Yeah,you can use @RolesAllowed. The OAuth implementation just sets the
appropriate principal and principal-role mappings. The servlet, JAX-RS,
or EJB layer does the rest.
On 4/15/2013 2:36 PM, Doug Schnelzer wrote:
> In the oauth2 skeleton key example their was just one role ("user")
> specifi
Thanks. As a follow up, I'd like to request a bearer token but limit the
Roles identified in the bearer token. I'm looking
at org.jboss.resteasy.example.oauth.ProductDatabaseClient. Would it be
right to look that the Access Token Scope to try and accomplish this. What
I'm trying to do is have a
OAuth2 does not define the token format. We have defined our own token
format that transmits signed role-mapping metadata.
Check this out:
http://docs.jboss.org/resteasy/docs/3.0-beta-4/userguide/html/oauth2.html#d4e1454
An "Oauth client" in skeleton key can be assigned a set of roles that it
So continuing to peel back the onion... and getting somewhere...
Thanks for the pointers. I re-read the docs especially around
http://docs.jboss.org/resteasy/docs/3.0-beta-4/userguide/html/oauth2.html#d4e1454
I noticed that the commerce-roles.properties for the current OAuth2
examples has the f
So you want to specify user, client-id, and their credentials and get
back a token that is limited to what the client-id is allowed to get?
All in one request? I don't have an API for this at the moment.
On 4/16/2013 11:50 AM, Doug Schnelzer wrote:
> So continuing to peel back the onion... and