String username = tokenizerManager.getUser(entandoApiToken);
user = authenticationProvider.getUser(username);
if (null != user) {
properties.put(SystemConstants.API_USER_PARAMETER, user);
} else if (apiMethod.getRequiredAuth()) {
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Invalid or missing user for token '" + entandoApiToken + "'", Response.Status.UNAUTHORIZED);
}
} catch (Exception e) {
if (apiMethod.getRequiredAuth()) {
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Authentication Required", Response.Status.UNAUTHORIZED);
}
}
if (null == user && (apiMethod.getRequiredAuth() || null != apiMethod.getRequiredPermission())) {
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Authentication Required", Response.Status.UNAUTHORIZED);
} else if (null != user && null != apiMethod.getRequiredPermission()
&& !authorizationManager.isAuthOnPermission(user, apiMethod.getRequiredPermission())) {
throw new ApiException(IApiErrorCodes.API_AUTHORIZATION_REQUIRED, "Authorization Required", Response.Status.UNAUTHORIZED);
}
}