/*
* Create an authorizationRequest from the request parameters.
* This can be either a valid or an invalid request, which will be determined by the oAuth2Validator.
*/
AuthorizationRequest authorizationRequest = extractAuthorizationRequest(request);
final ValidationResponse validationResponse = oAuth2Validator.validate(authorizationRequest);
if (authenticator.canCommence(request)) {
/*
* Ok, the authenticator wants to have control again (because he stepped
* out)
*/
authenticator.doFilter(request, response, chain);
} else if (validationResponse.valid()) {
// Request contains correct parameters to be a real OAuth2 request.
handleInitialRequest(authorizationRequest, request);
authenticator.doFilter(request, response, chain);
} else {
// not an initial request but authentication module cannot handle it either