@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { try{ String header = request.getHeader("Authorization"); if (header == null || !header.startsWith("Basic ")) { chain.doFilter(request, response); return; } String[] decodedHeader = extractAndDecodeHeader(header, request); //Validate against client lockout policy String clientId = decodedHeader[0]; //Validate against client secret expiration in the zone configured client secret policy Timestamp lastModified = (Timestamp) clientDetailsService.loadClientByClientId(clientId).getAdditionalInformation().get(ClientConstants.LAST_MODIFIED); } catch(BadCredentialsException e) { super.getAuthenticationEntryPoint().commence(request, response, e); return; } catch(ClientRegistrationException e) { logger.debug(e.getMessage()); } //call parent class to authenticate super.doFilterInternal(request, response, chain); }
@Override public UserDetails loadUserByUsername( String username ) throws UsernameNotFoundException { try { return super.loadUserByUsername( username ); } catch ( ClientRegistrationException ex ) { throw new UsernameNotFoundException( ex.getMessage(), ex ); } } }
public void testLoadClientByInvalidClientId() { try { this.oauthConsumerManager.loadClientByClientId("invalid"); fail(); } catch (ClientRegistrationException t) { assertEquals("Client with id 'invalid' does not exists", t.getMessage()); } catch (Throwable t) { throw t; } }
public void testFailLoadClientByClientId() throws Throwable { ConsumerRecordVO consumer = this.createConsumer("key_3", "secret_3", true); try { assertNull(this.oauthConsumerManager.getConsumerRecord(consumer.getKey())); oauthConsumerManager.addConsumer(consumer); ConsumerRecordVO extractedConsumer = oauthConsumerManager.getConsumerRecord(consumer.getKey()); assertNotNull(extractedConsumer); this.oauthConsumerManager.loadClientByClientId("key_3"); fail(); } catch (ClientRegistrationException t) { assertEquals("Client 'key_3' is expired", t.getMessage()); } catch (Throwable t) { throw t; } finally { oauthConsumerManager.deleteConsumer(consumer.getKey()); assertNull(this.oauthConsumerManager.getConsumerRecord(consumer.getKey())); } }