@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
throws AuthenticationException {
OAuth2Token upToken = (OAuth2Token) token;
final String accessToken = (String) upToken.getCredentials();
if (StringUtils.isEmpty(accessToken)) {
throw new OAuth2AuthenticationException("Invalid access_token: " + accessToken);
}
// Validate access token
ServerAccessToken aToken = rsService.loadAccessTokenByTokenId(accessToken);
validateToken(accessToken, aToken);
// Validate client details by resource-id
final ClientDetails clientDetails =
rsService.loadClientDetails(aToken.clientId(), upToken.getResourceId());
validateClientDetails(accessToken, aToken, clientDetails);
String username = aToken.getOpenid();
// Null username is invalid
if (username == null) {
throw new AccountException("Null usernames are not allowed by this realm.");
}
return new SimpleAuthenticationInfo(username, accessToken, getName());
}
private void validateClientDetails(
String token, ServerAccessToken accessToken, ClientDetails clientDetails)
throws OAuth2AuthenticationException {
if (clientDetails == null || !clientDetails.getStatus().equals(CommonStatus.ENABLE)) {
log.debug(
"Invalid ClientDetails: {} by client_id: {}, it is null or archived",
clientDetails,
accessToken.clientId());
throw new OAuth2AuthenticationException("Invalid client by token: " + token);
}
}
private void validateToken(String token, ServerAccessToken accessToken)
throws OAuth2AuthenticationException {
if (accessToken == null) {
log.debug("Invalid access_token: {}, because it is null", token);
throw new OAuth2AuthenticationException("Invalid access_token: " + token);
}
if (accessToken.isTokenExpired()) {
log.debug("Invalid access_token: {}, because it is expired", token);
throw new OAuth2AuthenticationException("Invalid access_token: " + token);
}
}
