Jordi Torrente created CXF-4341:
-----------------------------------
Summary: AccessTokenService does not identify the authentication
scheme
Key: CXF-4341
URL: https://issues.apache.org/jira/browse/CXF-4341
Project: CXF
Issue Type: Bug
Components: JAX-RS Security
Affects Versions: 2.6
Reporter: Jordi Torrente
Inside AccessTokenService when checking if the client is authenticated (method
authenticateClientIfNeeded), the condition to find out the authentication
scheme used by an already authenticated client compares to "Basic" and a value
as "BASIC" evaluates it to false.
In my environment (tomcat 7 + jdk 1.6 + CXF 2.6.1 last snapshot), after SSL
activation and added the following security constraint to oauth2 endpoint:
<security-constraint>
<web-resource-collection>
<web-resource-name>OAuth Services</web-resource-name>
<url-pattern>/services/oauth2/token</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>OAUTH2_USER</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>OAuth services</realm-name>
</login-config>
SecurityContext.getAuthenticationScheme() always returns "BASIC". Wouldn't be
better to ignore upper/lower case?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
