/**
* Handle request internal model and view.
*
* @param request the request
* @param response the response
* @return the model and view
* @throws Exception the exception
*/
@RequestMapping(path = OAuthConstants.BASE_OAUTH20_URL + '/' + OAuthConstants.AUTHORIZE_URL)
public ModelAndView handleRequestInternal(
final HttpServletRequest request, final HttpServletResponse response) throws Exception {
final J2EContext context = new J2EContext(request, response);
final ProfileManager manager = new ProfileManager(context);
if (!verifyAuthorizeRequest(request) || !isRequestAuthenticated(manager, context)) {
logger.error("Authorize request verification fails");
return new ModelAndView(OAuthConstants.ERROR_VIEW);
}
final String clientId = context.getRequestParameter(OAuthConstants.CLIENT_ID);
final OAuthRegisteredService registeredService =
OAuthUtils.getRegisteredOAuthService(this.servicesManager, clientId);
try {
RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(
clientId, registeredService);
} catch (final Exception e) {
logger.error(e.getMessage(), e);
return new ModelAndView(OAuthConstants.ERROR_VIEW);
}
final ModelAndView mv = this.consentApprovalViewResolver.resolve(context, registeredService);
if (!mv.isEmpty() && mv.hasView()) {
return mv;
}
return redirectToCallbackRedirectUrl(manager, registeredService, context, clientId);
}
private ModelAndView redirectToCallbackRedirectUrl(
final ProfileManager manager,
final OAuthRegisteredService registeredService,
final J2EContext context,
final String clientId)
throws Exception {
final Optional<UserProfile> profile = manager.get(true);
if (profile == null || !profile.isPresent()) {
logger.error("Unexpected null profile from profile manager");
return new ModelAndView(OAuthConstants.ERROR_VIEW);
}
final Service service = createService(registeredService);
final Authentication authentication =
createAuthentication(profile.get(), registeredService, context);
try {
RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService(
service, registeredService, authentication);
} catch (final UnauthorizedServiceException | PrincipalException e) {
logger.error(e.getMessage(), e);
return new ModelAndView(OAuthConstants.ERROR_VIEW);
}
final String redirectUri = context.getRequestParameter(OAuthConstants.REDIRECT_URI);
logger.debug(
"Authorize request verification successful for client {} with redirect uri {}",
clientId,
redirectUri);
final String responseType = context.getRequestParameter(OAuthConstants.RESPONSE_TYPE);
final String callbackUrl;
if (isResponseType(responseType, OAuthResponseType.CODE)) {
callbackUrl =
buildCallbackUrlForAuthorizationCodeResponseType(authentication, service, redirectUri);
} else {
callbackUrl =
buildCallbackUrlForImplicitResponseType(context, authentication, service, redirectUri);
}
logger.debug("callbackUrl: {}", callbackUrl);
return OAuthUtils.redirectTo(callbackUrl);
}