cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (CXF-6573) AccessToken doesn't serialize with snake-case
Date Wed, 02 Sep 2015 13:40:46 GMT

    [ https://issues.apache.org/jira/browse/CXF-6573?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14727097#comment-14727097
] 

Sergey Beryozkin edited comment on CXF-6573 at 9/2/15 1:39 PM:
---------------------------------------------------------------

Hmm, I actually did not document that OAuthJsonProvider is supposed to be used, will do asap.

Usually I refer users to a demo which is linked to a Google page after a "CXF OAuth2" search.


I'm not sure about letting 3rd party JSON providers write the response. Let me ask, how does
Jackson writes
a Map 'parameters' field ? Does it introduce a 'parameters' key into a response (add a single
entry into this Map if it ignores the empty Map) ? The reason I ask is that the entries in
Map 'parameters'  have to be siblings of the main token properties, the actual 'parameters'
key can not be introduced. If Jackson can be controlled to block a 'parameters' key while
outputting the actual Map entries then we can consider adding Jaxb annotations to have it
working with a JacksonJaxb provider. 

Please also check, does it output 'expiresIn' if it is set to 0 ? The code sets it to -1 by
default but I guess it is fine to initialize it to 0 by default in case of 'never expires'.


 


was (Author: sergey_beryozkin):
Hmm, I actually did not document that OAuthJsonProvider is supposed to be used, will do asap.

Usually I refer users to a demo which is linked to a Google page after a "CXF OAuth2" search.


I'm not sure about letting 3rd party JSON providers write the response. Let me ask, how does
Jackson writes
a Map 'parameters' field ? Does it introduce a 'parameters' key into a response (add a single
entry into this Map if it ignores the empty Map) ? The reason I ask is that the entries in
Map 'parameters'  have to be siblings of the main token properties, the actual 'parameters'
key can not be introduced. If Jackson can be controlled to block a 'parameters' key while
outputting the actual Map entries then we can consider adding Jaxb annotations to have it
working with a JacksonJaxb provider. 

Please also check, does it output 'expiresIn' if it is set to 0 ? The code sets it to -1 by
default but I guess it is fine to initialize it to 0 by default in case of 'never expires'.

Hmm... Actually, AccessToken also has an issuedAt property which can optionally be reported
but is otherwise a non-standard property that should not go out by default... 
 

> AccessToken doesn't serialize with snake-case
> ---------------------------------------------
>
>                 Key: CXF-6573
>                 URL: https://issues.apache.org/jira/browse/CXF-6573
>             Project: CXF
>          Issue Type: Wish
>          Components: JAX-RS Security
>    Affects Versions: 3.1.2
>            Reporter: Karl von Randow
>            Priority: Minor
>
> The org.apache.cxf.rs.security.oauth2.common.AccessToken class doesn't declare and JAXB
(or other) annotations to influence how it is serialized. So it uses the default serialization
style of the JAXB context.
> In my case this is camel case.
> This means that the AccessToken response from the AccessTokenService uses camel case.
The OAuth docs _appear_ (I'm not a scholar of them) to indicate that it should be snake case.
> Is that true? Is this a thing? Would it be something you'd consider, adding `@XmlElement(name
= "token_key")` annotations? That would be a breaking change for existing users...



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message