cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CXF-5712) OAuth2 SessionAuthenticityTokenProvider must be able to validate user form data
Date Fri, 25 Apr 2014 11:46:16 GMT

     [ https://issues.apache.org/jira/browse/CXF-5712?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sergey Beryozkin resolved CXF-5712.
-----------------------------------

    Resolution: Fixed
      Assignee: Sergey Beryozkin

Trunk only due to the migration side-effect

> OAuth2 SessionAuthenticityTokenProvider must be able to validate user form data
> -------------------------------------------------------------------------------
>
>                 Key: CXF-5712
>                 URL: https://issues.apache.org/jira/browse/CXF-5712
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS, JAX-RS Security
>            Reporter: Sergey Beryozkin
>            Assignee: Sergey Beryozkin
>             Fix For: 3.0.0
>
>
> SessionAuthenticityTokenProvider accepts only CXF MessageContext which is not sufficient
for validating data like temporarily codes, etc.
> For example, when the user is redirected to AuthorizationService to authorize a grant
request the service will challenge the user with the authorization form, at this point custom
SessionAuthenticityTokenProvider should be able to send a temp code to the user's mobile/email
and request the user to enter this code into the form and then validate it on the user confirmation.




--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message