private boolean isRealOwnerOfToken(HttpContext c, Cookie tokenCookie)
throws IllegalAccessException, InvocationTargetException, InstantiationException {
LOGGER.debug("HttpContext : " + c + " Cookie : " + tokenCookie);
Token token = TokenFactory.getInstance().createToken(tokenCookie.getValue());
String hash = generateAttributesHash(c.getRequest());
return hash.equals(token.getAttributesHash());
}
/**
* Merges all path patterns and and creates a single string value which will be equal with service
* methods path annotation value and HTTP method type. Generated string will be used for
* permission checks.
*
* @param token for checking permission list
* @param matchedTemplates matched templates of context. They will be merged with reverse order
* @param method HTTP Method of the request. Will be merged with
* @return true if user is Authorized.
*/
private boolean isAuthorized(Token token, List<UriTemplate> matchedTemplates, String method) {
StringBuilder path = new StringBuilder();
// Merge all path templates and generate a path.
for (UriTemplate template : matchedTemplates) {
path.insert(0, template.getTemplate());
}
path.append(":").append(method);
// Look at user permissions to see if the service is permitted.
return token.getPermissions().contains(path.toString());
}
