Steven Tippetts created CXF-4671:
------------------------------------
Summary: [OAuth2] Add option to not have user intervention
Key: CXF-4671
URL: https://issues.apache.org/jira/browse/CXF-4671
Project: CXF
Issue Type: Wish
Components: JAX-RS Security
Affects Versions: 2.7.0
Reporter: Steven Tippetts
I'm using the cxf oauth library as a cross domain, non-cookie way to protect my
resource server endpoints. As such, I don't need the user to authorize access
to any data. I know this isn't part of the OAuth 2 spec, but it would be very
nice if there were a config setting that would skip the user authorization part.
Currently, I'm extending RedirectionBasedGrantService and overriding
startAuthorization like this:
{code}
@Override
protected Response startAuthorization(MultivaluedMap<String, String> params) {
super.startAuthorization(params);
HttpSession session =
getMessageContext().getHttpServletRequest().getSession();
String sessionToken =
(String)session.getAttribute(OAuthConstants.SESSION_AUTHENTICITY_TOKEN);
params.add("session_authenticity_token", sessionToken);
params.add("oauthDecision", "allow");
return super.completeAuthorization(params);
}
{code}
This works ok for me, but it would be nice if it were a part of the library.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
