cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <>
Subject [jira] [Commented] (CXF-4666) [OAuth2] securityContext problem on createSubject
Date Fri, 30 Nov 2012 13:07:58 GMT


Sergey Beryozkin commented on CXF-4666:

I've made the method where UserSubject is created protected and also updated it to check for
UserSubject which may've already been created from filters/interceptors, so you can say register
a custom RequestHandler filter, create UserSubject and do "message.setContent(UserSubject.class),
mySubject" - this may be simpler than extending the class...

"the additional properties I'm interested in are: account id, surname, and given name." -
OK, thanks, I thought may be I can get away with extending UserSubject :-)
> [OAuth2] securityContext problem on createSubject
> -------------------------------------------------
>                 Key: CXF-4666
>                 URL:
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 2.7.0
>            Reporter: Steven Tippetts
> This is probably just ignorance on my part, but when I override the createSubject method
in the file, the securityContext parameter that is passed
in is of type AbstractHTTPDestination$2. This parameter contains my authentication token,
but I don't know how to get at it, so I'm having to go to the SecurityContextHolder to get
the context instead of just using the parameter.
> I'm just using standard Spring authentication, so it seems like many other people would
also have AbstractHTTPDestination$2 as the security type, which causes roles to be missed
in the OAuthUtils.createSubject method.
> I'm sure I missed some details so please let know your questions and thanks for your

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message