[
https://issues.apache.org/jira/browse/CXF-6663?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh closed CXF-6663.
------------------------------------
> Scope based authorization support for OAuth2 RS endpoints
> ---------------------------------------------------------
>
> Key: CXF-6663
> URL: https://issues.apache.org/jira/browse/CXF-6663
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Reporter: Sergey Beryozkin
> Assignee: Sergey Beryozkin
> Fix For: 3.1.5, 3.2.0
>
>
> Annotations like @ConfidentialClient, @Scopes("a", "b") should be used in
> the combinations or separately, ex, this method can only be invoked if the
> client behind this access token is confidential, and/or this client has 'a'
> and 'b' scopes approved. OAuth2 filter can already do some fine-grained
> authorization (restrict to specific HTTP verbs or URI subsets) and the RS
> code can use OauthContext to manually check the scopes, the client type, etc,
> but the annotation-based AC would be quite handy too
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
