in stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java [73:215]
public void filter(ContainerRequestContext request) throws IOException {
if (logger.isTraceEnabled()) {
logger.trace("Filtering: {}", request.getUriInfo().getBaseUri());
}
if( bypassSecurityCheck(request) ){
return;
}
try {
try {
String accessToken = httpServletRequest.getParameter( "access_token" );
if (StringUtils.isEmpty( accessToken )) {
// Make the OAuth Request out of this request
OAuthAccessResourceRequest oauthRequest =
new OAuthAccessResourceRequest( httpServletRequest, ParameterStyle.HEADER );
// Get the access token
accessToken = oauthRequest.getAccessToken();
}
if (StringUtils.isEmpty( accessToken )) {
return;
}
AuthPrincipalInfo principal = null;
try {
// will update access time in principal if statements below, don't do it here
TokenInfo tokenInfo = tokens.getTokenInfo( accessToken, false );
principal = tokenInfo.getPrincipal();
} catch (BadTokenException e1) {
throw mappableSecurityException( BAD_ACCESS_TOKEN_ERROR );
} catch (ExpiredTokenException ete) {
throw mappableSecurityException( EXPIRED_ACCESS_TOKEN_ERROR );
} catch (InvalidTokenException ite) {
throw mappableSecurityException( INVALID_AUTH_ERROR );
}
catch (ExternalSSOProviderAdminUserNotFoundException eAdminUserNotFound){
throw mappableSecurityException(EXTERNALSSOPROVIDER_UNACTIVATED_ADMINUSER);
} catch(IndexOutOfBoundsException ioobe) {
// token is just some rubbish string
throw mappableSecurityException( BAD_ACCESS_TOKEN_ERROR );
} catch (Exception e) {
if (logger.isDebugEnabled()) {
logger.debug( "Unable to verify OAuth token: " + accessToken, e );
} else {
logger.warn( "Unable to verify OAuth token" );
}
throw mappableSecurityException( UNVERIFIED_OAUTH_ERROR );
}
if (principal == null) {
return;
}
PrincipalCredentialsToken token = null;
if (AuthPrincipalType.ADMIN_USER.equals( principal.getType() )) {
UserInfo user = null;
try {
user = management.getAdminUserInfoFromAccessToken( accessToken );
} catch (ManagementException e) {
throw mappableSecurityException( e, BAD_ACCESS_TOKEN_ERROR );
} catch (Exception e) {
logger.error( "failed to get admin user info from access token", e );
}
if (user == null) {
throw mappableSecurityException( BAD_ACCESS_TOKEN_ERROR );
}
token = PrincipalCredentialsToken.getFromAdminUserInfoAndAccessToken(
user, accessToken, emf.getManagementAppId() );
} else if (AuthPrincipalType.APPLICATION_USER.equals( principal.getType() )) {
UserInfo user = null;
try {
user = management.getAppUserFromAccessToken( accessToken );
} catch (ManagementException e) {
throw mappableSecurityException( e, BAD_ACCESS_TOKEN_ERROR );
} catch (Exception e) {
logger.error( "failed to get app user from access token", e );
}
if (user == null) {
throw mappableSecurityException( BAD_ACCESS_TOKEN_ERROR );
}
token = PrincipalCredentialsToken.getFromAppUserInfoAndAccessToken( user, accessToken );
} else if (AuthPrincipalType.ORGANIZATION.equals( principal.getType() )) {
OrganizationInfo organization = null;
try {
organization = management.getOrganizationInfoFromAccessToken( accessToken );
} catch (ManagementException e) {
throw mappableSecurityException( e, BAD_ACCESS_TOKEN_ERROR );
} catch (Exception e) {
logger.error( "failed to get organization info from access token", e );
}
if (organization == null) {
throw mappableSecurityException( BAD_ACCESS_TOKEN_ERROR );
}
token = PrincipalCredentialsToken
.getFromOrganizationInfoAndAccessToken( organization, accessToken );
} else if (AuthPrincipalType.APPLICATION.equals( principal.getType() )) {
ApplicationInfo application = null;
try {
application = management.getApplicationInfoFromAccessToken( accessToken );
} catch (ManagementException e) {
throw mappableSecurityException( e, BAD_ACCESS_TOKEN_ERROR );
} catch (Exception e) {
logger.error( "failed to get application info from access token", e );
}
if (application == null) {
throw mappableSecurityException( BAD_ACCESS_TOKEN_ERROR );
}
token = PrincipalCredentialsToken.getFromApplicationInfoAndAccessToken( application, accessToken );
}
Subject subject = SubjectUtils.getSubject();
subject.login( token );
} catch (OAuthProblemException e) {
// Check if the error code has been set
String errorCode = e.getError();
if (OAuthUtils.isEmpty( errorCode )) {
return;
}
throw mappableSecurityException( errorCode, e.getMessage(), null );
}
} catch (OAuthSystemException ose) {
throw mappableSecurityException( ose, null );
}
}