You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openwebbeans.apache.org by Romain Manni-Bucau <rm...@gmail.com> on 2017/01/12 16:19:40 UTC
meecrowave cxf-oauth2
Hi guys,
Apache Meecrowave (sub project of OpenWebBeans) got some days ago an
experimental oauth2 module. It is "just" CXF oauth2 code setup as a runtime
and not a library.
I see it as an opportunity to make our both communities working more
closely, enhancing this feature to make it as close as possible as the
customers/users needs.
The snapshot doc (which is for now very light and mainly generated) is
available at
http://openwebbeans.staging.apache.org/meecrowave/meecrowave-oauth2/
Don't heistate to let us know what you think about it.
PS: for people not reading docs here is the right url
http://svn.apache.org/repos/asf/openwebbeans/meecrowave/trunk/meecrowave-oauth2/
;)
Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<https://blog-rmannibucau.rhcloud.com> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory
<https://javaeefactory-rmannibucau.rhcloud.com>
Re: meecrowave cxf-oauth2
Posted by Romain Manni-Bucau <rm...@gmail.com>.
2017-01-13 15:06 GMT+01:00 Romain Manni-Bucau <rm...@gmail.com>:
>
>
> Le 13 janv. 2017 14:44, "Sergey Beryozkin" <sb...@gmail.com> a
> écrit :
>
> Hi Romain,
>
> that makes sense, supporting the authorization code can be optional, note
> the providers can support only all non-redirection based grants or the code
> grants too, ex, JCacheOAuthDataProvider and JCacheCodeDataProvider.
>
> I suppose the real challenge is how to auth the users (OAuth2 clients) at
> the /token level. For ex, in Fediz OIDC we'd connect to Syncope via CXF
> STS, with Syncope covering all the possible user storages.
>
>
> Wonder if being in tomcat we cant reuse the realm/principal to have a
> local user repository/ies. Would make it easier to setup and allow to reuse
> a lot of impl.
>
>
That's what we have on trunk, and authorization_code is supported in
gui-less mode. Since meecrowave-oauth2 can be embedded too it allows to use
any ui if desired - or still a plain client if needed.
>
>
> Cheers, Sergey
>
>
> On 13/01/17 13:05, Romain Manni-Bucau wrote:
>
>> Hi Sergey
>>
>> Le 13 janv. 2017 12:25, "Sergey Beryozkin" <sb...@gmail.com> a
>> écrit :
>>
>> Hi Romain
>>
>> Thanks for sharing the links, looks interesting.
>>
>> How do you plan to support the authorization_code grants ?
>>
>>
>> Not yet checked but guess we ll add the endpoints and probably a flag to
>> activate it or not.
>>
>> What do you see as more challenging then /token?
>>
>>
>>
>> Cheers, Sergey
>>
>>
>> On 12/01/17 16:19, Romain Manni-Bucau wrote:
>>
>> Hi guys,
>>>
>>> Apache Meecrowave (sub project of OpenWebBeans) got some days ago an
>>> experimental oauth2 module. It is "just" CXF oauth2 code setup as a
>>> runtime
>>> and not a library.
>>>
>>> I see it as an opportunity to make our both communities working more
>>> closely, enhancing this feature to make it as close as possible as the
>>> customers/users needs.
>>>
>>> The snapshot doc (which is for now very light and mainly generated) is
>>> available at
>>> http://openwebbeans.staging.apache.org/meecrowave/meecrowave-oauth2/
>>>
>>> Don't heistate to let us know what you think about it.
>>>
>>> PS: for people not reading docs here is the right url
>>> http://svn.apache.org/repos/asf/openwebbeans/meecrowave/trun
>>> k/meecrowave-oauth2/
>>> ;)
>>>
>>> Romain Manni-Bucau
>>> @rmannibucau <https://twitter.com/rmannibucau> | Blog
>>> <https://blog-rmannibucau.rhcloud.com> | Old Blog
>>> <http://rmannibucau.wordpress.com> | Github <
>>> https://github.com/rmannibuca
>>> u> |
>>> LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory
>>> <https://javaeefactory-rmannibucau.rhcloud.com>
>>>
>>>
>>>
>>
>
> --
> Sergey Beryozkin
>
> Talend Community Coders
> http://coders.talend.com/
>
>
>
Re: meecrowave cxf-oauth2
Posted by Romain Manni-Bucau <rm...@gmail.com>.
2017-01-13 15:06 GMT+01:00 Romain Manni-Bucau <rm...@gmail.com>:
>
>
> Le 13 janv. 2017 14:44, "Sergey Beryozkin" <sb...@gmail.com> a
> écrit :
>
> Hi Romain,
>
> that makes sense, supporting the authorization code can be optional, note
> the providers can support only all non-redirection based grants or the code
> grants too, ex, JCacheOAuthDataProvider and JCacheCodeDataProvider.
>
> I suppose the real challenge is how to auth the users (OAuth2 clients) at
> the /token level. For ex, in Fediz OIDC we'd connect to Syncope via CXF
> STS, with Syncope covering all the possible user storages.
>
>
> Wonder if being in tomcat we cant reuse the realm/principal to have a
> local user repository/ies. Would make it easier to setup and allow to reuse
> a lot of impl.
>
>
That's what we have on trunk, and authorization_code is supported in
gui-less mode. Since meecrowave-oauth2 can be embedded too it allows to use
any ui if desired - or still a plain client if needed.
>
>
> Cheers, Sergey
>
>
> On 13/01/17 13:05, Romain Manni-Bucau wrote:
>
>> Hi Sergey
>>
>> Le 13 janv. 2017 12:25, "Sergey Beryozkin" <sb...@gmail.com> a
>> écrit :
>>
>> Hi Romain
>>
>> Thanks for sharing the links, looks interesting.
>>
>> How do you plan to support the authorization_code grants ?
>>
>>
>> Not yet checked but guess we ll add the endpoints and probably a flag to
>> activate it or not.
>>
>> What do you see as more challenging then /token?
>>
>>
>>
>> Cheers, Sergey
>>
>>
>> On 12/01/17 16:19, Romain Manni-Bucau wrote:
>>
>> Hi guys,
>>>
>>> Apache Meecrowave (sub project of OpenWebBeans) got some days ago an
>>> experimental oauth2 module. It is "just" CXF oauth2 code setup as a
>>> runtime
>>> and not a library.
>>>
>>> I see it as an opportunity to make our both communities working more
>>> closely, enhancing this feature to make it as close as possible as the
>>> customers/users needs.
>>>
>>> The snapshot doc (which is for now very light and mainly generated) is
>>> available at
>>> http://openwebbeans.staging.apache.org/meecrowave/meecrowave-oauth2/
>>>
>>> Don't heistate to let us know what you think about it.
>>>
>>> PS: for people not reading docs here is the right url
>>> http://svn.apache.org/repos/asf/openwebbeans/meecrowave/trun
>>> k/meecrowave-oauth2/
>>> ;)
>>>
>>> Romain Manni-Bucau
>>> @rmannibucau <https://twitter.com/rmannibucau> | Blog
>>> <https://blog-rmannibucau.rhcloud.com> | Old Blog
>>> <http://rmannibucau.wordpress.com> | Github <
>>> https://github.com/rmannibuca
>>> u> |
>>> LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory
>>> <https://javaeefactory-rmannibucau.rhcloud.com>
>>>
>>>
>>>
>>
>
> --
> Sergey Beryozkin
>
> Talend Community Coders
> http://coders.talend.com/
>
>
>
Re: meecrowave cxf-oauth2
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Le 13 janv. 2017 14:44, "Sergey Beryozkin" <sb...@gmail.com> a écrit :
Hi Romain,
that makes sense, supporting the authorization code can be optional, note
the providers can support only all non-redirection based grants or the code
grants too, ex, JCacheOAuthDataProvider and JCacheCodeDataProvider.
I suppose the real challenge is how to auth the users (OAuth2 clients) at
the /token level. For ex, in Fediz OIDC we'd connect to Syncope via CXF
STS, with Syncope covering all the possible user storages.
Wonder if being in tomcat we cant reuse the realm/principal to have a local
user repository/ies. Would make it easier to setup and allow to reuse a lot
of impl.
Cheers, Sergey
On 13/01/17 13:05, Romain Manni-Bucau wrote:
> Hi Sergey
>
> Le 13 janv. 2017 12:25, "Sergey Beryozkin" <sb...@gmail.com> a écrit
> :
>
> Hi Romain
>
> Thanks for sharing the links, looks interesting.
>
> How do you plan to support the authorization_code grants ?
>
>
> Not yet checked but guess we ll add the endpoints and probably a flag to
> activate it or not.
>
> What do you see as more challenging then /token?
>
>
>
> Cheers, Sergey
>
>
> On 12/01/17 16:19, Romain Manni-Bucau wrote:
>
> Hi guys,
>>
>> Apache Meecrowave (sub project of OpenWebBeans) got some days ago an
>> experimental oauth2 module. It is "just" CXF oauth2 code setup as a
>> runtime
>> and not a library.
>>
>> I see it as an opportunity to make our both communities working more
>> closely, enhancing this feature to make it as close as possible as the
>> customers/users needs.
>>
>> The snapshot doc (which is for now very light and mainly generated) is
>> available at
>> http://openwebbeans.staging.apache.org/meecrowave/meecrowave-oauth2/
>>
>> Don't heistate to let us know what you think about it.
>>
>> PS: for people not reading docs here is the right url
>> http://svn.apache.org/repos/asf/openwebbeans/meecrowave/trun
>> k/meecrowave-oauth2/
>> ;)
>>
>> Romain Manni-Bucau
>> @rmannibucau <https://twitter.com/rmannibucau> | Blog
>> <https://blog-rmannibucau.rhcloud.com> | Old Blog
>> <http://rmannibucau.wordpress.com> | Github <
>> https://github.com/rmannibuca
>> u> |
>> LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory
>> <https://javaeefactory-rmannibucau.rhcloud.com>
>>
>>
>>
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Re: meecrowave cxf-oauth2
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Le 13 janv. 2017 14:44, "Sergey Beryozkin" <sb...@gmail.com> a écrit :
Hi Romain,
that makes sense, supporting the authorization code can be optional, note
the providers can support only all non-redirection based grants or the code
grants too, ex, JCacheOAuthDataProvider and JCacheCodeDataProvider.
I suppose the real challenge is how to auth the users (OAuth2 clients) at
the /token level. For ex, in Fediz OIDC we'd connect to Syncope via CXF
STS, with Syncope covering all the possible user storages.
Wonder if being in tomcat we cant reuse the realm/principal to have a local
user repository/ies. Would make it easier to setup and allow to reuse a lot
of impl.
Cheers, Sergey
On 13/01/17 13:05, Romain Manni-Bucau wrote:
> Hi Sergey
>
> Le 13 janv. 2017 12:25, "Sergey Beryozkin" <sb...@gmail.com> a écrit
> :
>
> Hi Romain
>
> Thanks for sharing the links, looks interesting.
>
> How do you plan to support the authorization_code grants ?
>
>
> Not yet checked but guess we ll add the endpoints and probably a flag to
> activate it or not.
>
> What do you see as more challenging then /token?
>
>
>
> Cheers, Sergey
>
>
> On 12/01/17 16:19, Romain Manni-Bucau wrote:
>
> Hi guys,
>>
>> Apache Meecrowave (sub project of OpenWebBeans) got some days ago an
>> experimental oauth2 module. It is "just" CXF oauth2 code setup as a
>> runtime
>> and not a library.
>>
>> I see it as an opportunity to make our both communities working more
>> closely, enhancing this feature to make it as close as possible as the
>> customers/users needs.
>>
>> The snapshot doc (which is for now very light and mainly generated) is
>> available at
>> http://openwebbeans.staging.apache.org/meecrowave/meecrowave-oauth2/
>>
>> Don't heistate to let us know what you think about it.
>>
>> PS: for people not reading docs here is the right url
>> http://svn.apache.org/repos/asf/openwebbeans/meecrowave/trun
>> k/meecrowave-oauth2/
>> ;)
>>
>> Romain Manni-Bucau
>> @rmannibucau <https://twitter.com/rmannibucau> | Blog
>> <https://blog-rmannibucau.rhcloud.com> | Old Blog
>> <http://rmannibucau.wordpress.com> | Github <
>> https://github.com/rmannibuca
>> u> |
>> LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory
>> <https://javaeefactory-rmannibucau.rhcloud.com>
>>
>>
>>
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Re: meecrowave cxf-oauth2
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi Romain,
that makes sense, supporting the authorization code can be optional,
note the providers can support only all non-redirection based grants or
the code grants too, ex, JCacheOAuthDataProvider and JCacheCodeDataProvider.
I suppose the real challenge is how to auth the users (OAuth2 clients)
at the /token level. For ex, in Fediz OIDC we'd connect to Syncope via
CXF STS, with Syncope covering all the possible user storages.
Cheers, Sergey
On 13/01/17 13:05, Romain Manni-Bucau wrote:
> Hi Sergey
>
> Le 13 janv. 2017 12:25, "Sergey Beryozkin" <sb...@gmail.com> a �crit :
>
> Hi Romain
>
> Thanks for sharing the links, looks interesting.
>
> How do you plan to support the authorization_code grants ?
>
>
> Not yet checked but guess we ll add the endpoints and probably a flag to
> activate it or not.
>
> What do you see as more challenging then /token?
>
>
>
> Cheers, Sergey
>
>
> On 12/01/17 16:19, Romain Manni-Bucau wrote:
>
>> Hi guys,
>>
>> Apache Meecrowave (sub project of OpenWebBeans) got some days ago an
>> experimental oauth2 module. It is "just" CXF oauth2 code setup as a runtime
>> and not a library.
>>
>> I see it as an opportunity to make our both communities working more
>> closely, enhancing this feature to make it as close as possible as the
>> customers/users needs.
>>
>> The snapshot doc (which is for now very light and mainly generated) is
>> available at
>> http://openwebbeans.staging.apache.org/meecrowave/meecrowave-oauth2/
>>
>> Don't heistate to let us know what you think about it.
>>
>> PS: for people not reading docs here is the right url
>> http://svn.apache.org/repos/asf/openwebbeans/meecrowave/trun
>> k/meecrowave-oauth2/
>> ;)
>>
>> Romain Manni-Bucau
>> @rmannibucau <https://twitter.com/rmannibucau> | Blog
>> <https://blog-rmannibucau.rhcloud.com> | Old Blog
>> <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibuca
>> u> |
>> LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory
>> <https://javaeefactory-rmannibucau.rhcloud.com>
>>
>>
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Re: meecrowave cxf-oauth2
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi Romain,
that makes sense, supporting the authorization code can be optional,
note the providers can support only all non-redirection based grants or
the code grants too, ex, JCacheOAuthDataProvider and JCacheCodeDataProvider.
I suppose the real challenge is how to auth the users (OAuth2 clients)
at the /token level. For ex, in Fediz OIDC we'd connect to Syncope via
CXF STS, with Syncope covering all the possible user storages.
Cheers, Sergey
On 13/01/17 13:05, Romain Manni-Bucau wrote:
> Hi Sergey
>
> Le 13 janv. 2017 12:25, "Sergey Beryozkin" <sb...@gmail.com> a �crit :
>
> Hi Romain
>
> Thanks for sharing the links, looks interesting.
>
> How do you plan to support the authorization_code grants ?
>
>
> Not yet checked but guess we ll add the endpoints and probably a flag to
> activate it or not.
>
> What do you see as more challenging then /token?
>
>
>
> Cheers, Sergey
>
>
> On 12/01/17 16:19, Romain Manni-Bucau wrote:
>
>> Hi guys,
>>
>> Apache Meecrowave (sub project of OpenWebBeans) got some days ago an
>> experimental oauth2 module. It is "just" CXF oauth2 code setup as a runtime
>> and not a library.
>>
>> I see it as an opportunity to make our both communities working more
>> closely, enhancing this feature to make it as close as possible as the
>> customers/users needs.
>>
>> The snapshot doc (which is for now very light and mainly generated) is
>> available at
>> http://openwebbeans.staging.apache.org/meecrowave/meecrowave-oauth2/
>>
>> Don't heistate to let us know what you think about it.
>>
>> PS: for people not reading docs here is the right url
>> http://svn.apache.org/repos/asf/openwebbeans/meecrowave/trun
>> k/meecrowave-oauth2/
>> ;)
>>
>> Romain Manni-Bucau
>> @rmannibucau <https://twitter.com/rmannibucau> | Blog
>> <https://blog-rmannibucau.rhcloud.com> | Old Blog
>> <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibuca
>> u> |
>> LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory
>> <https://javaeefactory-rmannibucau.rhcloud.com>
>>
>>
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Re: meecrowave cxf-oauth2
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Hi Sergey
Le 13 janv. 2017 12:25, "Sergey Beryozkin" <sb...@gmail.com> a écrit :
Hi Romain
Thanks for sharing the links, looks interesting.
How do you plan to support the authorization_code grants ?
Not yet checked but guess we ll add the endpoints and probably a flag to
activate it or not.
What do you see as more challenging then /token?
Cheers, Sergey
On 12/01/17 16:19, Romain Manni-Bucau wrote:
> Hi guys,
>
> Apache Meecrowave (sub project of OpenWebBeans) got some days ago an
> experimental oauth2 module. It is "just" CXF oauth2 code setup as a runtime
> and not a library.
>
> I see it as an opportunity to make our both communities working more
> closely, enhancing this feature to make it as close as possible as the
> customers/users needs.
>
> The snapshot doc (which is for now very light and mainly generated) is
> available at
> http://openwebbeans.staging.apache.org/meecrowave/meecrowave-oauth2/
>
> Don't heistate to let us know what you think about it.
>
> PS: for people not reading docs here is the right url
> http://svn.apache.org/repos/asf/openwebbeans/meecrowave/trun
> k/meecrowave-oauth2/
> ;)
>
> Romain Manni-Bucau
> @rmannibucau <https://twitter.com/rmannibucau> | Blog
> <https://blog-rmannibucau.rhcloud.com> | Old Blog
> <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibuca
> u> |
> LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory
> <https://javaeefactory-rmannibucau.rhcloud.com>
>
>
Re: meecrowave cxf-oauth2
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Hi Sergey
Le 13 janv. 2017 12:25, "Sergey Beryozkin" <sb...@gmail.com> a écrit :
Hi Romain
Thanks for sharing the links, looks interesting.
How do you plan to support the authorization_code grants ?
Not yet checked but guess we ll add the endpoints and probably a flag to
activate it or not.
What do you see as more challenging then /token?
Cheers, Sergey
On 12/01/17 16:19, Romain Manni-Bucau wrote:
> Hi guys,
>
> Apache Meecrowave (sub project of OpenWebBeans) got some days ago an
> experimental oauth2 module. It is "just" CXF oauth2 code setup as a runtime
> and not a library.
>
> I see it as an opportunity to make our both communities working more
> closely, enhancing this feature to make it as close as possible as the
> customers/users needs.
>
> The snapshot doc (which is for now very light and mainly generated) is
> available at
> http://openwebbeans.staging.apache.org/meecrowave/meecrowave-oauth2/
>
> Don't heistate to let us know what you think about it.
>
> PS: for people not reading docs here is the right url
> http://svn.apache.org/repos/asf/openwebbeans/meecrowave/trun
> k/meecrowave-oauth2/
> ;)
>
> Romain Manni-Bucau
> @rmannibucau <https://twitter.com/rmannibucau> | Blog
> <https://blog-rmannibucau.rhcloud.com> | Old Blog
> <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibuca
> u> |
> LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory
> <https://javaeefactory-rmannibucau.rhcloud.com>
>
>
Re: meecrowave cxf-oauth2
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi Romain
Thanks for sharing the links, looks interesting.
How do you plan to support the authorization_code grants ?
Cheers, Sergey
On 12/01/17 16:19, Romain Manni-Bucau wrote:
> Hi guys,
>
> Apache Meecrowave (sub project of OpenWebBeans) got some days ago an
> experimental oauth2 module. It is "just" CXF oauth2 code setup as a runtime
> and not a library.
>
> I see it as an opportunity to make our both communities working more
> closely, enhancing this feature to make it as close as possible as the
> customers/users needs.
>
> The snapshot doc (which is for now very light and mainly generated) is
> available at
> http://openwebbeans.staging.apache.org/meecrowave/meecrowave-oauth2/
>
> Don't heistate to let us know what you think about it.
>
> PS: for people not reading docs here is the right url
> http://svn.apache.org/repos/asf/openwebbeans/meecrowave/trunk/meecrowave-oauth2/
> ;)
>
> Romain Manni-Bucau
> @rmannibucau <https://twitter.com/rmannibucau> | Blog
> <https://blog-rmannibucau.rhcloud.com> | Old Blog
> <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
> LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory
> <https://javaeefactory-rmannibucau.rhcloud.com>
>
Re: meecrowave cxf-oauth2
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi Romain
Thanks for sharing the links, looks interesting.
How do you plan to support the authorization_code grants ?
Cheers, Sergey
On 12/01/17 16:19, Romain Manni-Bucau wrote:
> Hi guys,
>
> Apache Meecrowave (sub project of OpenWebBeans) got some days ago an
> experimental oauth2 module. It is "just" CXF oauth2 code setup as a runtime
> and not a library.
>
> I see it as an opportunity to make our both communities working more
> closely, enhancing this feature to make it as close as possible as the
> customers/users needs.
>
> The snapshot doc (which is for now very light and mainly generated) is
> available at
> http://openwebbeans.staging.apache.org/meecrowave/meecrowave-oauth2/
>
> Don't heistate to let us know what you think about it.
>
> PS: for people not reading docs here is the right url
> http://svn.apache.org/repos/asf/openwebbeans/meecrowave/trunk/meecrowave-oauth2/
> ;)
>
> Romain Manni-Bucau
> @rmannibucau <https://twitter.com/rmannibucau> | Blog
> <https://blog-rmannibucau.rhcloud.com> | Old Blog
> <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
> LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory
> <https://javaeefactory-rmannibucau.rhcloud.com>
>