cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CXF-5599) OAuthRequestFilter, is not compliant with RFC 6750
Date Wed, 12 Mar 2014 13:07:42 GMT

     [ https://issues.apache.org/jira/browse/CXF-5599?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sergey Beryozkin resolved CXF-5599.
-----------------------------------

       Resolution: Fixed
    Fix Version/s: 2.7.11
                   3.0.0
         Assignee: Sergey Beryozkin

"access_token" form parameter is optionally supported, 'checkFormData' property needs to be
set on the filter. 
No OOB support for passing the token as part of query parameters. The spec itself discourages
it for the security reasons. 
if really needed this can be supported by extending OAuthRequestFilter and overriding its
getAuthorizationParts method or adding a CXF interceptor in front of it which will get the
token from the query string and add Authorization header to the current message

Cheers, Sergey

> OAuthRequestFilter, is not compliant with RFC 6750
> --------------------------------------------------
>
>                 Key: CXF-5599
>                 URL: https://issues.apache.org/jira/browse/CXF-5599
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS Security
>    Affects Versions: 3.0.0-milestone2, 2.7.10
>            Reporter: Antonio Sargento
>            Assignee: Sergey Beryozkin
>              Labels: oauth2
>             Fix For: 3.0.0, 2.7.11
>
>
> The OAuth 2.0 Filter, OAuthRequestFilter, is not compliant with [RFC 6750|http://tools.ietf.org/html/rfc6750].



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message