cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (CXF-6663) Scope based authorization support for OAuth2 RS endpoints
Date Fri, 14 Oct 2016 14:19:21 GMT

     [ https://issues.apache.org/jira/browse/CXF-6663?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh closed CXF-6663.
------------------------------------

> Scope based authorization support for OAuth2 RS endpoints
> ---------------------------------------------------------
>
>                 Key: CXF-6663
>                 URL: https://issues.apache.org/jira/browse/CXF-6663
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS Security
>            Reporter: Sergey Beryozkin
>            Assignee: Sergey Beryozkin
>             Fix For: 3.1.5, 3.2.0
>
>
> Annotations like @ConfidentialClient, @Scopes("a", "b") should  be used in the combinations
or separately, ex, this method can only be invoked if the client behind this access token
is confidential, and/or this client has 'a' and 'b' scopes approved. OAuth2 filter can already
do some fine-grained authorization (restrict to specific HTTP verbs or URI subsets) and the
RS code can use OauthContext to manually check the scopes, the client type, etc, but the annotation-based
AC would be quite handy too



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message