cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steven Tippetts (JIRA)" <>
Subject [jira] [Commented] (CXF-4671) [OAuth2] Add option to not have user intervention
Date Tue, 04 Dec 2012 18:07:01 GMT


Steven Tippetts commented on CXF-4671:

Sergey, thank you for your feedback. I'm not able to use the client credentials grant because
my client is public and I need the implicit flow. However, I can use pre-authorized tokens.
Thank you for suggesting that. In order to get the pre-authorized tokens working I need a
change to the code. I'll create another issue for that change. This issue can be closed.
> [OAuth2] Add option to not have user intervention
> -------------------------------------------------
>                 Key: CXF-4671
>                 URL:
>             Project: CXF
>          Issue Type: Wish
>          Components: JAX-RS Security
>    Affects Versions: 2.7.0
>            Reporter: Steven Tippetts
> I'm using the cxf oauth library as a cross domain, non-cookie way to protect my resource
server endpoints.  As such, I don't need the user to authorize access to any data.  I know
this isn't part of the OAuth 2 spec, but it would be very nice if there were a config setting
that would skip the user authorization part.
> Currently, I'm extending RedirectionBasedGrantService and overriding startAuthorization
like this:
> {code}
> @Override
> protected Response startAuthorization(MultivaluedMap<String, String> params) {
>   super.startAuthorization(params);
>   HttpSession session = getMessageContext().getHttpServletRequest().getSession();
>   String sessionToken = (String)session.getAttribute(OAuthConstants.SESSION_AUTHENTICITY_TOKEN);
>   params.add("session_authenticity_token", sessionToken);
>   params.add("oauthDecision", "allow");
>   return super.completeAuthorization(params);
> }
> {code}
> This works ok for me, but it would be nice if it were a part of the library.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message