/**
* Make sure the client is authenticated
*/
private Client authenticateClientIfNeeded(MultivaluedMap<String, String> params) {
Client client = null;
SecurityContext sc = getMessageContext().getSecurityContext();
if (params.containsKey(OAuthConstants.CLIENT_ID)) {
// both client_id and client_secret are expected in the form payload
client = getAndValidateClient(params.getFirst(OAuthConstants.CLIENT_ID),
params.getFirst(OAuthConstants.CLIENT_SECRET));
} else if (sc.getUserPrincipal() != null) {
// client has already authenticated
Principal p = sc.getUserPrincipal();
String scheme = sc.getAuthenticationScheme();
if (OAuthConstants.BASIC_SCHEME.equalsIgnoreCase(scheme)) {
// section 2.3.1
client = getClient(p.getName());
} else {
// section 2.3.2