/** * Handle request internal model and view. * * @param request the request * @param response the response * @return the model and view * @throws Exception the exception */ @RequestMapping(path = OAuthConstants.BASE_OAUTH20_URL + '/' + OAuthConstants.AUTHORIZE_URL) public ModelAndView handleRequestInternal( final HttpServletRequest request, final HttpServletResponse response) throws Exception { final J2EContext context = new J2EContext(request, response); final ProfileManager manager = new ProfileManager(context); if (!verifyAuthorizeRequest(request) || !isRequestAuthenticated(manager, context)) { logger.error("Authorize request verification fails"); return new ModelAndView(OAuthConstants.ERROR_VIEW); } final String clientId = context.getRequestParameter(OAuthConstants.CLIENT_ID); final OAuthRegisteredService registeredService = OAuthUtils.getRegisteredOAuthService(this.servicesManager, clientId); try { RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed( clientId, registeredService); } catch (final Exception e) { logger.error(e.getMessage(), e); return new ModelAndView(OAuthConstants.ERROR_VIEW); } final ModelAndView mv = this.consentApprovalViewResolver.resolve(context, registeredService); if (!mv.isEmpty() && mv.hasView()) { return mv; } return redirectToCallbackRedirectUrl(manager, registeredService, context, clientId); }
/** * Verify the authorize request. * * @param request the HTTP request * @return whether the authorize request is valid */ private boolean verifyAuthorizeRequest(final HttpServletRequest request) { final boolean checkParameterExist = this.validator.checkParameterExist(request, OAuthConstants.CLIENT_ID) && this.validator.checkParameterExist(request, OAuthConstants.REDIRECT_URI) && this.validator.checkParameterExist(request, OAuthConstants.RESPONSE_TYPE); final String responseType = request.getParameter(OAuthConstants.RESPONSE_TYPE); final String clientId = request.getParameter(OAuthConstants.CLIENT_ID); final String redirectUri = request.getParameter(OAuthConstants.REDIRECT_URI); final OAuthRegisteredService registeredService = OAuthUtils.getRegisteredOAuthService(this.servicesManager, clientId); return checkParameterExist && checkResponseTypes(responseType, OAuthResponseType.CODE, OAuthResponseType.TOKEN) && this.validator.checkServiceValid(registeredService) && this.validator.checkCallbackValid(registeredService, redirectUri); }