cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <>
Subject Moving some of OAuth2 security utils to the core
Date Mon, 06 Oct 2014 15:45:53 GMT

Luigi (FH Koln) suggested some good refactoring ideas for the original 
oauth2-jwt module, now named oauth2-jose. Specifically, he correctly 
pointed out that JWE/JWT is not depending on OAuth2 works, but it is the 
other way around where OAuth2 applications may use JWT tokens for a 
variety of goals.
I'm preparing one last module split there, in time for tomorrows builds 
(Dan, please wait till I'm done :-)). I had to move some of Oauth2 
security utils to the core, but in fact those security utils are not 
OAuth2 specific, lots of boilerplate code to to with loading keys, 
encrypting, signing, depending on Java security API only, I think it 
might make sense to keep them there as it can be handy not only for the 
OAuth2/JOSE code, but for people doing custom interceptors, etc... 
though of course then can be easily moved to some other destination if 
preferred and Colm, Dan, others reviewing those utils would be welcome too

Thanks, Sergey

View raw message