On Tue, Apr 25, 2017 at 12:38 PM, Nuwan Dias <[email protected]> wrote:
> Hi Gayan, > > What are you trying to achieve by moving the client-secret validation > logic to the interceptor from the jax-rs layer? > Actually, we have separate layer to pass the secured API in IS and it is common service that can be used for any product. AppManager also using that. In here also Gayan is trying to get the security check into that common layer instead of allowing to go into the next level to validate headers. > Since both run on the same JVM, doesn't the overhead of the process remain > the same, irrespective of where it runs? > > Thanks, > NuwanD. > > On Tue, Apr 25, 2017 at 12:27 PM, Gayan Gunawardana <[email protected]> > wrote: > >> Hi All, >> >> In Oauth /token endpoint and /revoke endpoint >> >> https://localhost:9443/oauth2/token >> https://localhost:9443/oauth2/revoke >> >> required authorization with client key, client secret in basic auth >> headers. Currently in implementation we validate those headers after >> serving request to JAX-RS endpoints. Basically /token, /revoke endpoints >> are unsecured. There is significant amount of processing happen even for >> wrong client secret. >> >> Since we have REST API interceptor layer In IS 5.3.0 can we use it to >> validate client credentials ? We may need to plug an additional >> authenticator to validate client key, client secret in basic auth headers. >> This authenticator may conflict with basic authenticator because both >> authenticators validate basic auth credentials different way. There are two >> approaches to avoid the conflict. >> >> *#option 01 * >> Increase the priority of newly added authenticator and check the context >> inside authenticator canHandle. >> >> *#option 01 * >> Increase the priority of newly added authenticator and check existence of >> oauth application from client key. >> >> WDYT? >> >> -- >> Gayan Gunawardana >> Software Engineer; WSO2 Inc.; http://wso2.com/ >> Email: [email protected] >> Mobile: +94 (71) 8020933 >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Nuwan Dias > > Software Architect - WSO2, Inc. http://wso2.com > email : [email protected] > Phone : +94 777 775 729 <+94%2077%20777%205729> >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
