[jira] [Updated] (CXF-5712) OAuth2 SessionAuthenticityTokenProvider must be able to validate user form data

Sergey Beryozkin (JIRA) Fri, 25 Apr 2014 04:42:40 -0700

     [ 
https://issues.apache.org/jira/browse/CXF-5712?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Sergey Beryozkin updated CXF-5712:
----------------------------------

    Description: 
SessionAuthenticityTokenProvider accepts only CXF MessageContext which is not 
sufficient for validating data like temporarily codes, etc.
For example, when the user is redirected to AuthorizationService to authorize a 
grant request the service will challenge the user with the authorization form, 
at this point custom SessionAuthenticityTokenProvider should be able to send a 
temp code to the user's mobile/email and request the user to enter this code 
into the form and then validate it on the user confirmation. 


  was:
SessionAuthenticityTokenProvider accepts only CXF MessageContext which is not 
sufficient for validating data like temporarily codes, etc.
For example, when the user is redirected to AuthorizationService to authorize a 
grant request the service will challenge the user with the authorization form, 
at this point custom SessionAuthenticityTokenProvider should be able to sent a 
temp code to the user's mobile/email and request the user to enter this code 
into the form and then validate it on the user confirmation. 



> OAuth2 SessionAuthenticityTokenProvider must be able to validate user form 
> data
> -------------------------------------------------------------------------------
>
>                 Key: CXF-5712
>                 URL: https://issues.apache.org/jira/browse/CXF-5712
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS, JAX-RS Security
>            Reporter: Sergey Beryozkin
>             Fix For: 3.0.0
>
>
> SessionAuthenticityTokenProvider accepts only CXF MessageContext which is not 
> sufficient for validating data like temporarily codes, etc.
> For example, when the user is redirected to AuthorizationService to authorize 
> a grant request the service will challenge the user with the authorization 
> form, at this point custom SessionAuthenticityTokenProvider should be able to 
> send a temp code to the user's mobile/email and request the user to enter 
> this code into the form and then validate it on the user confirmation. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (CXF-5712) OAuth2 SessionAuthenticityTokenProvider must be able to validate user form data

Reply via email to