Announcement Announcement Module
Collapse
No announcement yet.
How to persist approved flag to database. Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to persist approved flag to database.

    Hi All,

    I'm using Spring Security OAuth2 (M6 version)and I have a requirement that user should get to approve page only once after first his login. The approved flag should be stored in DB and it is not difficult to implement custom UserApprovalHandler that verifies this flag. My question is where to inject code to save the approval flag value. I looked at the AuthorizationEndpoint source code and some other classes but i can't find a place where this code can be injected. So I'll be grateful for any advice.
    My opinion that it might be better to put this logic into UserApprovalHandler. For example create new method.
    /**
    * Basic interface for determining whether a given client authentication request has been approved by the current user.
    *
    * @author Ryan Heaton
    * @author Dave Syer
    */
    public interface UserApprovalHandler {

    /**
    * Whether the specified authorization request has been approved by the current user (if there is one).
    *
    * @param authorizationRequest the authorization request.
    * @param userAuthentication the user authentication for the current user.
    * @return Whether the specified client authentication has been approved by the current user.
    */
    boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication);

    /**
    * Put approve logic here
    * @param authorizationRequest
    * @param approved
    */
    void doApprove(AuthorizationRequest authorizationRequest, boolean approved);

    }
    And then change AuthorizationEndpoint from
    public View approveOrDeny(@RequestParam(USER_OAUTH_APPROVAL) boolean approved,
    @ModelAttribute AuthorizationRequest authorizationRequest, SessionStatus sessionStatus, Principal principal) {
    ................

    try {
    Set<String> responseTypes = authorizationRequest.getResponseTypes();
    authorizationRequest = resolveRedirectUri(authorizationRequest);
    if (responseTypes.contains("token")) {
    return getImplicitGrantResponse(authorizationRequest.appr oved(true)).getView();
    }
    return getAuthorizationCodeResponse(authorizationRequest.approved(approved), (Authentication) principal);
    }
    finally {
    sessionStatus.setComplete();
    }

    }
    to

    public View approveOrDeny(@RequestParam(USER_OAUTH_APPROVAL) boolean approved,
    @ModelAttribute AuthorizationRequest authorizationRequest, SessionStatus sessionStatus, Principal principal) {
    ................

    try {
    Set<String> responseTypes = authorizationRequest.getResponseTypes();
    authorizationRequest = resolveRedirectUri(authorizationRequest);
    if (responseTypes.contains("token")) {
    return getImplicitGrantResponse(authorizationRequest.appr oved(true)).getView();
    }
    return getAuthorizationCodeResponse(userApprovalHandler.doApprove(authorizationRequest ,approved), (Authentication) principal);
    }
    finally {
    sessionStatus.setComplete();
    }

    }
    Last edited by dsytenkov; Jun 1st, 2012, 10:27 AM.

  • #2
    There's a pull request open for a modification to AuthorizationRequest to store more complex data about the user approval, so I imagine it's going to require some sort of similar change. Maybe you should look there and see if it's heading in the right direction for you?

    Comment


    • #3
      Dave, thanks for reply.

      May you give me a link to the opened request so I'll have a look? I've tried to search with "AuthorizationRequest" in Spring OAuth Jira but didn't found anything related to this.

      Thanks in advance, Denis.

      Comment


      • #4
        I don't know if there's anything in JIRA yet. Here's the pull request: https://github.com/SpringSource/spri...-oauth/pull/38

        Comment


        • #5
          Dave, Thanks for the link.
          Unfortunately this request is not about the problem that I have. My problem is related to the moving of approval logic implemеntation to some other class different from AuthorizationEndpoint to make this easier to customize.

          Comment

          Working...
          X