// 要不要PreApproval??
@Override
public AuthorizationRequest checkForPreApproval(
AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
boolean approved = false;
String clientId = authorizationRequest.getClientId();
Set<String> scopes = authorizationRequest.getScope();
OAuth2Request storedOAuth2Request = requestFactory.createOAuth2Request(authorizationRequest);
OAuth2Authentication authentication =
new OAuth2Authentication(storedOAuth2Request, userAuthentication);
if (logger.isDebugEnabled()) {
StringBuilder builder = new StringBuilder("Looking up existing token for ");
builder.append("client_id=" + clientId);
builder.append(", scope=" + scopes);
builder.append(" and username="******"Existing access token=" + accessToken);
if (accessToken != null && !accessToken.isExpired()) {
logger.debug("User already approved with token=" + accessToken);
approved = true;
} else {
logger.debug("Checking explicit approval");
approved = userAuthentication.isAuthenticated() && approved;
}
authorizationRequest.setApproved(approved);
return authorizationRequest;
}
@Override
public AuthorizationRequest updateAfterApproval(
AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
Map<String, String> approvalParameters = authorizationRequest.getApprovalParameters();
Set<String> scopes = new LinkedHashSet();
for (Map.Entry<String, String> entry : approvalParameters.entrySet()) {
String key = entry.getKey();
String value = entry.getValue();
if (value.equals("true")) {
scopes.add(key);
}
}
authorizationRequest.setScope(scopes);
String flag = approvalParameters.get(approvalParameter);
boolean approved = flag != null && flag.toLowerCase().equals("true");
authorizationRequest.setApproved(approved);
return authorizationRequest;
}