest.setRedirectUri(resolvedRedirect);
// We intentionally only validate the parameters requested by the client (ignoring any data that may have
// been added to the request by the manager).
oauth2RequestValidator.validateScope(authorizationRequest, client);
// Some systems may allow for approval decisions to be remembered or approved by default. Check for
// such logic here, and set the approved flag on the authorization request accordingly.
authorizationRequest = userApprovalHandler.checkForPreApproval(authorizationRequest,
(Authentication) principal);
// TODO: is this call necessary?
Map<String, String> approvalParameters = new HashMap<String, String>();
approvalParameters.put("user_oauth_approval", "true");
model.put("authorizationRequest", authorizationRequest);
View result = approveOrDeny(approvalParameters, model, sessionStatus, principal);
String[] matcher = null;
try {
String regex = "\\?code=";
Pattern pattern = Pattern.compile(regex);
matcher = pattern.split(_url);
}
catch (Exception e){
}
HashMap map = new HashMap();
map.put("errno", ErrorCodes.Success.getIndex());
AuthResult ar = new AuthResult("state_1", matcher[1]);
map.put("data", ar);
return new ModelAndView(new MappingJackson2JsonView(), map);
}
catch (RuntimeException e) {
// TODO : return json
sessionStatus.setComplete();
throw e;
}
}
<oauth>
<error_description>
No AuthenticationProvider found for org.springframework.security.oauth2.provider.OAuth2Authentication
</error_description>
<error>unauthorized</error>
</oauth>
Use
approveOrDeny(approvalParameters, model, sessionStatus, principal);