|
|
|
@ -91,7 +91,7 @@ public class RequestContextRetriever extends RequestHandler {
|
|
|
|
|
AuthorizationEntry authEntry = null;
|
|
|
|
|
try{
|
|
|
|
|
authEntry = authorizationService().get(token);
|
|
|
|
|
if (retrievedUser != null && authEntry.getClientInfo().getId().equals(retrievedUser))
|
|
|
|
|
if (retrievedUser != null && !authEntry.getClientInfo().getId().equals(retrievedUser))
|
|
|
|
|
throw new Exception("user and token owner are not the same");
|
|
|
|
|
}catch(ObjectNotFound onf){
|
|
|
|
|
log.warn("rejecting call to {}, invalid token {}",call.context().name(),token);
|
|
|
|
|