private void checkToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException { try { String token = httpServletRequest.getHeader("oauth_token"); String sessionId = httpServletRequest.getHeader("sessionid"); LOG.debug("Token: {} for session: {}", token, sessionId); if(StringUtils.stringNotEmpty(token) && StringUtils.stringNotEmpty(sessionId)) { UserSession session = sessionManager.getSession(sessionId); if(session != null) { CryptoEngine cryptoEngine = CryptoFactory.getEngine(); String expectedTokenHash = cryptoEngine.hash(sessionId, token); if (expectedTokenHash.equals(session.getAccessToken())) { httpServletRequest.setAttribute("session", new UserSessionImpl(sessionId, token, session.getEncryptedContentKey(), session.getUser())); filterChain.doFilter(httpServletRequest, httpServletResponse); } else { handleErrorResponse(httpServletResponse, UNAUTHORIZED_CODE, "Invalid token"); } } else { handleErrorResponse(httpServletResponse, UNAUTHORIZED_CODE, "Invalid token"); } } else { handleErrorResponse(httpServletResponse, UNAUTHORIZED_CODE, "No token"); } } catch(JasDBStorageException e) { LOG.error("Unknown error happened when processing token", e); handleErrorResponse(httpServletResponse, 500, "Unknown error"); } }