Java Reference
In-Depth Information
String secret
=
userSecretMap
.
get
(
user
);
iif
(
secret
==
null
null
)
throw
throw new
new
NotAuthorizedException
(
"OTP"
);
String regen
=
OTP
.
generateToken
(
secret
);
iif
(!
regen
.
equals
(
otp
))
throw
throw new
new
NotAuthorizedException
(
"OTP"
);
Next, our
filter()
method looks up the secret of the user in its map and generates its own
one-time password. This token is compared to the value sent in the
Authorization
header.
If they match, then the user is authenticated. If the user does not exist or the one-time pass-
word is not validated, then a 401, “Not Authorized,” response is sent back to the client.
final
final
SecurityContext securityContext
=
requestContext
.
getSecurityContext
();
requestContext
.
setSecurityContext
(
new
new
SecurityContext
()
{
@Override
public
public
Principal
getUserPrincipal
()
{
return
return new
new
Principal
()
{
@Override
public
public
String
getName
()
{
return
return
user
;
}
};
}
@Override
public
public
boolean
boolean
isUserInRole
(
String role
)
{
return
return false
false
;
}
@Override
public
public
boolean
boolean
isSecure
()
{
return
return
securityContext
.
isSecure
();
}
@Override
public
public
String
getAuthenticationScheme
()
{
return
return
"OTP"
;
}
});