Sergey Beryozkin created CXF-6663:
-------------------------------------
Summary: Scope based authorization support for OAuth2 RS endpoints
Key: CXF-6663
URL: https://issues.apache.org/jira/browse/CXF-6663
Project: CXF
Issue Type: Improvement
Components: JAX-RS Security
Reporter: Sergey Beryozkin
Assignee: Sergey Beryozkin
Annotations like @ConfidentialClient, @Scopes("a", "b") should be used in the
combinations or separately, ex, this method can only be invoked if the client
behind this access token is confidential, and/or this client has 'a' and 'b'
scopes approved. OAuth2 filter can already so some fine-grained authorization
(restrict to specific HTTP verbs or URI subsets) and the RS code can use
OauthContext to manually check the scopes, the client type, etc, but the
annotation-based AC would be quite handy too
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
