You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Oliver Wulff (Jira)" <ji...@apache.org> on 2022/01/28 08:56:00 UTC

[jira] [Commented] (CXF-8648) Make ClaimsAuthorizingInterceptor configurable in ClaimsAuthorizingFilter

    [ https://issues.apache.org/jira/browse/CXF-8648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17483654#comment-17483654 ] 

Oliver Wulff commented on CXF-8648:
-----------------------------------

I'd provide the option to pass the ClaimsAuthorizingInterceptor as a constructor argument due to the other two setters (setClaims, setSecuredObject). I'd consider these two setters as deprecated in 3.6 because the recommended approach in the next major version should be to use the setters on the ClaimsAuthorizingInterceptor instead.

 

WDYT?

> Make ClaimsAuthorizingInterceptor configurable in ClaimsAuthorizingFilter
> -------------------------------------------------------------------------
>
>                 Key: CXF-8648
>                 URL: https://issues.apache.org/jira/browse/CXF-8648
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS Security
>    Affects Versions: 3.5.0, 3.4.5
>            Reporter: Oliver Wulff
>            Assignee: Colm O hEigeartaigh
>            Priority: Minor
>             Fix For: 3.5.1, 4.0.0
>
>
> The ClaimsAuthorizingInterceptor is not configurable within the ClaimsAuthorizingFilter. Thus the configuration options for the ClaimsAuthorizingInterceptor (e.g. nameAliases, formatAliases).
> https://github.com/apache/cxf/blob/master/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/ClaimsAuthorizingFilter.java



--
This message was sent by Atlassian Jira
(v8.20.1#820001)