cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-6288) OAuth2: Hook to Pre-process or post process the scopes to have more control over Authorization
Date Wed, 11 Mar 2015 16:35:38 GMT

    [ https://issues.apache.org/jira/browse/CXF-6288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14357140#comment-14357140
] 

Sergey Beryozkin commented on CXF-6288:
---------------------------------------

I think you have two options:

1. AuthorizationCodeDataProvider.ccreateCodeGrant(AuthorizationCodeRegistration) is the most
obvious place - the registration bean provides the info about the end user who authorized
the grant and the list of requested and the actual approved scopes
2. Write a JAX-RS ContainerRequestFilter that will process a end user authorization completion
request, read the form stream into MultivaluedData, check the security context, and update
the multivalued data accordingly and replace the input stream....

To be honest 1 is enough. I actually believe now this should've been a users list query...

> OAuth2: Hook to Pre-process or post process the scopes to have more control over Authorization
> ----------------------------------------------------------------------------------------------
>
>                 Key: CXF-6288
>                 URL: https://issues.apache.org/jira/browse/CXF-6288
>             Project: CXF
>          Issue Type: New Feature
>          Components: JAX-RS Security
>            Reporter: pavan
>            Priority: Critical
>
> We have a requirement as such to grant scopes to the end user based on user roles. With
the current cxf implementation we cant implement such requirement. It will be possible if
CXF provide us with a hook which will enable the developers to process the scopes and return
the resultant scopes.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message