cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Evgeni Kisel (JIRA)" <>
Subject [jira] [Commented] (CXF-4425) [OAuth] enable to send multiple requests with the same header
Date Mon, 16 Jul 2012 14:02:34 GMT


Evgeni Kisel commented on CXF-4425:

1. It's a service provider security violation. 
2. OAuth specification ( : The nonce allows the Service Provider
to verify that a request has never been made before and helps prevent replay attacks when
requests are made over a non-secure channel (such as HTTP). 

But there are no such verification.
> [OAuth] enable to send multiple requests with the same header
> -------------------------------------------------------------
>                 Key: CXF-4425
>                 URL:
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 2.6.1
>            Reporter: Evgeni Kisel
> It's possible to send multiple request with the same header. Actually it's a security

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message