More places in which the bearer token should be extracted

geoserver · Sep 19, 2018 · e9e21d2 · e9e21d2
1 parent 6797e27
commit e9e21d2
Showing 1 changed file with 11 additions and 6 deletions.
diff --git a/...-core/src/main/java/org/geoserver/security/oauth2/GeoServerOAuthAuthenticationFilter.java b/...-core/src/main/java/org/geoserver/security/oauth2/GeoServerOAuthAuthenticationFilter.java
@@ -100,10 +100,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
             throws IOException, ServletException {
 
         // Search for an access_token on the request (simulating SSO)
-        String accessToken = getParameterValue("access_token", request);
+        String accessToken = getAccessTokenFromRequest(request);
-        if (accessToken == null) {
-            accessToken = getBearerToken(request);
-        }
 
         OAuth2AccessToken token = restTemplate.getOAuth2ClientContext().getAccessToken();
 
@@ -201,7 +198,7 @@ protected String getParameterValue(String paramName, ServletRequest request) {
     /** The cache key is the authentication key (global identifier) */
     @Override
     public String getCacheKey(HttpServletRequest request) {
-        final String access_token = getParameterValue("access_token", request);
+        final String access_token = getAccessTokenFromRequest(request);
         return access_token != null ? access_token : getCustomSessionCookieValue(request);
     }
 
@@ -369,7 +366,7 @@ protected String getPreAuthenticatedPrincipal(HttpServletRequest req, HttpServle
          */
 
         // Search for an access_token on the request (simulating SSO)
-        final String accessToken = getParameterValue("access_token", req);
+        String accessToken = getAccessTokenFromRequest(req);
 
         if (accessToken != null) {
             restTemplate
@@ -460,6 +457,14 @@ protected String getPreAuthenticatedPrincipal(HttpServletRequest req, HttpServle
         return principal;
     }
 
+    private String getAccessTokenFromRequest(ServletRequest req) {
+        String accessToken = getParameterValue("access_token", req);
+        if (accessToken == null) {
+            accessToken = getBearerToken(req);
+        }
+        return accessToken;
+    }
+
     protected void configureRestTemplate() {
         AuthorizationCodeResourceDetails details =
                 (AuthorizationCodeResourceDetails) restTemplate.getResource();