[ https://issues.apache.org/jira/browse/CXF-6663?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed CXF-6663. ------------------------------------ > Scope based authorization support for OAuth2 RS endpoints > --------------------------------------------------------- > > Key: CXF-6663 > URL: https://issues.apache.org/jira/browse/CXF-6663 > Project: CXF > Issue Type: Improvement > Components: JAX-RS Security > Reporter: Sergey Beryozkin > Assignee: Sergey Beryozkin > Fix For: 3.1.5, 3.2.0 > > > Annotations like @ConfidentialClient, @Scopes("a", "b") should be used in > the combinations or separately, ex, this method can only be invoked if the > client behind this access token is confidential, and/or this client has 'a' > and 'b' scopes approved. OAuth2 filter can already do some fine-grained > authorization (restrict to specific HTTP verbs or URI subsets) and the RS > code can use OauthContext to manually check the scopes, the client type, etc, > but the annotation-based AC would be quite handy too -- This message was sent by Atlassian JIRA (v6.3.4#6332)