You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Evgeni Kisel (JIRA)" <ji...@apache.org> on 2012/07/17 11:58:34 UTC
[jira] [Created] (CXF-4428) [OAuth1.0] allow to set response codes
when throwing exception from OAuthDataProvider implementation.
Evgeni Kisel created CXF-4428:
---------------------------------
Summary: [OAuth1.0] allow to set response codes when throwing exception from OAuthDataProvider implementation.
Key: CXF-4428
URL: https://issues.apache.org/jira/browse/CXF-4428
Project: CXF
Issue Type: Wish
Components: JAX-RS Security
Affects Versions: 2.6.1
Reporter: Evgeni Kisel
Currently OAuthDataProvider interface support throwing OAuthServiceException. But handlers (request token, authorize, access token) catch this exception and always return response status 500.
I think it will be better to allow setting custom response statuses and add proper handling for this exception type.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CXF-4428) [OAuth1.0] allow to set response
codes when throwing exception from OAuthDataProvider implementation.
Posted by "Sergey Beryozkin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13417804#comment-13417804 ]
Sergey Beryozkin commented on CXF-4428:
---------------------------------------
Update: "report.failure.details" and "report.failure.details.as.header" contextual properties should be used instead.
"report.failure.details.as.header" can be set to get the problem reported as the "oauth_problem" header (as apparently LinkedIn did), otherwise it is in the response body
> [OAuth1.0] allow to set response codes when throwing exception from OAuthDataProvider implementation.
> -----------------------------------------------------------------------------------------------------
>
> Key: CXF-4428
> URL: https://issues.apache.org/jira/browse/CXF-4428
> Project: CXF
> Issue Type: Wish
> Components: JAX-RS Security
> Affects Versions: 2.6.1
> Reporter: Evgeni Kisel
> Assignee: Sergey Beryozkin
> Fix For: 2.6.2, 2.7.0
>
>
> Currently OAuthDataProvider interface support throwing OAuthServiceException. But handlers (request token, authorize, access token) catch this exception and always return response status 500.
> I think it will be better to allow setting custom response statuses and add proper handling for this exception type.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (CXF-4428) [OAuth1.0] allow to set response codes
when throwing exception from OAuthDataProvider implementation.
Posted by "Sergey Beryozkin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4428?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Beryozkin reassigned CXF-4428:
-------------------------------------
Assignee: Sergey Beryozkin
> [OAuth1.0] allow to set response codes when throwing exception from OAuthDataProvider implementation.
> -----------------------------------------------------------------------------------------------------
>
> Key: CXF-4428
> URL: https://issues.apache.org/jira/browse/CXF-4428
> Project: CXF
> Issue Type: Wish
> Components: JAX-RS Security
> Affects Versions: 2.6.1
> Reporter: Evgeni Kisel
> Assignee: Sergey Beryozkin
> Fix For: 2.6.2, 2.7.0
>
>
> Currently OAuthDataProvider interface support throwing OAuthServiceException. But handlers (request token, authorize, access token) catch this exception and always return response status 500.
> I think it will be better to allow setting custom response statuses and add proper handling for this exception type.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CXF-4428) [OAuth1.0] allow to set response
codes when throwing exception from OAuthDataProvider implementation.
Posted by "Sergey Beryozkin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13417197#comment-13417197 ]
Sergey Beryozkin commented on CXF-4428:
---------------------------------------
I've updated the code to optionally report the error messages for all the exceptions, including OAuthServiceException, the services can get a 'reportFailureDetails' property set to true if the extra info is required. This is consistent with the way extra error details are managed in the OAuth 2.0 module. The default code is now 400, and 401 is reported if no client is found - as advised by the 1.0 spec - this is also quite consistent with the 2.0 spec (see the invalid_client error condition). The 1.0 spec says 401 'SHOULD' be reported for few extra cases, but I'll get it reported only in the case where the client is not available to keep it more inline with the 2.0 spec
> [OAuth1.0] allow to set response codes when throwing exception from OAuthDataProvider implementation.
> -----------------------------------------------------------------------------------------------------
>
> Key: CXF-4428
> URL: https://issues.apache.org/jira/browse/CXF-4428
> Project: CXF
> Issue Type: Wish
> Components: JAX-RS Security
> Affects Versions: 2.6.1
> Reporter: Evgeni Kisel
>
> Currently OAuthDataProvider interface support throwing OAuthServiceException. But handlers (request token, authorize, access token) catch this exception and always return response status 500.
> I think it will be better to allow setting custom response statuses and add proper handling for this exception type.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (CXF-4428) [OAuth1.0] allow to set response codes
when throwing exception from OAuthDataProvider implementation.
Posted by "Sergey Beryozkin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-4428?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Beryozkin resolved CXF-4428.
-----------------------------------
Resolution: Fixed
Fix Version/s: 2.7.0
2.6.2
> [OAuth1.0] allow to set response codes when throwing exception from OAuthDataProvider implementation.
> -----------------------------------------------------------------------------------------------------
>
> Key: CXF-4428
> URL: https://issues.apache.org/jira/browse/CXF-4428
> Project: CXF
> Issue Type: Wish
> Components: JAX-RS Security
> Affects Versions: 2.6.1
> Reporter: Evgeni Kisel
> Fix For: 2.6.2, 2.7.0
>
>
> Currently OAuthDataProvider interface support throwing OAuthServiceException. But handlers (request token, authorize, access token) catch this exception and always return response status 500.
> I think it will be better to allow setting custom response statuses and add proper handling for this exception type.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira