cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <>
Subject [jira] [Commented] (CXF-4656) [OAuth 2] Add attributes property to UserSubject object
Date Wed, 28 Nov 2012 15:51:00 GMT


Sergey Beryozkin commented on CXF-4656:

Thanks for the update; 

I wonder if you doing it right or not... The token subject is the end user subject which was
created by ImplicitGrantService by calling on the implementation of AuthorizationCodeDataProvider,
it is not a very good name for the provider used with the Implict service :-) but the responsibility
of the provider implementing AuthorizationCodeDataProvider is the same really whether the
code or implicit grant is used...

So when this subject is created by ImplicitGrantService, only the principal name and roles
if any are added - I'll need to make it easier to customize it by at least making the method
where it is done protected, but at the moment it is not even possible to customize it. 

Next, AccessTokenService is expected to use
- you can def write your own but the point is that it is exactly that  subject that was created
at the previous step which is supposed to be presented as the token subject to the data provider
- otherwise, if the token subject is set to be the same as the client subject then the filter
will let the client access the resources of all the end users...

Can you have a look please at AuthorizationCodeGrantHandler ? Do you use it and if you don't
then is it what you do to in your custom grant handler ?


> [OAuth 2] Add attributes property to UserSubject object
> -------------------------------------------------------
>                 Key: CXF-4656
>                 URL:
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS Security
>    Affects Versions: 2.6.3, 2.7.0
>            Reporter: Steven Tippetts
> I need to be able to provide a few authentication attributes to my endpoints along with
the login and roles. These attributes are things like the principal's id or name and come
from the authentication provider. An "attributes" property that is a Map<String, String>
in the UserSubject object would work out nicely.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message