Re: FW: OAuth2 to protect CXF SOAP endpoints

Tue, 06 May 2014 14:38:42 -0700 

Hi Venkat

These are all very good questions so I'm CC-ing to CXF users


On 06/05/14 21:34, NALLA, VENKAT wrote:

Hi Sergey,

I was able to add the OAuth2 token as a HTTP Header. I have to use 
AccessTokenValidatorService which in not in the same process of resource 
service, the OAuth2 server with AccessTokenService, and 
AccessTokenValidatorService is a separate instance. Do I need to customize 
OAuthRequestFilter, and OAuthRequestInterceptor to work in this case?
org.apache.cxf.rs.security.oauth2.filters.AccessTokenValidatorClient is an out of the box HTTP-aware AccessTokenValidator, so you can start from it, register it with the request filter/interceptor 
If I use BinarySecurityToken, is it possible to provide a validator which works 
with WS-Security context either using WSS4J or WS-SecurityPolicy?
Yes, see the source of the OAuthRequestInterceptor - you can extend it and so a simple override and utilize a binary token or indeed some other token 
How is UserSubject (login, roles) is related to OAuth2? My understanding is 
that it has only client_id, client_secret, scope,  App Name. Do I need some 
kind of mapping to security context?
UserSubject represents either an authenticate end user/resource owner, example, the one which authorized a 3rd party web app. It also represents a Client (example, when a client is registered it is allocated a client id). 

Let me know please if you have more questions

Thanks, Sergey

Thanks,
Venkat


-----Original Message-----
From: Sergey Beryozkin [mailto:[email protected]]
Sent: Tuesday, April 29, 2014 11:21 AM
To: NALLA, VENKAT
Subject: Re: FW: OAuth2 to protect CXF SOAP endpoints

Hi, I forwarded the answer to the users list given that it will be of
interest to others too

Cheers, Sergey

On 29/04/14 15:25, NALLA, VENKAT wrote:

Hi Sergey,

                  I was looking at your blogspot and came across "Use
OAuth2 tokens to protect CXF SOAP endpoints".  I would like try and
understand how it works. Could you please send me the link to the
example code? Does it work in CXF 2.7.6 or do I need 3.0 milestone
release to try the example code? BTW what is the expected release date
for 3.0?

Thanks,

Venkat







--
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com

Reply via email to