@Override
public void validate(final TokenCredentials credentials, final WebContext webContext) {
val token = credentials.getToken().trim();
val at = this.ticketRegistry.getTicket(token, AccessToken.class);
if (at == null || at.isExpired()) {
val err = String.format("Access token is not found or has expired. Unable to authenticate requesting party access token %s", token);
throw new CredentialsException(err);
}
if (!at.getScopes().contains(getRequiredScope())) {
val err = String.format("Missing scope [%s]. Unable to authenticate requesting party access token %s", OAuth20Constants.UMA_PERMISSION_URL, token);
throw new CredentialsException(err);
}
val profile = new CommonProfile();
val authentication = at.getAuthentication();
val principal = authentication.getPrincipal();
profile.setId(principal.getId());
val attributes = new LinkedHashMap<String, Object>(authentication.getAttributes());
attributes.putAll(principal.getAttributes());
profile.addAttributes(attributes);
profile.addPermissions(at.getScopes());
profile.addAttribute(AccessToken.class.getName(), at);
LOGGER.debug("Authenticated access token [{}]", profile);
credentials.setUserProfile(profile);
}