You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Steven Tippetts (JIRA)" <ji...@apache.org> on 2012/12/04 19:36:58 UTC
[jira] [Created] (CXF-4675) Move createUserSubject from
RedirectionBasedGrantService to the OAuthDataProvider
Steven Tippetts created CXF-4675:
------------------------------------
Summary: Move createUserSubject from RedirectionBasedGrantService to the OAuthDataProvider
Key: CXF-4675
URL: https://issues.apache.org/jira/browse/CXF-4675
Project: CXF
Issue Type: Improvement
Components: JAX-RS Security
Affects Versions: 2.7.0
Reporter: Steven Tippetts
I'm having to extend RedirectionBasedGrantService and consequently ImplicitGrantService in order to override createUserSubject. Would it be possible to move createUserSubject to the OAuthDataProvider?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (CXF-4675) Move createUserSubject from
RedirectionBasedGrantService to the OAuthDataProvider
Posted by "Sergey Beryozkin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4675?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Beryozkin resolved CXF-4675.
-----------------------------------
Resolution: Fixed
Fix Version/s: 2.7.1
2.6.4
Assignee: Sergey Beryozkin
SubjectCreator interface has been introduced - this will let you bring the customization closer to the data provider - have the bean implementing OAuthDataProvider also implementing SubjectCreator. IMHO it is a good compromise as it will let the providers which are not into UserSubject customization not to worry about it, thanks
> Move createUserSubject from RedirectionBasedGrantService to the OAuthDataProvider
> ---------------------------------------------------------------------------------
>
> Key: CXF-4675
> URL: https://issues.apache.org/jira/browse/CXF-4675
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 2.7.0
> Reporter: Steven Tippetts
> Assignee: Sergey Beryozkin
> Fix For: 2.6.4, 2.7.1
>
>
> I'm having to extend RedirectionBasedGrantService and consequently ImplicitGrantService in order to override createUserSubject. Would it be possible to move createUserSubject to the OAuthDataProvider?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CXF-4675) Move createUserSubject from
RedirectionBasedGrantService to the OAuthDataProvider
Posted by "Sergey Beryozkin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4675?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13510059#comment-13510059 ]
Sergey Beryozkin commented on CXF-4675:
---------------------------------------
Not sure about it - IMHO OAuthDataProvider does not have to deal with managing end-user subjects. It may create a Client subject but I'm not 100% that is correct either. Why don't you register a CXF RequestHandler filter and create the end user subject from there, as suggested in the other JIRA ?
> Move createUserSubject from RedirectionBasedGrantService to the OAuthDataProvider
> ---------------------------------------------------------------------------------
>
> Key: CXF-4675
> URL: https://issues.apache.org/jira/browse/CXF-4675
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 2.7.0
> Reporter: Steven Tippetts
>
> I'm having to extend RedirectionBasedGrantService and consequently ImplicitGrantService in order to override createUserSubject. Would it be possible to move createUserSubject to the OAuthDataProvider?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CXF-4675) Move createUserSubject from
RedirectionBasedGrantService to the OAuthDataProvider
Posted by "Steven Tippetts (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4675?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13510163#comment-13510163 ]
Steven Tippetts commented on CXF-4675:
--------------------------------------
Thanks, I'll set up a RequestHandler rather than extending the objects. However, proceeding this way makes my implementation disjointed. It would be better for me if the OAuthDataProvider managed the createUserSubject method.
> Move createUserSubject from RedirectionBasedGrantService to the OAuthDataProvider
> ---------------------------------------------------------------------------------
>
> Key: CXF-4675
> URL: https://issues.apache.org/jira/browse/CXF-4675
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 2.7.0
> Reporter: Steven Tippetts
>
> I'm having to extend RedirectionBasedGrantService and consequently ImplicitGrantService in order to override createUserSubject. Would it be possible to move createUserSubject to the OAuthDataProvider?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CXF-4675) Move createUserSubject from
RedirectionBasedGrantService to the OAuthDataProvider
Posted by "Steven Tippetts (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4675?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13510530#comment-13510530 ]
Steven Tippetts commented on CXF-4675:
--------------------------------------
Perfect. Thanks!
> Move createUserSubject from RedirectionBasedGrantService to the OAuthDataProvider
> ---------------------------------------------------------------------------------
>
> Key: CXF-4675
> URL: https://issues.apache.org/jira/browse/CXF-4675
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 2.7.0
> Reporter: Steven Tippetts
> Assignee: Sergey Beryozkin
> Fix For: 2.6.4, 2.7.1
>
>
> I'm having to extend RedirectionBasedGrantService and consequently ImplicitGrantService in order to override createUserSubject. Would it be possible to move createUserSubject to the OAuthDataProvider?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CXF-4675) Move createUserSubject from
RedirectionBasedGrantService to the OAuthDataProvider
Posted by "Sergey Beryozkin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4675?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13510414#comment-13510414 ]
Sergey Beryozkin commented on CXF-4675:
---------------------------------------
That is a reasonable argument for the case where a user subject creation has to be customized. The question remains though, whose responsibility it is to get the subject capturing the info about the authenticated user or client identity ? IMHO it is out of scope for the data provider, otherwise where is the limit between what the runtime does and what the provider does ? For your custom provider it may make sense, for others could be an extra implementation issue...
I may be wrong of course :-). If we see that in some cases the internal info that OAuthDataProvider may have can indeed help with properly creating a customized UserSubject then it can be reviewed - I'd probably introduce some other interface... Hmm... May be I can do it now....
> Move createUserSubject from RedirectionBasedGrantService to the OAuthDataProvider
> ---------------------------------------------------------------------------------
>
> Key: CXF-4675
> URL: https://issues.apache.org/jira/browse/CXF-4675
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 2.7.0
> Reporter: Steven Tippetts
>
> I'm having to extend RedirectionBasedGrantService and consequently ImplicitGrantService in order to override createUserSubject. Would it be possible to move createUserSubject to the OAuthDataProvider?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira