}
protected SecurityContext createSecurityContext(HttpServletRequest request,
AccessTokenValidation accessTokenV) {
UserSubject endUserSubject = accessTokenV.getTokenSubject();
UserSubject clientSubject = accessTokenV.getClientSubject();
final UserSubject theSubject =
OAuthRequestFilter.this.useUserSubject ? endUserSubject : clientSubject;
return new SecurityContext() {
public Principal getUserPrincipal() {
return theSubject != null ? new SimplePrincipal(theSubject.getLogin()) : null;
}
public boolean isUserInRole(String role) {
if (theSubject == null) {
return false;
}
return theSubject.getRoles().contains(role);
}
};
}