cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <>
Subject [jira] [Commented] (CXF-4675) Move createUserSubject from RedirectionBasedGrantService to the OAuthDataProvider
Date Wed, 05 Dec 2012 10:42:58 GMT


Sergey Beryozkin commented on CXF-4675:

That is a reasonable argument for the case where a user subject creation has to be customized.
The question remains though, whose responsibility it is to get the subject capturing the info
about the authenticated user or client identity ? IMHO it is out of scope for the data provider,
otherwise where is the limit between what the runtime does and what the provider does ? For
your custom provider it may make sense, for others could be an extra implementation issue...

I may be wrong of course :-). If we see that in some cases the internal info that OAuthDataProvider
may have can indeed help with properly creating a customized UserSubject then it can be reviewed
- I'd probably introduce some other interface... Hmm... May be I can do it now....

> Move createUserSubject from RedirectionBasedGrantService to the OAuthDataProvider
> ---------------------------------------------------------------------------------
>                 Key: CXF-4675
>                 URL:
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS Security
>    Affects Versions: 2.7.0
>            Reporter: Steven Tippetts
> I'm having to extend RedirectionBasedGrantService and consequently ImplicitGrantService
in order to override createUserSubject. Would it be possible to move createUserSubject to
the OAuthDataProvider?

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message