I am trying to use the AccessTokenVaidatorService, but I keep running into a
problem of the UserPrincipal being null.
@Path("validate")
public class AccessTokenValidatorService extends AbstractAccessTokenValidator {
@POST
@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public AccessTokenValidation getTokenValidationInfo(
@FormParam(OAuthConstants.AUTHORIZATION_SCHEME_TYPE) String authScheme,
@Encoded @FormParam(OAuthConstants.AUTHORIZATION_SCHEME_DATA) String
authSchemeData) {
if (getMessageContext().getSecurityContext().getUserPrincipal() ==
null) {
AuthorizationUtils.throwAuthorizationFailure(supportedSchemes,
realm);
}
return super.getAccessTokenValidation(authScheme, authSchemeData);
}
}
However, my token is a client_credentials grant type and there is no user.
Also, I am wonder why the OAuth server would have a UserPrincipal to begin
with. The end user does not even know this service exists as the protected
services are calling it with the Auth token they are called with. So, I don’t
understand why a UserPrincipal should ever be present? If I am missing
something, how does the UserPrincipal get created and added to the
SecurityContext then?
Any help on this would be greatly appreciated as no matter what I have tried I
can’t get this service to work.
