AccessTokenIssuer
*Current Implementation*
boolean isAuthenticated;
if(clientAuthHandler != null){
isAuthenticated =
clientAuthHandler.authenticateClient(tokReqMsgCtx);
} else {
isAuthenticated = true;
}
boolean isValidGrant = authzGrantHandler.validateGrant(tokReqMsgCtx);
boolean isAuthorized =
authzGrantHandler.authorizeAccessDelegation(tokReqMsgCtx);
boolean isValidScope = authzGrantHandler.validateScope(tokReqMsgCtx);
if (!isAuthenticated) {
//handle error
}
if (!isValidGrant) {
//handle error
}
if (!isAuthorized) {
//handle error
}
if (!isValidScope) {
//handle error
}
In this case even authentication fails it goes to grant validation even
grant validation fails it goes to authorized validation and even all three
fails it goes to scope validation. As an improvement proposed solution
would be handle errors at the movement they have detected.
*Re-factored Code *
boolean isAuthenticated;
if(clientAuthHandler != null){
isAuthenticated =
clientAuthHandler.authenticateClient(tokReqMsgCtx);
} else {
isAuthenticated = true;
}
if (!isAuthenticated) {
//handle error
}
boolean isValidGrant = authzGrantHandler.validateGrant(tokReqMsgCtx);
if (!isValidGrant) {
//handle error
}
boolean isAuthorized =
authzGrantHandler.authorizeAccessDelegation(tokReqMsgCtx);
if (!isAuthorized) {
//handle error
}
boolean isValidScope = authzGrantHandler.validateScope(tokReqMsgCtx);
if (!isValidScope) {
//handle error
}
Thanks,
Gayan
--
Gayan Gunawardana
Software Engineer; WSO2 Inc.; http://wso2.com/
Email: [email protected]
Mobile: +94 (71) 8020933
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
