Overriding AuthorizationEndpoint

[mroot]

How would I go about overriding the AuthorizationEndpoint. The spring magic makes it a little hard to see how to override a beans like AuthorizationEndpoint.

If I had the bean equivalent with classes of the following code I could figure it out:

<oauth:authorization-server client-details-service-ref="clientService" token-services-ref="tokenServices"
user-approval-handler-ref="userApprovalHandler">
<oauth:authorization-code />
<oauth:implicit />
<oauth:refresh-token />
<oauth:client-credentials />
<oauthassword />
</oauth:authorization-server>

My project that I am working on requires me to make a modification to the implicit grant for a specified client and requires overriding the AuthorizationEndpoint.appendAccessToken which is a private method.

I could spend some time going through the AuthorizationServerBeanDefinitionParser to figure out the beans that are generated, but figured that someone has already overridden this class already.

Thanks in advance.

[Dave Syer]

The simplest way is probably to add the standard XML for <authorization-server/> and then add a bean definition with id "oauth2AuthorizationEndpoint" (it will override the default one).

I'd like to get some more details of your use case though because you ought to be able to customize the existing behaviour quite extensively already. There are plenty of slots for client-specific behaviour (AuthorizationRequestManager, UserApprovalHandler, the addtional info map in OAUth2AccessToken), so I'm surprised if you have to resort to replacing the whole endpoint.