Hi,
This improvement has been added with r192746 and r192747.
The DefaultOAuth2TokenValidator provides 3 hooks.
- boolean validateAccessDelegation
- boolean validateScope
- boolean validateAccessToken
All 3 methods simply return true by default. A practical
OAuth2BearerTokenValidator should extend the validateAccessDelegation and
validateScope methods.
validateAccessToken is for token profile specific validations. E.g. if we
are implementing the MAC token profile for OAuth2 the MAC token validation
code would go here.
Also to note, the AccessTokenDO object which provides information about the
access token can be found in the OAuth2TokenValidationMessageContext as a
property with the name "AccessTokenDO". Using this you could avoid calls to
database to retrieve token information.
The Validators can be plugged using identity.xml. Under OAuth configuration
add the following config.
<TokenValidators>
<TokenValidator type="bearer"
class="org.wso2.sample.OAuth2BearerTokenValidator"/>
</TokenValidators>
On Tue, Nov 12, 2013 at 11:25 AM, Johann Nallathamby <[email protected]>wrote:
> I will add this.
>
>
> On Tue, Nov 12, 2013 at 10:58 AM, Asela Pathberiya <[email protected]> wrote:
>
>> Hi Pradeep,
>>
>> This has been already discussed on Architecture thread. This is a must
>> thing that we want to have in IS 4.6.0. (next release). I am not still
>> sure whether some one already has been worked on this. Johann any idea?..
>> If not, It is great, If you can introduce the extension.
>>
>> Thanks,
>> Asela.
>>
>>
>> On Mon, Nov 11, 2013 at 6:01 PM, Pradeep Fernando <[email protected]>wrote:
>>
>>> Hi,
>>>
>>> The current token validation endpoint only performs basic level of
>>> validation. That is it only checks whether the given token is valid. But
>>> for complex authorization decision making this validation is not enough
>>> IMHO.
>>>
>>> @IS team:
>>>
>>> can you guys please consider adding an extension point for custom
>>> validation impls.
>>>
>>
>>> thanks,
>>> --Pradeep
>>>
>>
>>
>>
>> --
>> Thanks & Regards,
>> Asela
>>
>> ATL
>> Mobile : +94 777 625 933
>>
>
>
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Senior Software Engineer
> Integration Technologies Team
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+94777776950*
> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
>
--
Thanks & Regards,
*Johann Dilantha Nallathamby*
Senior Software Engineer
Integration Technologies Team
WSO2, Inc.
lean.enterprise.middleware
Mobile - *+94777776950*
Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
