cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r840827 - in /websites/production/cxf/content: cache/docs.pageCache cache/main.pageCache docs/jax-rs-oauth2.html faq.html
Date Wed, 05 Dec 2012 14:48:53 GMT
Author: buildbot
Date: Wed Dec  5 14:48:52 2012
New Revision: 840827

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/cache/main.pageCache
    websites/production/cxf/content/docs/jax-rs-oauth2.html
    websites/production/cxf/content/faq.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jax-rs-oauth2.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-oauth2.html (original)
+++ websites/production/cxf/content/docs/jax-rs-oauth2.html Wed Dec  5 14:48:52 2012
@@ -125,7 +125,7 @@ Apache CXF -- JAX-RS OAuth2
 
 
 <div>
-<ul><li><a shape="rect" href="#JAX-RSOAuth2-Introduction">Introduction</a></li><li><a
shape="rect" href="#JAX-RSOAuth2-Mavendependencies">Maven dependencies</a></li><li><a
shape="rect" href="#JAX-RSOAuth2-DevelopingOAuth2Servers">Developing OAuth2 Servers</a></li><ul><li><a
shape="rect" href="#JAX-RSOAuth2-AuthorizationService">Authorization Service</a></li><li><a
shape="rect" href="#JAX-RSOAuth2-AccessTokenService">AccessTokenService</a></li><ul><li><a
shape="rect" href="#JAX-RSOAuth2-AccessTokenTypes">Access Token Types</a></li><ul><li><a
shape="rect" href="#JAX-RSOAuth2-Bearer">Bearer</a></li><li><a shape="rect"
href="#JAX-RSOAuth2-MAC">MAC</a></li></ul><li><a shape="rect"
href="#JAX-RSOAuth2-AccessTokenValidationService">AccessTokenValidationService</a></li></ul><li><a
shape="rect" href="#JAX-RSOAuth2-SupportedGrants">Supported Grants</a></li><ul><li><a
shape="rect" href="#JAX-RSOAuth2-AuthorizationCode">Authorization Code</a></li><li><a
shape="rect" href="#JAX-RSOAuth2-
 Implicit">Implicit</a></li><li><a shape="rect" href="#JAX-RSOAuth2-ClientCredentials">Client
Credentials</a></li><li><a shape="rect" href="#JAX-RSOAuth2-ResourceOwnerPasswordCredentials">Resource
Owner Password Credentials</a></li><li><a shape="rect" href="#JAX-RSOAuth2-RefreshToken">Refresh
Token</a></li><li><a shape="rect" href="#JAX-RSOAuth2-CustomGrants">Custom
Grants</a></li></ul><li><a shape="rect" href="#JAX-RSOAuth2-WritingOAuthDataProvider">Writing
OAuthDataProvider</a></li><li><a shape="rect" href="#JAX-RSOAuth2-OAuthServerJAXRSendpoints">OAuth
Server JAX-RS endpoints</a></li></ul><li><a shape="rect" href="#JAX-RSOAuth2-UserSessionAuthenticity">User
Session Authenticity</a></li><li><a shape="rect" href="#JAX-RSOAuth2-ProtectingresourceswithOAuthfilters">Protecting
resources with OAuth filters</a></li><li><a shape="rect" href="#JAX-RSOAuth2-Howtogettheuserloginname">How
to get the user login name</a></li><li><a shape="rect" href="#JAX-RSOAuth2-Clientsidesupport">Cli
 ent-side support</a></li><li><a shape="rect" href="#JAX-RSOAuth2-OAuth2withouttheExplicitAuthorization">OAuth2
without the Explicit Authorization</a></li><li><a shape="rect" href="#JAX-RSOAuth2-OAuthWithoutaBrowser">OAuth
Without a Browser</a></li><li><a shape="rect" href="#JAX-RSOAuth2-Reportingerrordetails">Reporting
error details</a></li><li><a shape="rect" href="#JAX-RSOAuth2-Designconsiderations">Design
considerations</a></li><ul><li><a shape="rect" href="#JAX-RSOAuth2-ControllingtheAccesstoResourceServer">Controlling
the Access to Resource Server</a></li><ul><li><a shape="rect" href="#JAX-RSOAuth2-Sharingthesameaccesspathbetweenendusersandclients">Sharing
the same access path between end users and clients</a></li><li><a shape="rect"
href="#JAX-RSOAuth2-Providingdifferentaccesspointstoendusersandclients">Providing different
access points to end users and clients</a></li></ul><li><a shape="rect"
href="#JAX-RSOAuth2-SingleSignOn">Single Sign On</a></li></ul><li><a
shape="
 rect" href="#JAX-RSOAuth2-WhatIsNext">What Is Next</a></li></ul></div>
+<ul><li><a shape="rect" href="#JAX-RSOAuth2-Introduction">Introduction</a></li><li><a
shape="rect" href="#JAX-RSOAuth2-Mavendependencies">Maven dependencies</a></li><li><a
shape="rect" href="#JAX-RSOAuth2-DevelopingOAuth2Servers">Developing OAuth2 Servers</a></li><ul><li><a
shape="rect" href="#JAX-RSOAuth2-AuthorizationService">Authorization Service</a></li><li><a
shape="rect" href="#JAX-RSOAuth2-AccessTokenService">AccessTokenService</a></li><ul><li><a
shape="rect" href="#JAX-RSOAuth2-AccessTokenTypes">Access Token Types</a></li><ul><li><a
shape="rect" href="#JAX-RSOAuth2-Bearer">Bearer</a></li><li><a shape="rect"
href="#JAX-RSOAuth2-MAC">MAC</a></li><li><a shape="rect" href="#JAX-RSOAuth2-CustomandEncryptedtokens">Custom
and Encrypted tokens</a></li></ul><li><a shape="rect" href="#JAX-RSOAuth2-AccessTokenValidationService">AccessTokenValidationService</a></li></ul><li><a
shape="rect" href="#JAX-RSOAuth2-SupportedGrants">Supported Grants</a></li><ul><li><a
shape="rect" href
 ="#JAX-RSOAuth2-AuthorizationCode">Authorization Code</a></li><li><a
shape="rect" href="#JAX-RSOAuth2-Implicit">Implicit</a></li><li><a
shape="rect" href="#JAX-RSOAuth2-ClientCredentials">Client Credentials</a></li><li><a
shape="rect" href="#JAX-RSOAuth2-ResourceOwnerPasswordCredentials">Resource Owner Password
Credentials</a></li><li><a shape="rect" href="#JAX-RSOAuth2-RefreshToken">Refresh
Token</a></li><li><a shape="rect" href="#JAX-RSOAuth2-CustomGrants">Custom
Grants</a></li></ul><li><a shape="rect" href="#JAX-RSOAuth2-PreAuthorizedaccesstokens">PreAuthorized
access tokens</a></li><li><a shape="rect" href="#JAX-RSOAuth2-WritingOAuthDataProvider">Writing
OAuthDataProvider</a></li><li><a shape="rect" href="#JAX-RSOAuth2-OAuthServerJAXRSendpoints">OAuth
Server JAX-RS endpoints</a></li></ul><li><a shape="rect" href="#JAX-RSOAuth2-UserSessionAuthenticity">User
Session Authenticity</a></li><li><a shape="rect" href="#JAX-RSOAuth2-ProtectingresourceswithOAuthfilters">Protecting
  resources with OAuth filters</a></li><li><a shape="rect" href="#JAX-RSOAuth2-Howtogettheuserloginname">How
to get the user login name</a></li><li><a shape="rect" href="#JAX-RSOAuth2-Clientsidesupport">Client-side
support</a></li><li><a shape="rect" href="#JAX-RSOAuth2-OAuth2withouttheExplicitAuthorization">OAuth2
without the Explicit Authorization</a></li><li><a shape="rect" href="#JAX-RSOAuth2-OAuthWithoutaBrowser">OAuth
Without a Browser</a></li><li><a shape="rect" href="#JAX-RSOAuth2-Reportingerrordetails">Reporting
error details</a></li><li><a shape="rect" href="#JAX-RSOAuth2-Designconsiderations">Design
considerations</a></li><ul><li><a shape="rect" href="#JAX-RSOAuth2-ControllingtheAccesstoResourceServer">Controlling
the Access to Resource Server</a></li><ul><li><a shape="rect" href="#JAX-RSOAuth2-Sharingthesameaccesspathbetweenendusersandclients">Sharing
the same access path between end users and clients</a></li><li><a shape="rect"
href="#JAX-RSOAuth2-Providingdiffer
 entaccesspointstoendusersandclients">Providing different access points to end users and
clients</a></li></ul><li><a shape="rect" href="#JAX-RSOAuth2-SingleSignOn">Single
Sign On</a></li></ul><li><a shape="rect" href="#JAX-RSOAuth2-WhatIsNext">What
Is Next</a></li></ul></div>
 
 <h1><a shape="rect" name="JAX-RSOAuth2-Introduction"></a>Introduction</h1>
 
@@ -369,7 +369,7 @@ Headers: 
 
 <h3><a shape="rect" name="JAX-RSOAuth2-AccessTokenTypes"></a>Access Token
Types</h3>
 
-<p>As mentioned above, AccessTokenService can work with whatever token is created by
a given data provider. This section provides more information on how CXF may help with supporting
Bearer and MAC tokens.</p>
+<p>As mentioned above, AccessTokenService can work with whatever token is created by
a given data provider. This section provides more information on how CXF may help with supporting
Bearer and MAC tokens. </p>
 
 <h4><a shape="rect" name="JAX-RSOAuth2-Bearer"></a>Bearer</h4>
 
@@ -498,6 +498,14 @@ Authorization: MAC id=<span class="code-
 
 <p>where 'ts' attribute is used to pass a timestamp value.</p>
 
+<h4><a shape="rect" name="JAX-RSOAuth2-CustomandEncryptedtokens"></a>Custom
and Encrypted tokens</h4>
+
+<p>If needed, users can use their own custom token types, with the only restriction
that the custom token type implementations have to extend org.apache.cxf.rs.security.oauth2.common.ServerAccessToken.
</p>
+
+<p>CXF implementations of Bearer and Access token types can also be extended if required.
For example, typically the access token data will be persisted in the database. One possible
option is to experiment with actually encrypting the state of the token within the token id
itself and returning it to the client and then decrypting it when OAuthDataProvider is requested
to get ServerAccessToken representation of the current token identifier.</p>
+
+<p>The cost of encrypting and decrypting will add up to the processing time - however
the provider will not be actually responsible for storing the access token details which can
start making a difference with a high number of clients.</p>
+
 <h3><a shape="rect" name="JAX-RSOAuth2-AccessTokenValidationService"></a>AccessTokenValidationService
</h3>
 <p>The  <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidationService.java">AccessTokenValidationService</a>
is a CXF specific OAuth2 service for accepting the remote access token validation requests.
Typically, OAuthRequestFilter (see on it below) may choose to impersonate itself as a third-party
client and will ask AccessTokenValidationService to return the information relevant to the
current access token, before setting up a security context. More on it below.</p>
 
@@ -552,6 +560,15 @@ The simplest approach is to register a C
 
 <p>Alternatively create a custom <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenGrantHandler.java">AccessTokenGrantHandler</a>
and register it with AccessTokenService. Additionally, consider providing a related <a
shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenGrant.java">AccessTokenGrant</a>
implementation for making it easy for the client code to request a new access token with this
custom grant.  </p>
 
+<h2><a shape="rect" name="JAX-RSOAuth2-PreAuthorizedaccesstokens"></a>PreAuthorized
access tokens </h2>
+
+<p>When working with the flows which require the end users/resource owners explicitly
authorizing clients (for example, as in the case of redirection-based flows), using pre-authorized
access tokens is one option to minimize the need for the end-user intervention. <br clear="none">
+OAuthDataProvider is always checked first if the pre-authorized access token for a given
Client exists and if yes then it will be returned immediately, without starting the authorization
process involving the end user (as required by some flows).</p>
+
+<p>Consider providing a user interface which will let the end users/resource owners
to pre-authorize specific clients early. Note, a CXF service for supporting the users pre-authorizing
the clients or revoking the tokens for some of the clients may be introduced in the future.
 </p>
+
+<p>Also note that using a refresh token grant may further help with minimizing the
end user involvement, in cases when the current access token has expired.</p>
+
 
 <h2><a shape="rect" name="JAX-RSOAuth2-WritingOAuthDataProvider"></a>Writing
OAuthDataProvider</h2>
 

Modified: websites/production/cxf/content/faq.html
==============================================================================
--- websites/production/cxf/content/faq.html (original)
+++ websites/production/cxf/content/faq.html Wed Dec  5 14:48:52 2012
@@ -153,7 +153,7 @@ Apache CXF -- FAQ
 
 <h3><a shape="rect" name="FAQ-CanCXFrunwithJDK1.5%3F"></a>Can CXF run with
JDK 1.5?</h3>
 
-<p>Yes.  Keep in mind though that Java 2 SE 5.0 with JDK 1.5 has reached end of life
(<a shape="rect" class="external-link" href="http://www.oracle.com/technetwork/java/eol-135779.html"
rel="nofollow">EOL</a>).</p>
+<p>Yes for CXF 2.6.x and older.  Keep in mind though that Java 2 SE 5.0 with JDK 1.5
has reached end of life (<a shape="rect" class="external-link" href="http://www.oracle.com/technetwork/java/eol-135779.html"
rel="nofollow">EOL</a>). CXF 2.7.x no longer supports Java 5. In order to upgrade
to 2.7.0, you must be using Java 6 (or newer).</p>
 
 
 <h3><a shape="rect" name="FAQ-CanCXFrunwithouttheSunreferenceSAAJimplementation%3F"></a>Can
CXF run without the Sun reference SAAJ implementation?</h3>
@@ -295,7 +295,6 @@ headers.add(dummyHeader);
       address=<span class="code-quote">"/MyService"</span> /&gt; 
 </pre>
 </div></div>
-
 </div>
            </div>
            <!-- Content -->



Mime
View raw message