SECOAUTH-160: re-organize ClientDetails and AuthenticationRequest

Author: Dave Syer

spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/OAuth2Utils.java

@@ -1,29 +1,41 @@
 package org.springframework.security.oauth2.common.util;
 
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.Set;
 import java.util.TreeSet;
 
+import org.springframework.util.StringUtils;
+
 /**
  * @author Ryan Heaton
+ * @author Dave Syer
  */
-public class OAuth2Utils {
+public abstract class OAuth2Utils {
 
- private OAuth2Utils() {}
+/**
+ * Parses a string value into a scope.
+ * 
+ * @param scopeValue The value of the scope.
+ * @return The scope.
+ */
+public static Set<String> parseScope(String scopeValue) {
+Set<String> scope = new TreeSet<String>();
+if (scopeValue != null) {
+// the spec says the scope is separated by spaces, but Facebook uses commas, so we'll include commas, too.
+String[] tokens = scopeValue.split("[\\s+,]");
+scope.addAll(Arrays.asList(tokens));
+}
+return scope;
+}
 
- /**
- * Parses a string value into a scope.
- *
- * @param scopeValue The value of the scope.
- * @return The scope.
- */
- public static Set<String> parseScope(String scopeValue) {
- Set<String> scope = new TreeSet<String>();
- if (scopeValue != null) {
- //the spec says the scope is separated by spaces, but Facebook uses commas, so we'll include commas, too.
- String[] tokens = scopeValue.split("[\\s+,]");
- scope.addAll(Arrays.asList(tokens));
- }
- return scope;
- }
+/**
+ * Formats a scope value into a String.
+ * 
+ * @param scopeValue The value of the scope.
+ * @return The scope formatted for form submission etc, or null if the input is empty
+ */
+public static String formatScope(Collection<String> scope) {
+return scope==null ? null : StringUtils.collectionToDelimitedString(scope, " ");
+}
 }

spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/AuthorizationRequest.java

@@ -1,52 +1,169 @@
 package org.springframework.security.oauth2.provider;
 
+import java.io.Serializable;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.common.util.OAuth2Utils;
 
 /**
- * Client token for a request for a authorization.
+ * Base class representing a request for authorization. There are convenience methods for the well-known properties
+ * required by the OAUth2 spec, and a set of generic parameters to allow for extensions.
  * 
  * @author Ryan Heaton
  * @author Dave Syer
  */
-public class AuthorizationRequest extends ClientToken {
+public class AuthorizationRequest implements Serializable {
 
-private final String state;
+private static final String CLIENT_ID = "client_id";
 
-private final String requestedRedirect;
+private static final String CLIENT_SECRET = "client_secret";
 
-private boolean denied;
+private static final String STATE = "state";
 
-public AuthorizationRequest(String clientId, String clientSecret, Set<String> scope, String state,
+private static final String SCOPE = "scope";
+
+private static final String REDIRECT_URI = "redirect_uri";
+
+private final Set<String> scope;
+
+private final Set<String> resourceIds;
+
+private final boolean denied;
+
+private final Collection<GrantedAuthority> authorities;
+
+private final Map<String, String> parameters = new HashMap<String, String>();
+
+public AuthorizationRequest(Map<String, String> parameters) {
+this(parameters.get(CLIENT_ID), null, OAuth2Utils.parseScope(parameters.get("scope")), null, null, false,
+parameters.get(STATE), parameters.get(REDIRECT_URI));
+this.parameters.putAll(parameters);
+}
+
+public AuthorizationRequest(String clientId, String clientSecret, Collection<String> scope,
+Collection<GrantedAuthority> authorities, Collection<String> resourceIds) {
+this(clientId, clientSecret, scope, authorities, resourceIds, false, null, null);
+}
+
+private AuthorizationRequest(AuthorizationRequest copy, boolean denied) {
+this(copy.getClientId(), copy.getClientSecret(), copy.scope, copy.authorities, copy.resourceIds, denied, copy
+.getState(), copy.getRequestedRedirect());
+this.parameters.putAll(copy.parameters);
+}
+
+private AuthorizationRequest(String clientId, String clientSecret, Collection<String> scope,
+Collection<GrantedAuthority> authorities, Collection<String> resourceIds, boolean denied, String state,
 String requestedRedirect) {
-super(clientId, clientSecret, scope);
-this.state = state;
-this.requestedRedirect = requestedRedirect;
+this.resourceIds = resourceIds == null ? null : Collections.unmodifiableSet(new HashSet<String>(resourceIds));
+this.scope = scope == null ? Collections.<String> emptySet() : Collections.unmodifiableSet(new HashSet<String>(
+scope));
+this.authorities = authorities == null ? null : new HashSet<GrantedAuthority>(authorities);
+this.denied = denied;
+parameters.put(CLIENT_ID, clientId);
+parameters.put(CLIENT_SECRET, clientSecret);
+parameters.put(STATE, state);
+parameters.put(REDIRECT_URI, requestedRedirect);
+parameters.put(SCOPE, OAuth2Utils.formatScope(scope));
 }
 
-public AuthorizationRequest(Map<String, String> parameters) {
-this(parameters.get("client_id"), null, OAuth2Utils.parseScope(parameters.get("scope")), parameters
-.get("state"), parameters.get("redirect_uri"));
+public Map<String, String> getParameters() {
+return Collections.unmodifiableMap(parameters);
 }
 
-public String getRequestedRedirect() {
-return requestedRedirect;
+public String getClientId() {
+return parameters.get(CLIENT_ID);
 }
 
-public String getState() {
-return state;
+public String getClientSecret() {
+return parameters.get(CLIENT_SECRET);
+}
+
+public Set<String> getScope() {
+return this.scope;
+}
+
+public Set<String> getResourceIds() {
+return resourceIds;
+}
+
+public Collection<GrantedAuthority> getAuthorities() {
+return authorities;
+}
+
+public boolean isAuthenticated() {
+return !denied;
 }
 
 public boolean isDenied() {
 return denied;
 }
 
-// TODO: make this immutable
-public void setDenied(boolean denied) {
-this.denied = denied;
-setApproved(!denied);
+public AuthorizationRequest denied(boolean denied) {
+return new AuthorizationRequest(this, denied);
+}
+
+public String getState() {
+return parameters.get(STATE);
+}
+
+public String getRequestedRedirect() {
+return parameters.get(REDIRECT_URI);
+}
+
+@Override
+public int hashCode() {
+final int prime = 31;
+int result = 1;
+result = prime * result + ((authorities == null) ? 0 : authorities.hashCode());
+result = prime * result + (denied ? 1231 : 1237);
+result = prime * result + ((parameters == null) ? 0 : parameters.hashCode());
+result = prime * result + ((resourceIds == null) ? 0 : resourceIds.hashCode());
+result = prime * result + ((scope == null) ? 0 : scope.hashCode());
+return result;
+}
+
+@Override
+public boolean equals(Object obj) {
+if (this == obj)
+return true;
+if (obj == null)
+return false;
+if (getClass() != obj.getClass())
+return false;
+AuthorizationRequest other = (AuthorizationRequest) obj;
+if (authorities == null) {
+if (other.authorities != null)
+return false;
+}
+else if (!authorities.equals(other.authorities))
+return false;
+if (denied != other.denied)
+return false;
+if (parameters == null) {
+if (other.parameters != null)
+return false;
+}
+else if (!parameters.equals(other.parameters))
+return false;
+if (resourceIds == null) {
+if (other.resourceIds != null)
+return false;
+}
+else if (!resourceIds.equals(other.resourceIds))
+return false;
+if (scope == null) {
+if (other.scope != null)
+return false;
+}
+else if (!scope.equals(other.scope))
+return false;
+return true;
 }
 
 }

spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/BaseClientDetails.java

@@ -1,8 +1,13 @@
 package org.springframework.security.oauth2.provider;
 
+import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.Collections;
+import java.util.HashSet;
+import java.util.LinkedHashSet;
 import java.util.List;
+import java.util.Set;
 
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
@@ -17,38 +22,44 @@
 public class BaseClientDetails implements ClientDetails {
 
 private String clientId;
+
 private String clientSecret;
-private List<String> scope = Collections.emptyList();
-private List<String> resourceIds = Collections.emptyList();
-private List<String> authorizedGrantTypes = Collections.emptyList();
+
+private Set<String> scope = Collections.emptySet();
+
+private Set<String> resourceIds = Collections.emptySet();
+
+private Set<String> authorizedGrantTypes = Collections.emptySet();
+
 private String registeredRedirectUri;
+
 private List<GrantedAuthority> authorities = Collections.emptyList();
 
 public BaseClientDetails() {
 }
 
-public BaseClientDetails(String commaSeparatedResourceIds, String commaSeparatedScopes, String commaSeparatedAuthorizedGrantTypes,
-String commaSeparatedAuthorities) {
+public BaseClientDetails(String commaSeparatedResourceIds, String commaSeparatedScopes,
+String commaSeparatedAuthorizedGrantTypes, String commaSeparatedAuthorities) {
 
 if (StringUtils.hasText(commaSeparatedResourceIds)) {
-List<String> resourceIds = Arrays.asList(StringUtils.commaDelimitedListToStringArray(commaSeparatedResourceIds));
+Set<String> resourceIds = StringUtils.commaDelimitedListToSet(commaSeparatedResourceIds);
 if (!resourceIds.isEmpty()) {
 this.resourceIds = resourceIds;
 }
 }
 
 if (StringUtils.hasText(commaSeparatedScopes)) {
-List<String> scopeList = Arrays.asList(StringUtils.commaDelimitedListToStringArray(commaSeparatedScopes));
+Set<String> scopeList = StringUtils.commaDelimitedListToSet(commaSeparatedScopes);
 if (!scopeList.isEmpty()) {
 this.scope = scopeList;
 }
 }
 
 if (StringUtils.hasText(commaSeparatedAuthorizedGrantTypes)) {
-this.authorizedGrantTypes = Arrays.asList(StringUtils
-.commaDelimitedListToStringArray(commaSeparatedAuthorizedGrantTypes));
-} else {
-this.authorizedGrantTypes = Arrays.asList("authorization_code", "refresh_token");
+this.authorizedGrantTypes = StringUtils.commaDelimitedListToSet(commaSeparatedAuthorizedGrantTypes);
+}
+else {
+this.authorizedGrantTypes = new HashSet<String>(Arrays.asList("authorization_code", "refresh_token"));
 }
 
 if (StringUtils.hasText(commaSeparatedAuthorities)) {
@@ -80,28 +91,28 @@ public boolean isScoped() {
 return this.scope != null && !this.scope.isEmpty();
 }
 
-public List<String> getScope() {
+public Set<String> getScope() {
 return scope;
 }
 
-public void setScope(List<String> scope) {
-this.scope = scope;
+public void setScope(Collection<String> scope) {
+this.scope = new LinkedHashSet<String>(scope);
 }
 
-public List<String> getResourceIds() {
+public Set<String> getResourceIds() {
 return resourceIds;
 }
 
-public void setResourceIds(List<String> resourceIds) {
-this.resourceIds = resourceIds;
+public void setResourceIds(Collection<String> resourceIds) {
+this.resourceIds = new LinkedHashSet<String>(resourceIds);
 }
 
-public List<String> getAuthorizedGrantTypes() {
+public Set<String> getAuthorizedGrantTypes() {
 return authorizedGrantTypes;
 }
 
-public void setAuthorizedGrantTypes(List<String> authorizedGrantTypes) {
-this.authorizedGrantTypes = authorizedGrantTypes;
+public void setAuthorizedGrantTypes(Collection<String> authorizedGrantTypes) {
+this.authorizedGrantTypes = new LinkedHashSet<String>(authorizedGrantTypes);
 }
 
 public String getRegisteredRedirectUri() {
@@ -112,11 +123,11 @@ public void setRegisteredRedirectUri(String registeredRedirectUri) {
 this.registeredRedirectUri = registeredRedirectUri;
 }
 
-public List<GrantedAuthority> getAuthorities() {
+public Collection<GrantedAuthority> getAuthorities() {
 return authorities;
 }
 
-public void setAuthorities(List<GrantedAuthority> authorities) {
-this.authorities = authorities;
+public void setAuthorities(Collection<GrantedAuthority> authorities) {
+this.authorities = new ArrayList<GrantedAuthority>(authorities);
 }
 }