Hi
On 02/06/17 08:28, nicolasduminil wrote:
Hi Srgey,
Thanks for your help. The 1-leg flow, as far as I understood, consists in
the fact that client doesn’t have to ask for tokens (neither request nor
access tokens) before accessing protected ressource. Here is an image
showing the flow (well, if I succeed to insert it):
<http://cxf.547215.n5.nabble.com/file/n5780904/687474703a2f2f7075752e73682f32706530372e706e67.png>
So, yes, my task would be to provide the client code able to access
resources protected by this security algorithm. I had a look at the
OAuthClientUtils and if it allows me to construt the Authorization header
with all its bits and bolts, it's already something.
OAuthClientUtils.createAuthorizationHeader checks if Token == null, so
perhaps it will produce the expected Authorization header, there must've
been a reason why I added that 'null' check...
Otherwise it seems that Spring Security would support it also but I'm afraid
that using Spring Security means using Spring REST as well, which we don't
want.
SprimgSecurity can work alongside CXF, though I do not see how it can
help for producing OAuth1.a client requests...
Cheers, Sergey
Kind regards,
Nicolas
--
View this message in context:
http://cxf.547215.n5.nabble.com/Using-OAuth-1-0a-with-JAX-RS-CXF-tp5780889p5780904.html
Sent from the cxf-user mailing list archive at Nabble.com.
