Hi
On 17/07/13 16:05, Nishantha Pradeep wrote:
Hi Sergey
Using jwt is not mandatory for my work. But does cxf support to use
customized token type ?
Check
http://cxf.apache.org/docs/jax-rs-oauth2.html#JAX-RSOAuth2-CustomandEncryptedtokens,
I think this section needs to be expanded.
So you need to extend
http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
and get your data provider return your custom token instance when requested.
You will then need to register AccessTokenValidator:
http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java
with OAuthRequestFilter.
If your resource server and authorization server are not collocated
(most likely not) then register your custom validator with
AccessTokenValidatorService, you can find some info here:
http://cxf.apache.org/docs/jax-rs-oauth2.html#JAX-RSOAuth2-ProtectingresourceswithOAuthfilters
In addition can cxf be used as an independent oauth2 authorization server ?
Do you mean can it be used to implement support for a flow like
authorization code flow, and get the grants replaced for tokens ? Yes,
please check the wiki, it has a dedicated section about it
Cheers, Sergey
Thanks
Nishantha
On Wed, Jul 17, 2013 at 5:06 PM, Sergey Beryozkin <[email protected]>wrote:
Hi
On 17/07/13 11:13, Nishantha Pradeep wrote:
Hi
I would like to know that does cxf support OAuth2 and is it using json
web
tokens ?
See
http://cxf.apache.org/docs/**jax-rs-oauth2.html<http://cxf.apache.org/docs/jax-rs-oauth2.html>
Re JWT - CXF does not offer any built-in support for JWT yet.
What needs to be decided is whether we should reuse some of 3rd party
libraries for it or do a basic JWT support locally.
Is using JWT important for your case ?
Sergey
Thanks
Nishantha
