I had used a Custom handler in 2.6.1 to make it work for the OOB scenario and I had used the same code from 2.5 that works for OOB in it. I'm sorry for doing that, I know its not a good approach but I just wanted to see how/ when it works. As you advised me to use 2.6.2, that's what I'm doing now.
I saw the code you sent for the Authorization handler and realized the reason for the issue is that the stand-alone Java client that I'm using for 2.6.2 is not sending the same session ID as the /authorize request. Hence, the server considers it to be a fresh session each time and perhaps that is why it creates a new session with a new session authenticity token. I need to set the JSessionID in my HttpUrlConnection object. Will try that out and let you know if it works. -- View this message in context: http://cxf.547215.n5.nabble.com/OAuth-1-0-in-CXF-2-6-2-tp5713150p5713199.html Sent from the cxf-user mailing list archive at Nabble.com.
