cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Klapste (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-5569) OAuth AbstractAuthFilter and query parameters used for signing
Date Tue, 18 Feb 2014 17:26:20 GMT
Jason Klapste created CXF-5569:
----------------------------------

             Summary: OAuth AbstractAuthFilter and query parameters used for signing
                 Key: CXF-5569
                 URL: https://issues.apache.org/jira/browse/CXF-5569
             Project: CXF
          Issue Type: Improvement
          Components: JAX-RS Security
    Affects Versions: 2.7.10
            Reporter: Jason Klapste
            Priority: Minor


In the AbstractAuthFilter the query (or body) parameters used for signing are only those included
in ALLOWED_OAUTH_PARAMETERS.

But if I'm reading the RFC correctly, it looks are though ALL parameters should be considered
for signature generation.

To support both backwards compatibility, can I suggest exposing the ALLOWED_OAUTH_PARAMETERS
to subclasses (either directly or via getter/setters) along with a flag that can be set to
automatically include any and all parameters?



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message