public @ResponseBody String receiveAuthorizationCodeRequest(final HttpServletRequest request,
final HttpServletResponse response)
throws IOException, OAuthSystemException {
// Create the OAuth request from the HTTP request.
OAuthAuthzRequest oauthRequest;
try {
oauthRequest = new OAuthAuthzRequest(request);
}
// The request does not conform to the RFC, so we return a HTTP 400
// with a reason.
catch (OAuthProblemException e) {
// Create the OAuth response.
OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e)
.buildJSONMessage();
// Set the status and return the error message.
response.setStatus(oauthResponse.getResponseStatus());
return oauthResponse.getBody();
}
// Validate that the user is requesting a "code" response type, which
// is the only response type we accept.
try {
if (!ResponseType.CODE.toString().equals(oauthRequest.getResponseType())) {
// Create the OAuth response.
OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
.setError(OAuthError.CodeResponse.UNSUPPORTED_RESPONSE_TYPE)
.setErrorDescription("The response type must be '" +
ResponseType.CODE.toString() +
"' but was instead: "
+ oauthRequest.getResponseType())
.setState(oauthRequest.getState())
.buildJSONMessage();
// Set the status and return the error message.
response.setStatus(oauthResponse.getResponseStatus());
return oauthResponse.getBody();
}
}
catch (IllegalArgumentException e) {
// Create the OAuth response.
OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
.setError(OAuthError.CodeResponse.UNSUPPORTED_RESPONSE_TYPE)
.setErrorDescription("The response type is unknown: " + oauthRequest.getResponseType())
.setState(oauthRequest.getState())
.buildJSONMessage();
// Set the status and return the error message.
response.setStatus(oauthResponse.getResponseStatus());
return oauthResponse.getBody();
}
// Make sure a redirect URI was given.
if (oauthRequest.getRedirectURI() == null) {
// Create the OAuth response.
OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
.setError(OAuthError.CodeResponse.INVALID_REQUEST)
.setErrorDescription("A redirect URI must be given.")
.setState(oauthRequest.getState())
.buildJSONMessage();
// Set the status and return the error message.
response.setStatus(oauthResponse.getResponseStatus());
return oauthResponse.getBody();
}
// Attempt to get the third-party.
Application application = oAuth2MgmtService.getApplicationForClientId(oauthRequest.getClientId());
// If the third-party is unknown, reject the request.
if (application == null) {
// Create the OAuth response.
OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).setError
(OAuthError.CodeResponse.INVALID_REQUEST).setErrorDescription(
"The client ID is unknown: " + oauthRequest.getClientId()
).setState(oauthRequest.getState()).buildJSONMessage();
// Set the status and return the error message.
response.setStatus(oauthResponse.getResponseStatus());
return oauthResponse.getBody();
}
// Create the temporary code to be granted or rejected by the user.
AuthorizationCode code = oAuth2MgmtService.issueAuthorizationCode(application.getId(),
oauthRequest.getScopes(),
oauthRequest.getState());
// Set the redirect.
response.sendRedirect(OAuthASResponse.authorizationResponse(request, HttpServletResponse.SC_FOUND)
.setCode(code.code)
.location("Authorize.html")
//.setScope(scopeBuilder.toString())
.setParam("name", application.name)
.setParam("description", application.description)
.setParam("redirectUri", oauthRequest.getRedirectURI())
.buildQueryMessage().getLocationUri()
);
// Since we are redirecting the user, we don't need to return anything.
return null;
}