cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: Provide an authentication support through OAuth for Apache CXF
Date Fri, 16 Apr 2010 21:21:46 GMT
Hi

>
>
> >
> > 3. Part of 2 (prioritize) : Please consider allocating time on ensuring
> > that
> > a CXF (programmatic) user can vouch for a consumer automatically. If
> > Autonomous profile can help then it is fine but I'd appreciate you
> thinking
> > abut it more, looks like this issue has not been covered.
> >
>
> OK
>
>
In that handy diagram you linked to I'm assuming it is steps 3-4. There's
some redirection going on there and a user is also presented with an
authorization page. I hope this can be handled with the refactoring
HttpConduit a bit and injecting a redirection handler. However, perhaps you
might want to start with the assumption that a user uses a browser, so you'd
just likely start from implementing OpenAuth authorization filters for the
server keeping protected resources as well as from a consumer getting all
the tokens it needs, but once it is done we can focus on the user auto
vouching for the consumer/application - Dan and others can help there as
well...


>
> > >
> > > in the client module:
> > > - credentials data (i.e. client_id, client_secret) used for
> > authentication
> > > with the authorization server
> > > - selection of used OAuth flow to authenticate with the authorization
> > > server?
> > > - additional parameters required in some flows i.e. callback_url
> > >
> > >
> > I'm not quite clear how it will be implemented. This is the consumer
> which
> > will try to access protected resources on some other server on behalf of
> > the
> > owner. So it will need to act as a JAXRS server endpoint too, so that the
> > ServiceProvider can contact it and tell it that an owner is willing to
> let
> > it access and say read and print some photos ?
> >
>
> The client would work like a 'application' described in flow diagram:
>  http://developer.yahoo.com/oauth/guide/oauth-auth-flow.html
> So, the client with given client_id and client_secret can automatically
> obtain an access token and refresh token.
> I hope I didn't ommit something:)
>
>
Sure, I just mean that a client module will likely has to be implemented as
a JAXRS server as well so that it can be contacted and then act as a
client/consumer, as far as getting token is concerned, etc

thanks, Sergey




>
> >
> > > To assure code quality unit test should be written.
> > >
> > > OK
> >
> >
> > >
> > > *Project Schedule*
> > > *
> > > April 26 - May 24*
> > > *
> > > *Get more knowledge about Apache CXF - architecture guide, reading
> books,
> > > articles, tutorials, doing simple CXF applications.
> > > Get more familiar with development process in Apache CXF project:
> coding
> > > guidelines, building project, configuring developer environment.
> > >
> > > *May 25 - June 19*
> > >
> > > Implementation of CXF-OAuth-server module - User Delegation Flows and
> > > working with that client module.
> > >
> > > *June 20 - July 12*
> > >
> > > Implementation of support the End User Credentials Flows and Autonomous
> > > Client Flows and working with that client module.
> > >
> > > *July 13 - July 16*
> > >
> > > Review a project progress done so far.
> > > Documentation of work done.
> > >
> > > *July 17 - July 23*
> > >
> > > Implementation of *Accessing protected resources *part of OAuth
> > >  specification.
> > >
> > > *July 24 - August 5*
> > > *
> > > *Check if implementation fully covers OAuth specification.
> > >
> >
> > As I said above please prioritize on the most basic flow first as well as
> > consider implementing an older version.
> >
> >
> > > Code adjustment.
> > >
> >
> > Perhaps adding demo would be good and help users to start faster.
> >
>
>
> Yes, right.
>
>
>
>
> > >
> > > *August 5 - August 16*
> > > Final documentation. More tests. More bug fixes
> > >
> > >
> > >
> > sounds good
> >
> >
> > >
> > > *Other obligations:*
> > > *I do research work at university. (http://tinyurl.com/uma-wg)*<http://tinyurl.com/uma-wg%29*>
> <
> > http://tinyurl.com/uma-wg%29*>
> > > *Hovewer it is strictly connected with OAuth and RESTfull services, so
> I
> > > think it's rather beneficial.
> > > *
> > >
> >
> > agreed
> >
> >
> > By the way, I'm proposing to add all the code to the package
> > org.apache.cxf.jaxrs.security.oauth.
> > Some changes may need to go HttpConduit (to do with the user auto
> vouching
> > for a consumer)
> > Also, it will need to be another module. You can start with adding the
> code
> > to rt/frontenend/jaxrs  initially but
> > I think we may need to introduce
> >
> > rt/jaxrs/security/oauth,
> >
> > similarly to the way things are done for WS specs such as WS-Security. In
> > fact rt/ws might have OAuth related module added too when SOAP gest
> > supported.
> >
> > thanks, Sergey
> >
>
>
> Cheers,
> Lukasz
>
>
> >
> > >
> > > Cheers,
> > > Lukasz
> > >
> > > 2010/4/10 Daniel Kulp <dkulp@apache.org>
> > >
> > > > Lukasz,
> > > >
> > > > I or Sergey may end up being the mentor for this proposal so we need
> to
> > > > start
> > > > looking at how to score and rank the proposal.  Look at:
> > > >
> > > > http://community.apache.org/mentee-ranking-process.html
> > > >
> > > > Particularly the scoring areas.  One of the things the proposal needs
> > is
> > > > some
> > > > additional details around a timeline and goals to be achieved.   For
> > > > example,
> > > > at mid terms, what is a good target to have achieved?    When should
> we
> > > > start
> > > > seeing patches or similar as steps along the way?  Etc...
> > > >
> > > > Please take a look at the scoring stuff and start working on filling
> in
> > > > more
> > > > details to the proposal. (I THINK you can still edit it, if not, at
> > least
> > > > respond here)
> > > >
> > > > Dan
> > > >
> > > > On Friday 09 April 2010 3:08:56 am Łukasz Moreń wrote:
> > > > > My name is Lukasz Moren and I'm a student looking for an
> interesting
> > > > > project for this year Google
> > > > > Summer of Code.
> > > > >
> > > > > I would like to propose a project idea: Provide an authentication
> > > support
> > > > > through OAuth for Apache CXF (JAXRS module).
> > > > > Something similar to: [1], I mean the idea, not execution.
> > > > >
> > > > > As I am recently involved in RESTful services (mainly RESTEasy
> > > framework,
> > > > > but I've tried also CXF:)) and OAuth protocol,
> > > > > it's area I feel good.
> > > > >
> > > > > The OAuth community works currently on: [2], which appeared after
> > 1.0a.
> > > > > and planning 2.0 release based on OAuth WRAP:[3].
> > > > >
> > > > > I take part in GSoC 2009 in JBoss [4], and project finished
> > > sucessfully.
> > > > > I was mainly involved in two tasks: [5], [6], hovewer the second
> one
> > > > became
> > > > > big
> > > > > and development is continued here: [7].
> > > > > More info about me can be found: [8]
> > > > >
> > > > >
> > > > > [1]
> > > > >
> > > >
> > >
> >
> http://www.jboss.org/file-access/default/members/resteasy/freezone/docs/1.2
> > > > > .GA/userguide/html/Authentication.html [2]
> > > > http://wiki.oauth.net/OAuth-WRAP
> > > > > [3] http://hueniverse.com/2009/11/planning-for-oauth-2-0/
> > > > > [4]
> > > > >
> > > >
> > >
> >
> http://socghop.appspot.com/gsoc/student_project/show/google/gsoc2009/redhat
> > > > > /t124024692589 [5]
> > > > >
> > >
> http://opensource.atlassian.com/projects/hibernate/browse/HSEARCH-392[6]<http://opensource.atlassian.com/projects/hibernate/browse/HSEARCH-392%5B6%5D>
> <
> http://opensource.atlassian.com/projects/hibernate/browse/HSEARCH-392%5B6%5D
> >
> > <
> >
> http://opensource.atlassian.com/projects/hibernate/browse/HSEARCH-392%5B6%5D
> > >
> > > > >
> > >
> http://opensource.atlassian.com/projects/hibernate/browse/HSEARCH-307[7]<http://opensource.atlassian.com/projects/hibernate/browse/HSEARCH-307%5B7%5D>
> <
> http://opensource.atlassian.com/projects/hibernate/browse/HSEARCH-307%5B7%5D
> >
> > <
> >
> http://opensource.atlassian.com/projects/hibernate/browse/HSEARCH-307%5B7%5D
> > >
> > > > > https://jira.jboss.org/jira/browse/ISPN/component/12312732
> > > > > [8]
> > > > >
> > > >
> > >
> >
> http://www.linkedin.com/profile?viewProfile=&key=32578698&locale=en_US&trk=
> > > > > tab_pro
> > > > >
> > > > > Sorry for so much links, but I would like to exaplain things
> briefly.
> > > > >
> > > > > Please let me know what do you think about that idea.
> > > > >
> > > > > Thanks in advance for reply.
> > > > >
> > > > > Best Regards,
> > > > > Lukasz Moren
> > > >
> > > > --
> > > > Daniel Kulp
> > > > dkulp@apache.org
> > > > http://dankulp.com/blog
> > > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message