-
Improvement
-
Resolution: Unresolved
-
Major
-
4.2.0
-
None
-
None
-
2 - Long term
-
2 - Normal
We should have a parameter to the AuthenticateAction with the token-context.
/** The sitemap parameter holding the token context */ protected static final String SITEMAP_PARAMETER_TOKEN_CONTEXT= "token-context"; @Override protected boolean _handleAuthenticationToken(Request request, Parameters parameters) { String token = request.getHeader(HEADER_TOKEN); if (StringUtils.isBlank(token)) { token = parameters.getParameter(PARAMETERS_PARAMETER_TOKEN, _getTokenFromRequest(request)); } String tokenContext = parameters.getParameter(SITEMAP_PARAMETER_TOKEN_CONTEXT, null); if (StringUtils.isNotBlank(token)) { UserIdentity userIdentity = _validateToken(token, tokenContext); if (userIdentity != null) { // Save user identity _setUserIdentityInSession(request, userIdentity, new UserDAO.ImpersonateCredentialProvider(), true); _validateCurrentlyConnectedUserIsInAuthorizedPopulation(userIdentity, request, parameters); return true; } } return false; } /** * Validate the given token * @param token The non empty token to validate * @param tokenContext The context token * @return The corresponding user identity or null */ protected UserIdentity _validateToken(String token, String tokenContext) { return _authenticateTokenManager != null ? _authenticateTokenManager.validateToken(token, tokenContext) : null; }
