for(String cap:capabilities){
try {
scopes.add(new Capability(cap).to(request.getRequestUri().toURL()));
} catch (MalformedURLException e) {
throw new AuthException(500, "Invalid host name: "+ request.getRequestUri().toString());
}
}
logger.debug("Expecting scopes: "+Arrays.toString(scopes.toArray()));
// Create OAuth client
OauthClient oauthClient = new BeesClient(oauthConfig.getClientId(), oauthConfig.getClientSecret()).getOauthClient();
//parse Bearer token from Authorization header
String token = oauthClient.parseAuthorizationHeader(request.getHeaderValue("Authorization"));
// If not found get it from the access_token parameter
if(token == null){
token = request.getQueryParameters().getFirst("access_token");
}
if (token == null) {
logger.error("No OAuth access_token found in the request.");
throw new AuthException(401, "No OAuth access_token found in the request.");
}
OauthToken oauthToken;
try {
//Validate scopes
if(secureAnnotation.validateAllScopes()){
oauthToken = oauthClient.validateToken(token);
if(oauthToken != null){
for(String scope:scopes){
if(!oauthToken.validateScope(scope)){
throw new AuthException(401, String.format("Expected scope: %s not found on the token", scope));
}
}
}
}else{
oauthToken = oauthClient.validateToken(token,scopes.toArray(new String[scopes.size()]));
}
} catch (OauthClientException e) {
logger.error(e.getMessage(),e);
throw new AuthException(401, "Authentication failed, invalid token");
}
if (oauthToken == null || oauthToken.accessToken == null) {
throw new AuthException(401, "Authentication failed, invalid token");
}
//Set principal to secu context in the request
CloudbeesPrincipal principal = new CloudbeesPrincipalImpl(oauthToken);
return new AuthContainerRequest(principal,request);