/**
* Make sure the client is authenticated
*/
protected Client authenticateClientIfNeeded(MultivaluedMap<String, String> params) {
Client client = null;
SecurityContext sc = getMessageContext().getSecurityContext();
if (params.containsKey(OAuthConstants.CLIENT_ID)) {
// Both client_id and client_secret are expected in the form payload
client = getAndValidateClientFromIdAndSecret(params.getFirst(OAuthConstants.CLIENT_ID),
params.getFirst(OAuthConstants.CLIENT_SECRET));
} else if (sc.getUserPrincipal() != null) {
// Client has already been authenticated
Principal p = sc.getUserPrincipal();
if (p.getName() != null) {
client = getClient(p.getName());
} else {
// Most likely a container-level authentication, possibly 2-way TLS,
// Check if the mapping between Principal and Client Id has been done in a filter
String clientId = (String)getMessageContext().get(OAuthConstants.CLIENT_ID);
if (StringUtils.isEmpty(clientId) && clientIdProvider != null) {
// Check Custom ClientIdProvider
clientId = clientIdProvider.getClientId(getMessageContext());
}
if (!StringUtils.isEmpty(clientId)) {
client = getClient(clientId);
}
}
}
if (client == null) {
TLSSessionInfo tlsSessionInfo =
(TLSSessionInfo)getMessageContext().get(TLSSessionInfo.class.getName());
client = getClientFromTLSCertificates(sc, tlsSessionInfo);
if (client == null) {
// Basic Authentication is expected by default
client = getClientFromBasicAuthScheme();
}
if (client != null && tlsSessionInfo != null) {
// Validate the client application certificates
compareTlsCertificates(tlsSessionInfo, client.getApplicationCertificate());
}
}
if (client == null) {
reportInvalidClient();