Added ImplicitGrantService, mimics the AuthorizationCodeService pattern

AuthorizationCodeService pattern is used by the code flow. This change
allows the  ImplicitTokenGranter to retrieve the original AuthorizationRequest,
using the incoming TokenRequest as a key.

Author: aanganes

spring-security-oauth2/src/main/java/org/springframework/security/oauth2/config/AuthorizationServerBeanDefinitionParser.java

@@ -35,6 +35,7 @@
 import org.springframework.security.oauth2.provider.endpoint.TokenEndpoint;
 import org.springframework.security.oauth2.provider.endpoint.WhitelabelApprovalEndpoint;
 import org.springframework.security.oauth2.provider.implicit.ImplicitTokenGranter;
+import org.springframework.security.oauth2.provider.implicit.InMemoryImplicitGrantService;
 import org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter;
 import org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter;
 import org.springframework.util.StringUtils;
@@ -65,11 +66,21 @@ protected AbstractBeanDefinition parseEndpointAndReturnFilter(Element element, P
 		String errorPage = element.getAttribute("error-page");
 		String approvalParameter = element.getAttribute("approval-parameter-name");
 		String redirectResolverRef = element.getAttribute("redirect-resolver-ref");
+		
+		String implicitGrantServiceRef = element.getAttribute("implicit-grant-service-ref");
 
 		// Create a bean definition speculatively for the auth endpoint
 		BeanDefinitionBuilder authorizationEndpointBean = BeanDefinitionBuilder
 				.rootBeanDefinition(AuthorizationEndpoint.class);
 
+		if (!StringUtils.hasText(implicitGrantServiceRef)) {
+			implicitGrantServiceRef = "inMemoryImplicitGrantService";
+			BeanDefinitionBuilder implicitGrantService = BeanDefinitionBuilder
+					.rootBeanDefinition(InMemoryImplicitGrantService.class);
+			parserContext.getRegistry().registerBeanDefinition(implicitGrantServiceRef, 
+					implicitGrantService.getBeanDefinition());
+		}
+		
 		if (!StringUtils.hasText(oAuth2RequestFactoryRef)) {
 			oAuth2RequestFactoryRef = "oAuth2AuthorizationRequestManager";
 			BeanDefinitionBuilder oAuth2RequestManager = BeanDefinitionBuilder
@@ -78,6 +89,7 @@ protected AbstractBeanDefinition parseEndpointAndReturnFilter(Element element, P
 			parserContext.getRegistry().registerBeanDefinition(oAuth2RequestFactoryRef,
 					oAuth2RequestManager.getBeanDefinition());
 		}
+		authorizationEndpointBean.addPropertyReference("implicitGrantService", implicitGrantServiceRef);
 
 		ManagedList<BeanMetadataElement> tokenGranters = null;
 		if (!StringUtils.hasText(tokenGranterRef)) {
@@ -150,6 +162,13 @@ protected AbstractBeanDefinition parseEndpointAndReturnFilter(Element element, P
 			if (implicitElement != null && !"true".equalsIgnoreCase(implicitElement.getAttribute("disabled"))) {
 				BeanDefinitionBuilder implicitGranterBean = BeanDefinitionBuilder
 						.rootBeanDefinition(ImplicitTokenGranter.class);
+				
+				String implicitGrantServiceRef2 = implicitElement.getAttribute("implicit-grant-service-ref");
+				if (!StringUtils.hasText(implicitGrantServiceRef2)) {
+					implicitGrantServiceRef2 = implicitGrantServiceRef;
+				}
+				implicitGranterBean.addPropertyReference("implicitGrantService", implicitGrantServiceRef2);
+				
 				implicitGranterBean.addConstructorArgReference(tokenServicesRef);
 				implicitGranterBean.addConstructorArgReference(clientDetailsRef);
 				implicitGranterBean.addConstructorArgReference(oAuth2RequestFactoryRef);

spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/endpoint/AuthorizationEndpoint.java

@@ -40,18 +40,20 @@
 import org.springframework.security.oauth2.common.exceptions.UnsupportedResponseTypeException;
 import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException;
 import org.springframework.security.oauth2.common.util.OAuth2Utils;
+import org.springframework.security.oauth2.provider.AuthorizationRequest;
 import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.security.oauth2.provider.ClientRegistrationException;
 import org.springframework.security.oauth2.provider.DefaultOAuth2RequestValidator;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.security.oauth2.provider.AuthorizationRequest;
-import org.springframework.security.oauth2.provider.OAuth2RequestValidator;
 import org.springframework.security.oauth2.provider.OAuth2Request;
+import org.springframework.security.oauth2.provider.OAuth2RequestValidator;
 import org.springframework.security.oauth2.provider.TokenRequest;
 import org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler;
 import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
 import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
 import org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices;
+import org.springframework.security.oauth2.provider.implicit.ImplicitGrantService;
+import org.springframework.security.oauth2.provider.implicit.InMemoryImplicitGrantService;
 import org.springframework.util.StringUtils;
 import org.springframework.web.HttpSessionRequiredException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
@@ -99,6 +101,8 @@ public class AuthorizationEndpoint extends AbstractEndpoint implements Initializ
 	private SessionAttributeStore sessionAttributeStore = new DefaultSessionAttributeStore();
 
 	private OAuth2RequestValidator oAuth2RequestValidator = new DefaultOAuth2RequestValidator();
+	
+	private ImplicitGrantService implicitGrantService = new InMemoryImplicitGrantService();
 
 	private String userApprovalPage = "forward:/oauth/confirm_access";
 
@@ -250,6 +254,8 @@ private ModelAndView getUserApprovalPageResponse(Map<String, Object> model,
 	private ModelAndView getImplicitGrantResponse(AuthorizationRequest authorizationRequest) {
 		try {
 			TokenRequest tokenRequest = getOAuth2RequestFactory().createTokenRequest(authorizationRequest, "implicit");
+			OAuth2Request storedOAuth2Request = getOAuth2RequestFactory().createOAuth2Request(authorizationRequest);
+			implicitGrantService.store(storedOAuth2Request, tokenRequest);
 			OAuth2AccessToken accessToken = getTokenGranter().grant("implicit", tokenRequest);
 			if (accessToken == null) {
 				throw new UnsupportedResponseTypeException("Unsupported response type: token");
@@ -446,6 +452,10 @@ public void setUserApprovalHandler(UserApprovalHandler userApprovalHandler) {
 	public void setoAuth2RequestValidator(OAuth2RequestValidator oAuth2RequestValidator) {
 		this.oAuth2RequestValidator = oAuth2RequestValidator;
 	}
+	
+	public void setImplicitGrantService(ImplicitGrantService implicitGrantService) {
+		this.implicitGrantService = implicitGrantService;
+	}
 
 	@ExceptionHandler(ClientRegistrationException.class)
 	public ModelAndView handleClientRegistrationException(Exception e, ServletWebRequest webRequest) throws Exception {

spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/ImplicitGrantService.java

@@ -0,0 +1,33 @@
+package org.springframework.security.oauth2.provider.implicit;
+
+import org.springframework.security.oauth2.provider.OAuth2Request;
+import org.springframework.security.oauth2.provider.TokenRequest;
+
+/**
+ * Service to associate & store an incoming AuthorizationRequest with the TokenRequest that is passed
+ * to the ImplicitTokenGranter during the Implicit flow. This mimics the AuthorizationCodeServices
+ * functionality from the Authorization Code flow, allowing the ImplicitTokenGranter to reference the original 
+ * AuthorizationRequest, while still allowing the ImplicitTokenGranter to adhere to the TokenGranter interface. 
+ * 
+ * @author Amanda Anganes
+ *
+ */
+public interface ImplicitGrantService {
+
+	/**
+	 * Save an association between an OAuth2Request and a TokenRequest.
+	 * 
+	 * @param originalRequest
+	 * @param tokenRequest
+	 */
+	public void store(OAuth2Request originalRequest, TokenRequest tokenRequest);
+	
+	/**
+	 * Look up and return the OAuth2Request associated with the given TokenRequest.
+	 * 
+	 * @param tokenRequest
+	 * @return
+	 */
+	public OAuth2Request remove(TokenRequest tokenRequest);
+	
+}

spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/ImplicitTokenGranter.java

@@ -23,8 +23,8 @@
 import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
 import org.springframework.security.oauth2.provider.OAuth2Request;
+import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
 import org.springframework.security.oauth2.provider.TokenRequest;
 import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
 import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
@@ -37,6 +37,8 @@ public class ImplicitTokenGranter extends AbstractTokenGranter {
 
 	private static final String GRANT_TYPE = "implicit";
 
+	private ImplicitGrantService service;
+	
 	public ImplicitTokenGranter(AuthorizationServerTokenServices tokenServices, ClientDetailsService clientDetailsService, OAuth2RequestFactory requestFactory) {
 		super(tokenServices, clientDetailsService, requestFactory, GRANT_TYPE);
 	}
@@ -48,11 +50,15 @@ protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, Tok
 		if (userAuth==null || !userAuth.isAuthenticated()) {
 			throw new InsufficientAuthenticationException("There is no currently logged in user");
 		}
-
-		OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, clientToken);
 
-		return new OAuth2Authentication(storedOAuth2Request, userAuth);
+		OAuth2Request requestForStorage = service.remove(clientToken);
+		
+		return new OAuth2Authentication(requestForStorage, userAuth);
 
 	}
+	
+	public void setImplicitGrantService(ImplicitGrantService service) {
+		this.service = service;
+	}
 
 }

spring-security-oauth2/src/main/java/org/springframework/security/oauth2/provider/implicit/InMemoryImplicitGrantService.java

@@ -0,0 +1,27 @@
+package org.springframework.security.oauth2.provider.implicit;
+
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.springframework.security.oauth2.provider.OAuth2Request;
+import org.springframework.security.oauth2.provider.TokenRequest;
+
+/**
+ * In-memory implementation of the ImplicitGrantService.
+ * 
+ * @author Amanda Anganes
+ *
+ */
+public class InMemoryImplicitGrantService implements ImplicitGrantService {
+
+	protected final ConcurrentHashMap<TokenRequest, OAuth2Request> requestStore = new ConcurrentHashMap<TokenRequest, OAuth2Request>();
+	
+	public void store(OAuth2Request originalRequest, TokenRequest tokenRequest) {
+		this.requestStore.put(tokenRequest, originalRequest);
+	}
+
+	public OAuth2Request remove(TokenRequest tokenRequest) {
+		OAuth2Request request = this.requestStore.remove(tokenRequest);
+		return request;
+	}
+
+}

spring-security-oauth2/src/main/resources/org/springframework/security/oauth2/spring-security-oauth2-1.0.xsd

@@ -235,6 +235,15 @@
 				</xs:annotation>
 			</xs:attribute>
 
+			<xs:attribute name="implicit-grant-service-ref" type="xs:string">
+				<xs:annotation>
+					<xs:documentation>
+						The reference to the bean that defines the
+						implicit grant service.
+					</xs:documentation>
+				</xs:annotation>
+			</xs:attribute>
+
 			<xs:attribute name="token-services-ref" type="xs:string">
 				<xs:annotation>
 					<xs:documentation>

spring-security-oauth2/src/test/resources/org/springframework/security/oauth2/config/authorization-server-extras.xml

@@ -8,6 +8,7 @@
 	<oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokens"
 		authorization-endpoint-url="/authorize" token-endpoint-url="/token" approval-parameter-name="approve" error-page="/error"
 		authorization-request-manager-ref="factory" redirect-resolver-ref="resolver" token-granter-ref="granter"
+		implicit-grant-service-ref="implicitService"
 		user-approval-handler-ref="approvals" user-approval-page="/approve">
 		<oauth:authorization-code />
 	</oauth:authorization-server>
@@ -30,6 +31,8 @@
 		<constructor-arg ref="clientDetails" />
 		<constructor-arg ref="factory" />
 	</bean>
+	
+	<bean id="implicitService" class="org.springframework.security.oauth2.provider.implicit.InMemoryImplicitGrantService" />
 
 	<bean id="approvals" class="org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler" />