protected Account checkRequireToken(Method method) { Account account = getAccount(); RequireToken requireToken = ClassUtil.getAnnotation(method, RequireToken.class); if (requireToken != null) { String tokenName = requireToken.value(); Context context = RouteDispatcher.getRouteContext(); // extract the named token from a header or a query parameter String token = Strings.emptyToNull(context.getRequest().getHeader(tokenName)); token = Optional.fromNullable(token).or(context.getParameter(tokenName).toString("")); if (Strings.isNullOrEmpty(token)) { throw new AuthorizationException("Missing '{}' token", tokenName); } if (account.isGuest()) { // authenticate by token TokenCredentials credentials = new TokenCredentials(token); account = securityManager.get().authenticate(credentials); if (account == null) { throw new AuthorizationException("Invalid '{}' value '{}'", tokenName, token); } context.setLocal(AuthConstants.ACCOUNT_ATTRIBUTE, account); log.debug("'{}' account authenticated by token '{}'", account.getUsername(), token); } else { // validate token account.checkToken(token); } } return account; }
protected Account checkRequireToken(Method method) { Account account = getAccount(); RequireToken requireToken = ClassUtil.getAnnotation(method, RequireToken.class); if (requireToken != null) { String tokenName = requireToken.value(); Context context = RouteDispatcher.getRouteContext(); // extract the named token from a header or a query parameter String token = Strings.emptyToNull(context.getRequest().getHeader(tokenName)); token = Optional.fromNullable(token).or(context.getParameter(tokenName).toString("")); if (Strings.isNullOrEmpty(token)) { throw new AuthorizationException("Missing '{}' token", tokenName); } if (account.isGuest()) { // authenticate by token TokenCredentials credentials = new TokenCredentials(token); account = securityManager.get().authenticate(credentials); if (account == null) { throw new AuthorizationException("Invalid '{}' value '{}'", tokenName, token); } context.setLocal(AuthConstants.ACCOUNT_ATTRIBUTE, account); log.debug("'{}' account authenticated by token '{}'", account.getUsername(), token); } else { // validate token account.checkToken(token); } } return account; }