Examples of org.springframework.security.oauth2.provider.approval.TokenApprovalStore

• org.springframework.security.oauth2.provider.OAuth2Authentication
  An {@link ApprovalStore} that works with an existing {@link TokenStore}, extracting implicit {@link Approval Approvals} from the content of tokens already in the store. Useful interface so that users can list and revokeapprovals even if they are not really represented in such a way internally. For full fine-grained control of user approvals don't use a TokenStore at all, and don't use this ApprovalStore with Approval-based {@link AuthorizationServerTokenServices} implementations. @author Dave Syer

    return client;
  }

  private ClientDetails clientWithIdAndScope(String clientId,
      Set<String> scope) {
    ClientDetails client = clientWithId(clientId);
    given(client.getScope()).willReturn(scope);
    return client;
  }

  @Override
  public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {

    String userId = userAuthentication.getName();
    String clientId = authorizationRequest.getClientId();
    ClientDetails client = clientDetailsService.loadClientByClientId(clientId);

    // This must be re-parsed here because SECOAUTH forces us to call things in a strange order
    if (Boolean.parseBoolean(authorizationRequest.getApprovalParameters().get("user_oauth_approval"))
        && authorizationRequest.getExtensions().get("csrf") != null
        && authorizationRequest.getExtensions().get("csrf").equals(authorizationRequest.getApprovalParameters().get("csrf"))) {

      authorizationRequest.setApproved(true);

      // process scopes from user input
      Set<String> allowedScopes = Sets.newHashSet();
      Map<String,String> approvalParams = authorizationRequest.getApprovalParameters();

      Set<String> keys = approvalParams.keySet();

      for (String key : keys) {
        if (key.startsWith("scope_")) {
          //This is a scope parameter from the approval page. The value sent back should
          //be the scope string. Check to make sure it is contained in the client's
          //registered allowed scopes.

          String scope = approvalParams.get(key);
          Set<String> approveSet = Sets.newHashSet(scope);

          //Make sure this scope is allowed for the given client
          if (systemScopes.scopesMatch(client.getScope(), approveSet)) {

            // If it's structured, assign the user-specified parameter
            SystemScope systemScope = systemScopes.getByValue(scope);
            if (systemScope != null && systemScope.isStructured()){
              String paramValue = approvalParams.get("scopeparam_" + scope);

  }

  private void checkClientDetails(OAuth2Authentication auth) {
    if (clientDetailsService != null) {
      ClientDetails client;
      try {
        client = clientDetailsService.loadClientByClientId(auth.getOAuth2Request().getClientId());
      }
      catch (ClientRegistrationException e) {
        throw new OAuth2AccessDeniedException("Invalid token contains invalid client id");
      }
      Set<String> allowed = client.getScope();
      for (String scope : auth.getOAuth2Request().getScope()) {
        if (!allowed.contains(scope)) {
          throw new OAuth2AccessDeniedException("Invalid token contains disallowed scope (" + scope
              + ") for this client");
        }

        DBObject userAuthorization = (DBObject)source.get("userAuthentication");
        Object principal = getPrincipalObject(userAuthorization.get("principal"));
        Authentication userAuthentication = new UsernamePasswordAuthenticationToken(principal,
                userAuthorization.get("credentials"), getAuthorities((List) userAuthorization.get("authorities")));

        return new OAuth2Authentication(oAuth2Request,  userAuthentication );
    }

            writer.beginObject();
            writer.name("id").value(holder.getId());
            writer.name("ownerId").value(holder.getOwnerId());
            writer.name("authentication");
            writer.beginObject();
            OAuth2Authentication oa2Auth = holder.getAuthentication();
            writer.name("clientAuthorization");
            writeAuthorizationRequest(oa2Auth.getOAuth2Request(), writer);
            String userAuthentication = base64UrlEncodeObject(oa2Auth.getUserAuthentication());
            writer.name("userAuthentication").value(userAuthentication);
            writer.endObject();
            writer.endObject();
            logger.debug("Wrote authentication holder {}", holder.getId());
        }

                                        reader.skipValue();
                                        continue;
                                }
                            }
                            reader.endObject();
                            OAuth2Authentication auth = new OAuth2Authentication(clientAuthorization, userAuthentication);
                            ahe.setAuthentication(auth);
                        } else {
                            logger.debug("Found unexpected entry");
                            reader.skipValue();
                        }

    Map<String, String> authorizationParameters = Maps.newHashMap();
    OAuth2Request clientAuth = new OAuth2Request(authorizationParameters, client.getClientId(),
        Sets.newHashSet(new SimpleGrantedAuthority("ROLE_CLIENT")), true,
        scope, null, null, null, null);
    OAuth2Authentication authentication = new OAuth2Authentication(clientAuth, null);

    OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();
    token.setClient(client);
    token.setScope(scope);

                                        reader.skipValue();
                                        continue;
                                }
                            }
                            reader.endObject();
                            OAuth2Authentication auth = new OAuth2Authentication(clientAuthorization, userAuthentication);
                            ahe.setAuthentication(auth);
                        } else {
                            logger.debug("Found unexpected entry");
                            reader.skipValue();
                        }

        given(refreshToken.getAuthenticationHolder().getAuthentication()).willReturn(authentication);
        return refreshToken;
    }

    private OAuth2Authentication authentication(String name, OAuth2Request request) {
        OAuth2Authentication authentication = mock(OAuth2Authentication.class);
        given(authentication.getName()).willReturn(name);
        given(authentication.getOAuth2Request()).willReturn(request);
        return authentication;
    }

      }

      // NOTE: don't revoke the existing access token

      // create a new access token
      OAuth2Authentication authentication = new OAuth2Authentication(getRequestFactory().createOAuth2Request(client, tokenRequest), incomingToken.getAuthenticationHolder().getAuthentication().getUserAuthentication());

      return authentication;

    } else {
      throw new InvalidScopeException("Invalid scope requested in chained request", approvedScopes);