Hi
On 09/10/14 08:31, cmoulliard wrote:
Hi,
The project cxf under systests/rs-security proposes some Oauth2 integration
tests but also a stand alone Java Main class that we could use to run an
OAuth Autorization Server (I think so) with the class
org.apache.cxf.systest.jaxrs.security.oauth2.BookServerOAuth2.
Is there a class that we could use to play the role of a client
(getAccessToken, ...) or curl http requests (not documented) that we could
use to play with this OAuth2 BookStore ?
BookServerOAuth2 sets up a primitive OAuth2 AccessTokenService which
exchanges various grants for tokens. Typically
AuthorizationCodeGrantService would be set up alongside it to deal with
the code flow and issue a code grant, both sharing the same data
provider unless the authorization code grant is not supported. It is
just tricky to test redirects in the system tests.
I'd suggest start from a clean sheet and do a basic OAuth2
AccessTokenService set up first, have a Java server initializing a
Spring context which will set up AccessTokenService as shown in
server.xml in the tests, you only need to inject into it a data provider
and one or more grant handlers, the latter step is optional if the
authorization code grant is used.
Your data provider needs to implement AuthorizationCodeDataProvider if
the code grant is supported, a simpler OAuthDataProvider only otherwise...
Finally, you might want to do "CXF OAuth2" in Google and see in a linked
to demo how a collocated or completely standalone OAuth2 Authorization
and AccessToken Services can be set up.
Cheers, Sergey
Regards,
Charles
--
View this message in context:
http://cxf.547215.n5.nabble.com/Oauth2-BookStore-tp5749690.html
Sent from the cxf-user mailing list archive at Nabble.com.
