public class AuthPageServerResource extends AuthorizationBaseServerResource
{ @code public Restlet createInboundRoot(){ ... root.attach(OAuthHelper.getAuthPage(getContext()), AuthPageServerResource.class); //Set Template for AuthPage: OAuthHelper.setAuthPageTemplate("authorize.html", getContext()); //Dont ask for approval if previously approved OAuthHelper.setAuthSkipApproved(true, getContext()); ... } }The FreeMarker data model looks like the following
{ @code HashMap<String, Object> data = new HashMap<String, Object>(); data.put("target", "/oauth/auth_page"); data.put("clientId", clientId); data.put("clientDescription", client.toString()); data.put("clientCallback", client.getRedirectUri()); data.put("clientName", client.getApplicationName()); data.put("requestingScopes", scopes); data.put("grantedScopes", previousScopes); }Below is an example of a simple FreeMarker page for authorization
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<link rel="stylesheet" href="resources/style.css" type="text/css" media="screen"
charset="utf-8">
<title>OAuth2 Authorization Server</title>
</head>
<body>
<div id="container">
<div id="header">
<h2>OAuth authorization page</h2>
<section id="intro">
<h2>Application requesting scope</h2>
<p>Client ClientId = ${clientId} CB = ${clientDescription} wants to get access to your information.</p>
</section>
</div>
<aside>
<form action="${target}" method="get">
<h4>The following private info is requested</h4>
<#list requestingScopes as r> <input type="checkbox" name="scope" value="${r}" checked />
<b>${r}</b><br/>
</#list>
<#if grantedScopes?has_content>
<hr />
<h4>Previously approved scopes</h4>
<#list grantedScopes as g> <input type="checkbox" name="scope" value="${g}" checked />
<b>${g}</b><br/>
</#list>
</#if>
<br/>
<input type="submit" name="action" value="Reject"/>
<input type="submit" name="action" value="Accept" />
</form>
</aside>
<footer>
<p class="copyright">Copyright © 2010 Ericsson Inc. All rights reserved.</p>
</footer>
</div>
</body>
</html>
should be set in the attributes. It should contain a static HTML page or a
FreeMarker page that will be loaded with the CLAP protocol straight from
root.clients, PARAMETER_DEFAULT_SCOPE, tokens
ACCESS_TOKEN, CLIENT_ID, CLIENT_SECRET, CODE, ERROR, ERROR_DESC, ERROR_URI, EXPIRES_IN, GRANT_TYPE, PASSWORD, REDIR_URI, REFRESH_TOKEN, RESPONSE_TYPE, SCOPE, STATE, TOKEN_TYPE, TOKEN_TYPE_BEARER, TOKEN_TYPE_MAC, USERNAME
Constructor and Description |
---|
AuthPageServerResource() |
Modifier and Type | Method and Description |
---|---|
protected Representation |
getPage(String authPage)
Helper method if a auth page was present in a context attribute.
|
protected void |
handleAction(String action,
String[] grantedScope)
Helper method to handle a FORM response.
|
Representation |
showPage()
Entry point to the AuthPageResource.
|
doCatch, getAuthSession, getErrorPage, sendError, setupAuthSession, ungetAuthSession
addCacheDirective, doInit, getClient, getScope, getState, responseErrorRepresentation
abort, commit, delete, delete, describeVariants, doConditionalHandle, doError, doHandle, doHandle, doNegotiatedHandle, get, get, getAttribute, getDescription, getInfo, getInfo, getName, getOnSent, getPreferredVariant, getRole, getVariants, getVariants, handle, hasAnnotations, head, head, isAnnotated, isAutoCommitting, isCommitted, isConditional, isExisting, isInRole, isNegotiated, options, options, patch, patch, post, post, put, put, redirectPermanent, redirectPermanent, redirectSeeOther, redirectSeeOther, redirectTemporary, redirectTemporary, setAllowedMethods, setAnnotated, setAttribute, setAutoCommitting, setChallengeRequests, setCommitted, setConditional, setCookieSettings, setDescription, setDimensions, setExisting, setLocationRef, setLocationRef, setName, setNegotiated, setOnSent, setProxyChallengeRequests, setServerInfo, setStatus, setStatus, setStatus, setStatus, updateAllowedMethods, updateDimensions
doError, doRelease, getAllowedMethods, getApplication, getChallengeRequests, getChallengeResponse, getClientInfo, getConditions, getConnegService, getContext, getConverterService, getCookies, getCookieSettings, getDimensions, getHostRef, getLocationRef, getLogger, getMatrix, getMatrixValue, getMaxForwards, getMetadataService, getMethod, getOriginalRef, getProtocol, getProxyChallengeRequests, getProxyChallengeResponse, getQuery, getQueryValue, getRanges, getReference, getReferrerRef, getRequest, getRequestAttributes, getRequestCacheDirectives, getRequestEntity, getResponse, getResponseAttributes, getResponseCacheDirectives, getResponseEntity, getRootRef, getServerInfo, getStatus, getStatusService, init, isConfidential, isLoggable, release, setApplication, setQueryValue, setRequest, setResponse, toBoolean, toByte, toDouble, toFloat, toInteger, toLong, toObject, toRepresentation, toRepresentation, toRepresentation, toShort, toString
protected Representation getPage(String authPage)
authPage
- name of the page in class loader contextprotected void handleAction(String action, String[] grantedScope) throws OAuthException
action
- as interacted by the user.grantedScope
- the scopes that was approved.OAuthException
@Get(value="html") public Representation showPage() throws OAuthException
OAuthException
Copyright © 2005-2014 Restlet.