*/
private void doAuthorizeToken(HttpServletRequest req, HttpServletResponse resp)
throws IOException {
// Check if the OAuth parameters are present, even if we don't use them
// during a GET request.
OAuthMessage message = new HttpRequestMessage(req, req.getRequestURL().toString());
try {
message.requireParameters(OAuth.OAUTH_CALLBACK, OAuth.OAUTH_TOKEN);
} catch (OAuthProblemException e) {
LOG.info("Parameter absent", e);
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
return;
}
// Check if the user is logged in, else redirect to login.
ParticipantId user = sessionManager.getLoggedInUser(req.getSession(false));
if (user == null) {
resp.sendRedirect(sessionManager.getLoginUrl(
DATA_API_OAUTH_PATH + authorizeTokenPath + "?" + req.getQueryString()));
return;
}
// Check if the request token is valid, note that this doesn't hold after
// the call to the container since the token might time out.
try {
tokenContainer.getRequestTokenAccessor(message.getToken());
} catch (OAuthProblemException e) {
LOG.info("Trying to load a non existing token for authorization", e);
resp.sendError(e.getHttpStatusCode(), e.getMessage());
return;
}