confirm.jsp 1.75 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
<%@include file="/WEB-INF/jsp/init.jsp"%>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
</head>
<body>
	<c:set var="ex" value="${sessionScope['SPRING_SECURITY_LAST_EXCEPTION']}" />
	<c:if test="${ex != null}">
		<div class="error">
			<h2>Oh no!</h2>
			<p>Access could not be granted</p>
		</div>
	</c:if>

	<c:remove scope="session" var="SPRING_SECURITY_LAST_EXCEPTION" />
	<security:authentication var="user" property="principal" />

Matija Obreza's avatar
Matija Obreza committed
19
	<security:authorize access="isAuthenticated()">
20
21
		<h1><spring:message code="oauth2.confirm-request" /></h1>
		<p>
22
			<spring:message code="oauth2.confirm-client" arguments="${user.user.name},${client.clientId}" htmlEscape="false" />
23
24
25
26
27
28
		</p>

		<div class="row">
			<div class="col-sm-2">
				<form action="<c:url value="/oauth/authorize" />" method="post">
					<input name="user_oauth_approval" value="true" type="hidden" /> <label><input class="btn btn-primary" name="authorize" value="<spring:message code="oauth2.button-approve" />" type="submit" /></label>
Nick Martynenko's avatar
CSRF    
Nick Martynenko committed
29
30
                    <!-- CSRF protection -->
                    <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
31
32
33
34
35
				</form>
			</div>
			<div class="col-sm-2">
				<form action="<c:url value="/oauth/authorize" />" method="post">
					<input name="user_oauth_approval" value="false" type="hidden" /> <label><input class="btn btn-default" name="deny" value="<spring:message code="oauth2.button-deny" />" type="submit" /></label>
Nick Martynenko's avatar
CSRF    
Nick Martynenko committed
36
37
                    <!-- CSRF protection -->
                    <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
38
39
40
41
42
43
				</form>
			</div>
		</div>
	</security:authorize>
</body>
</html>