Re: Using OAuth 1.0a with JAX-RS CXF

Thu, 01 Jun 2017 08:55:45 -0700 

Hi
It has been many years since some contributions were made to CXF OAuth 1.0a code and I was actually hoping to remove it from the CXF master but we agreed to keep for now. As far as CXF is concerned all the 'investment' goes into the its OAuth2 and OIDC and JOSE code. 

I've updated

https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+OAuth

see

https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+OAuth#JAX-RSOAuth-Client-sidesupport


My understanding your task is really to write a client code which will 
be able to talk to a 3rd party server which is protected by OAuth1.0 filter.



As far as the client side support for OAuth1.0a is concerned, CXF only 
offers OAuthClientUtils which can help to correctly format Authorization 
headers or get some tokens, etc


Cheers, Sergey
On 01/06/17 14:35, nicolasduminil wrote:

Hello,

My company is looking to implement an electronic signing solution based on
an external service provider. This service provider provides a set of REST
services which require OAuth 1.0a authentication/authorization. They don't
support 3-leg flow at all, they don't recommend to use 2-leg, but only
1-leg.

Looking at the CXF documentation, I found these two pages:
http://cxf.apache.org/docs/cxf-oauth-10.html,
http://cxf.apache.org/docs/jax-rs-oauth.html, but it is still difficult to
get an idea of what CXF proposes as far as OAuth 1.0a is concerned, and more
specifically 1-leg flow.

Additionally, the links on these pages are broken such that it is not
possible to download neither CXF OAuth 1.0 Extension, as proposed, nore the
samples OAuth Demo Server and OAuth Demo Client.

Last but not least, our REST clients supposed to use OAuth 1.0a will run as
Java EE components deployed on WebSphere 9.0.0.3 which comes with Apache
3.0.3. We don't have the option to use another release of Apache CXF than
the one comming with WebSphere. And customizing Apache CXF 3.0.3 in
WebSphere is probably difficult or not possible given that it comes bundled
in a quite rigid way.

So my questions are: what options would we have here ? Is it possible to use
Apache CXF for these purposes and, if yes, how ? Where can I find examples
of JAX-RS clients ? And how to download and install the required extensions
in the already bundles CXF on WebSphere ?

Many thanks in advance, for your help.

Kind regards,
Nicolas




--
View this message in context: 
http://cxf.547215.n5.nabble.com/Using-OAuth-1-0a-with-JAX-RS-CXF-tp5780889.html
Sent from the cxf-user mailing list archive at Nabble.com.




--
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/






















					Reply via email to