// TODO:
// This custom parameter is only needed by the "oauth"
// demo shipped in the distribution; needs to be removed.
request.setAttribute("oauth_authorities", info.getRoles());
UserSubject subject = info.getToken().getSubject();
final UserSubject theSubject = subject;
return new SecurityContext() {
public Principal getUserPrincipal() {
String login = AbstractAuthFilter.this.useUserSubject
? (theSubject != null ? theSubject.getLogin() : null)
: info.getToken().getClient().getLoginName();
return new SimplePrincipal(login);
}
public boolean isUserInRole(String role) {
List<String> roles = null;
if (AbstractAuthFilter.this.useUserSubject && theSubject != null) {
roles = theSubject.getRoles();
} else {
roles = info.getRoles();
}
return roles == null ? false : roles.contains(role);
}