I am currently trying to bypass the approve / deny step of the access authorization process in Spring Security OAuth2, since previously allowed access (for a specific client_id and user_id) must be stored in memory and the OAuth application must be redirected to the client application without asking the user each time for its approval.
<version.spring-security>3.2.0.RELEASE</version.spring-security>
<version.spring-security-oauth>1.0.5.RELEASE</version.spring-security-oauth>
So, I have an AccessConfirmationController that has a mapping for the endpoint / oauth / confirm _access:
@RequestMapping("/oauth/confirm_access")
public ModelAndView getAccessConfirmation(@ModelAttribute final AuthorizationRequest clientAuth)
{
final ClientDetails client = this.clientDetailsService.loadClientByClientId(clientAuth.getClientId());
final TreeMap<String, Object> model = Maps.newTreeMap();
model.put("auth_request", clientAuth);
model.put("client", client);
return new ModelAndView("access_confirmation", model);
}
A very classic way to handle access confirmation.
, (- ), (Principal) , , , , redirect_uri.
Spring , :
@FrameworkEndpoint
@RequestMapping(value = "/oauth/token")
public class TokenEndpoint extends AbstractEndpoint {
@RequestMapping
public ResponseEntity<OAuth2AccessToken> getAccessToken(Principal principal,
@RequestParam(value = "grant_type", required = false) String grantType,
@RequestParam Map<String, String> parameters) {
}
}
? (~ ?) ?
,