I am trying to use the AccessTokenVaidatorService, but I keep running into a problem of the UserPrincipal being null.
@Path("validate")
public class AccessTokenValidatorService extends AbstractAccessTokenValidator {
@POST
@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public AccessTokenValidation getTokenValidationInfo(
@FormParam(OAuthConstants.AUTHORIZATION_SCHEME_TYPE) String authScheme,
@Encoded @FormParam(OAuthConstants.AUTHORIZATION_SCHEME_DATA) String authSchemeData) {
if (getMessageContext().getSecurityContext().getUserPrincipal() == null) {
AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
return super.getAccessTokenValidation(authScheme, authSchemeData);
However, my token is a client_credentials grant type and there is no user. Also, I am wonder why the OAuth server would have a UserPrincipal to begin with. The end user does not even know this service exists as the protected services are calling it with the Auth token they are called with. So, I don’t understand why a UserPrincipal should ever be present? If I am missing something, how does the UserPrincipal get created and added to the SecurityContext then?
Any help on this would be greatly appreciated as no matter what I have tried I can’t get this service to work.
@Path("validate")
public class AccessTokenValidatorService extends AbstractAccessTokenValidator {
@POST
@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public AccessTokenValidation getTokenValidationInfo(
@FormParam(OAuthConstants.AUTHORIZATION_SCHEME_TYPE) String authScheme,
@Encoded @FormParam(OAuthConstants.AUTHORIZATION_SCHEME_DATA) String authSchemeData) {
if (getMessageContext().getSecurityContext().getUserPrincipal() == null) {
AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
return super.getAccessTokenValidation(authScheme, authSchemeData);
However, my token is a client_credentials grant type and there is no user. Also, I am wonder why the OAuth server would have a UserPrincipal to begin with. The end user does not even know this service exists as the protected services are calling it with the Auth token they are called with. So, I don’t understand why a UserPrincipal should ever be present? If I am missing something, how does the UserPrincipal get created and added to the SecurityContext then?
Any help on this would be greatly appreciated as no matter what I have tried I can’t get this service to work.