/**
* Handle request internal model and view.
*
* @param request the request
* @param response the response
* @return the model and view
* @throws Exception the exception
*/
@RequestMapping(path = OAuthConstants.BASE_OAUTH20_URL + '/' + OAuthConstants.AUTHORIZE_URL)
public ModelAndView handleRequestInternal(
final HttpServletRequest request, final HttpServletResponse response) throws Exception {
final J2EContext context = new J2EContext(request, response);
final ProfileManager manager = new ProfileManager(context);
if (!verifyAuthorizeRequest(request) || !isRequestAuthenticated(manager, context)) {
logger.error("Authorize request verification fails");
return new ModelAndView(OAuthConstants.ERROR_VIEW);
}
final String clientId = context.getRequestParameter(OAuthConstants.CLIENT_ID);
final OAuthRegisteredService registeredService =
OAuthUtils.getRegisteredOAuthService(this.servicesManager, clientId);
try {
RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(
clientId, registeredService);
} catch (final Exception e) {
logger.error(e.getMessage(), e);
return new ModelAndView(OAuthConstants.ERROR_VIEW);
}
final ModelAndView mv = this.consentApprovalViewResolver.resolve(context, registeredService);
if (!mv.isEmpty() && mv.hasView()) {
return mv;
}
return redirectToCallbackRedirectUrl(manager, registeredService, context, clientId);
}
/**
* Verify the authorize request.
*
* @param request the HTTP request
* @return whether the authorize request is valid
*/
private boolean verifyAuthorizeRequest(final HttpServletRequest request) {
final boolean checkParameterExist =
this.validator.checkParameterExist(request, OAuthConstants.CLIENT_ID)
&& this.validator.checkParameterExist(request, OAuthConstants.REDIRECT_URI)
&& this.validator.checkParameterExist(request, OAuthConstants.RESPONSE_TYPE);
final String responseType = request.getParameter(OAuthConstants.RESPONSE_TYPE);
final String clientId = request.getParameter(OAuthConstants.CLIENT_ID);
final String redirectUri = request.getParameter(OAuthConstants.REDIRECT_URI);
final OAuthRegisteredService registeredService =
OAuthUtils.getRegisteredOAuthService(this.servicesManager, clientId);
return checkParameterExist
&& checkResponseTypes(responseType, OAuthResponseType.CODE, OAuthResponseType.TOKEN)
&& this.validator.checkServiceValid(registeredService)
&& this.validator.checkCallbackValid(registeredService, redirectUri);
}
