}
// The request does not conform to the RFC, so we return a HTTP 400
// with a reason.
catch (OAuthProblemException e) {
// Create the OAuth response.
OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(e)
.buildJSONMessage();
// Set the status and return the error message.
response.setStatus(oauthResponse.getResponseStatus());
return oauthResponse.getBody();
}
// Validate that the user is requesting a "code" response type, which
// is the only response type we accept.
try {
if (!ResponseType.CODE.toString().equals(oauthRequest.getResponseType())) {
// Create the OAuth response.
OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
.setError(OAuthError.CodeResponse.UNSUPPORTED_RESPONSE_TYPE)
.setErrorDescription("The response type must be '" +
ResponseType.CODE.toString() +
"' but was instead: "
+ oauthRequest.getResponseType())
.setState(oauthRequest.getState())
.buildJSONMessage();
// Set the status and return the error message.
response.setStatus(oauthResponse.getResponseStatus());
return oauthResponse.getBody();
}
}
catch (IllegalArgumentException e) {
// Create the OAuth response.
OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
.setError(OAuthError.CodeResponse.UNSUPPORTED_RESPONSE_TYPE)
.setErrorDescription("The response type is unknown: " + oauthRequest.getResponseType())
.setState(oauthRequest.getState())
.buildJSONMessage();
// Set the status and return the error message.
response.setStatus(oauthResponse.getResponseStatus());
return oauthResponse.getBody();
}
// Make sure a redirect URI was given.
if (oauthRequest.getRedirectURI() == null) {
// Create the OAuth response.
OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
.setError(OAuthError.CodeResponse.INVALID_REQUEST)
.setErrorDescription("A redirect URI must be given.")
.setState(oauthRequest.getState())
.buildJSONMessage();
// Set the status and return the error message.
response.setStatus(oauthResponse.getResponseStatus());
return oauthResponse.getBody();
}
// Attempt to get the third-party.
Application application = oAuth2MgmtService.getApplicationForClientId(oauthRequest.getClientId());
// If the third-party is unknown, reject the request.
if (application == null) {
// Create the OAuth response.
OAuthResponse oauthResponse = OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).setError
(OAuthError.CodeResponse.INVALID_REQUEST).setErrorDescription(
"The client ID is unknown: " + oauthRequest.getClientId()
).setState(oauthRequest.getState()).buildJSONMessage();
// Set the status and return the error message.
response.setStatus(oauthResponse.getResponseStatus());
return oauthResponse.getBody();
}
// Create the temporary code to be granted or rejected by the user.
AuthorizationCode code = oAuth2MgmtService.issueAuthorizationCode(application.getId(),
oauthRequest.getScopes(),