package org.springframework.security.oauth2.client.token;
   import org.apache.commons.logging.Log;
   import org.apache.commons.logging.LogFactory;
   import org.springframework.http.HttpHeaders;
   import org.springframework.http.HttpMethod;
   import org.springframework.http.MediaType;
   import org.springframework.http.client.ClientHttpRequest;
   import org.springframework.http.client.ClientHttpRequestFactory;
  import org.springframework.http.client.ClientHttpRequestInterceptor;
  import org.springframework.http.client.ClientHttpResponse;
  import org.springframework.http.client.SimpleClientHttpRequestFactory;
  import org.springframework.http.converter.FormHttpMessageConverter;
  import org.springframework.http.converter.HttpMessageConverter;
  import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
  import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
  import org.springframework.security.oauth2.client.token.auth.ClientAuthenticationHandler;
  import org.springframework.security.oauth2.client.token.auth.DefaultClientAuthenticationHandler;
  import org.springframework.security.oauth2.common.OAuth2AccessToken;
  import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
  import org.springframework.security.oauth2.http.converter.FormOAuth2AccessTokenMessageConverter;
  import org.springframework.security.oauth2.http.converter.FormOAuth2ExceptionHttpMessageConverter;
  import org.springframework.util.Assert;
  import org.springframework.util.MultiValueMap;
  import org.springframework.web.client.DefaultResponseErrorHandler;
  import org.springframework.web.client.HttpMessageConverterExtractor;
  import org.springframework.web.client.RequestCallback;
  import org.springframework.web.client.ResponseErrorHandler;
  import org.springframework.web.client.ResponseExtractor;
  import org.springframework.web.client.RestClientException;
  import org.springframework.web.client.RestOperations;
  import org.springframework.web.client.RestTemplate;
  import java.io.IOException;
  import java.net.HttpURLConnection;
  import java.util.ArrayList;
  import java.util.Arrays;
  import java.util.List;
  /**
   * Base support logic for obtaining access tokens.
   * 
   * @author Ryan Heaton
   * @author Dave Syer
   */
  public abstract class OAuth2AccessTokenSupport {
  	protected final Log logger = LogFactory.getLog(getClass());
  	private static final FormHttpMessageConverter FORM_MESSAGE_CONVERTER = new FormHttpMessageConverter();
  	private RestOperations restTemplate;
  	private List<HttpMessageConverter<?>> messageConverters;
  	private ClientAuthenticationHandler authenticationHandler = new DefaultClientAuthenticationHandler();
  	private ResponseErrorHandler responseErrorHandler = new AccessTokenErrorHandler();
  	private List<ClientHttpRequestInterceptor> interceptors = new ArrayList<ClientHttpRequestInterceptor>();
  	private RequestEnhancer tokenRequestEnhancer = new DefaultRequestEnhancer();
  	/**
  	 * Sets the request interceptors that this accessor should use.
  	 */
  	public void setInterceptors(List<ClientHttpRequestInterceptor> interceptors) {
  		this.interceptors = interceptors;
  	/**
  	 * A custom enhancer for the access token request
  	 * @param tokenRequestEnhancer
  	 */
  	public void setTokenRequestEnhancer(RequestEnhancer tokenRequestEnhancer) {
  		this.tokenRequestEnhancer = tokenRequestEnhancer;
  	private ClientHttpRequestFactory requestFactory = new SimpleClientHttpRequestFactory() {
  		@Override
  		protected void prepareConnection(HttpURLConnection connection, String httpMethod)
  				throws IOException {
  			super.prepareConnection(connection, httpMethod);
  			connection.setInstanceFollowRedirects(false);
  			connection.setUseCaches(false);
  	};
  	protected RestOperations getRestTemplate() {
  		if (restTemplate == null) {
  			synchronized (this) {
  				if (restTemplate == null) {
  					RestTemplate restTemplate = new RestTemplate();
  					restTemplate.setErrorHandler(getResponseErrorHandler());
  					restTemplate.setRequestFactory(requestFactory);
  					restTemplate.setInterceptors(interceptors);
  					this.restTemplate = restTemplate;
 		}
 		if (messageConverters == null) {
 			setMessageConverters(new RestTemplate().getMessageConverters());
 		}
 		return restTemplate;
 	}
 	public void setAuthenticationHandler(ClientAuthenticationHandler authenticationHandler) {
 		this.authenticationHandler = authenticationHandler;
 	}
 	public void setMessageConverters(List<HttpMessageConverter<?>> messageConverters) {
 		this.messageConverters = new ArrayList<HttpMessageConverter<?>>(messageConverters);
 		this.messageConverters.add(new FormOAuth2AccessTokenMessageConverter());
 		this.messageConverters.add(new FormOAuth2ExceptionHttpMessageConverter());
 	}
 	protected OAuth2AccessToken retrieveToken(AccessTokenRequest request, OAuth2ProtectedResourceDetails resource,
 			MultiValueMap<String, String> form, HttpHeaders headers) throws OAuth2AccessDeniedException {
 		try {
 			// Prepare headers and form before going into rest template call in case the URI is affected by the result
 			authenticationHandler.authenticateTokenRequest(resource, form, headers);
 			// Opportunity to customize form and headers
 			tokenRequestEnhancer.enhance(request, resource, form, headers);
 			final AccessTokenRequest copy = request;
 			final ResponseExtractor<OAuth2AccessToken> delegate = getResponseExtractor();
 			ResponseExtractor<OAuth2AccessToken> extractor = new ResponseExtractor<OAuth2AccessToken>() {
 				@Override
 				public OAuth2AccessToken extractData(ClientHttpResponse response) throws IOException {
 					if (response.getHeaders().containsKey("Set-Cookie")) {
 						copy.setCookie(response.getHeaders().getFirst("Set-Cookie"));
 					}
 					return delegate.extractData(response);
 				}
 			};
 			return getRestTemplate().execute(getAccessTokenUri(resource, form), getHttpMethod(),
 					getRequestCallback(resource, form, headers), extractor , form.toSingleValueMap());
 		}
 		catch (OAuth2Exception oe) {
 			throw new OAuth2AccessDeniedException("Access token denied.", resource, oe);
 		}
 		catch (RestClientException rce) {
 			throw new OAuth2AccessDeniedException("Error requesting access token.", resource, rce);
 		}
 	}
 	protected HttpMethod getHttpMethod() {
 		return HttpMethod.POST;
 	}
 	protected String getAccessTokenUri(OAuth2ProtectedResourceDetails resource, MultiValueMap<String, String> form) {
 		String accessTokenUri = resource.getAccessTokenUri();
 		if (logger.isDebugEnabled()) {
 			logger.debug("Retrieving token from " + accessTokenUri);
 		}
 		StringBuilder builder = new StringBuilder(accessTokenUri);
 		if (getHttpMethod() == HttpMethod.GET) {
 			String separator = "?";
 			if (accessTokenUri.contains("?")) {
 				separator = "&";
 			}
 			for (String key : form.keySet()) {
 				builder.append(separator);
 				builder.append(key + "={" + key + "}");
 				separator = "&";
 			}
 		}
 		return builder.toString();
 	}
 	protected ResponseErrorHandler getResponseErrorHandler() {
 		return responseErrorHandler;
 	}
 	/**
 	 * Set the request factory that this template uses for obtaining {@link ClientHttpRequest HttpRequests}.
 	 */
 	public void setRequestFactory(ClientHttpRequestFactory requestFactory) {
 		Assert.notNull(requestFactory, "'requestFactory' must not be null");
 		this.requestFactory = requestFactory;
 	}
 	protected ResponseExtractor<OAuth2AccessToken> getResponseExtractor() {
 		getRestTemplate(); // force initialization
 		return new HttpMessageConverterExtractor<OAuth2AccessToken>(OAuth2AccessToken.class, this.messageConverters);
 	}
 	protected RequestCallback getRequestCallback(OAuth2ProtectedResourceDetails resource,
 			MultiValueMap<String, String> form, HttpHeaders headers) {
 		return new OAuth2AuthTokenCallback(form, headers);
 	}
 	/**
 	 * Request callback implementation that writes the given object to the request stream.
 	 */
 	private class OAuth2AuthTokenCallback implements RequestCallback {
 		private final MultiValueMap<String, String> form;
 		private final HttpHeaders headers;
 		private OAuth2AuthTokenCallback(MultiValueMap<String, String> form, HttpHeaders headers) {
 			this.form = form;
 			this.headers = headers;
 		}
 		public void doWithRequest(ClientHttpRequest request) throws IOException {
 			request.getHeaders().putAll(this.headers);
 			request.getHeaders().setAccept(
 					Arrays.asList(MediaType.APPLICATION_JSON, MediaType.APPLICATION_FORM_URLENCODED));
 			if (logger.isDebugEnabled()) {
 				logger.debug("Encoding and sending form: " + form);
 			}
 			FORM_MESSAGE_CONVERTER.write(this.form, MediaType.APPLICATION_FORM_URLENCODED, request);
 		}
 	}
 	private class AccessTokenErrorHandler extends DefaultResponseErrorHandler {
 		@SuppressWarnings("unchecked")
 		@Override
 		public void handleError(ClientHttpResponse response) throws IOException {
 			for (HttpMessageConverter<?> converter : messageConverters) {
 				if (converter.canRead(OAuth2Exception.class, response.getHeaders().getContentType())) {
 					OAuth2Exception ex;
 					try {
 						ex = ((HttpMessageConverter<OAuth2Exception>) converter).read(OAuth2Exception.class, response);
 					}
 					catch (Exception e) {
 						// ignore
 						continue;
 					}
 					throw ex;
 				}
 			}
 			super.handleError(response);
 		}
 	}
 }