AccessTokenFilter.java example

Explorer

meep-server-historical-master
- app
- test
  - functional
  - oauth2
    - functional
      - AccessTokenTest.java
    - unit
      - TestCheckUserAuthentication.java
      - TestSecurity.java
  - unit

package controllers.oauth2;

import models.User;
import oauth2.CheckUserAuthentication;
import oauth2.OAuth2Constants;
import play.mvc.Before;
import play.mvc.Router;
import play.mvc.Http.Inbound;
import DTO.UserDTO;
import controllers.RenderJSONEnhancer;

/**
 * The AccessTokenFilter intercepts requests and expects an access token parameter
 * to be in the query string. If the access token is valid, the request proceeds,
 * if not a 401 Unauthorized error is sent back in the response.
 * 
 * @author Alex Jarvis axj7@aber.ac.uk
 */
public class AccessTokenFilter extends RenderJSONEnhancer {
	
	protected static CheckUserAuthentication userAuth;
	
	/**
	 * Checks that the request contains a valid access token.
	 */
	@Before
	protected static void checkAccessToken() {
		
		// Check oauth_token present in request, if not, error
		if (params._contains(OAuth2Constants.PARAM_OAUTH_TOKEN)) {
			
			// Check token exists in system
			userAuth = new CheckUserAuthentication();
			if (!userAuth.validToken(params.get(OAuth2Constants.PARAM_OAUTH_TOKEN))) {
				error(401, "Unauthorized");
			}
		
		// Resources actions that do not require an access token
		} else if (!request.action.equals(Router.reverse("oauth2.AccessToken.auth").action) &&
				!request.action.equals(Router.reverse("Users.create").action)) {
			error(401, "Unauthorized");
		}
	}
	
	/**
	 * Returns the current User object of the user which is authorised with this request.
	 * @return
	 */
	public static User getAuthorisedUser() {
		return userAuth.getAuthorisedUser();
	}
	
	/**
	 * Returns the current UserDTO object of the user which is authorised with this request.
	 * @return
	 */
	public static UserDTO getAuthorisedUserDTO() {
		return userAuth.getAuthorisedUserDTO();
	}
	
}