You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Sergey Beryozkin (JIRA)" <ji...@apache.org> on 2014/02/19 18:38:21 UTC
[jira] [Resolved] (CXF-5569) OAuth AbstractAuthFilter and query
parameters used for signing
[ https://issues.apache.org/jira/browse/CXF-5569?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Beryozkin resolved CXF-5569.
-----------------------------------
Resolution: Fixed
Fix Version/s: 2.7.11
3.0.0-milestone2
Assignee: Sergey Beryozkin
> OAuth AbstractAuthFilter and query parameters used for signing
> --------------------------------------------------------------
>
> Key: CXF-5569
> URL: https://issues.apache.org/jira/browse/CXF-5569
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 2.7.10
> Reporter: Jason Klapste
> Assignee: Sergey Beryozkin
> Priority: Minor
> Fix For: 3.0.0-milestone2, 2.7.11
>
>
> In the AbstractAuthFilter the query (or body) parameters used for signing are only those included in ALLOWED_OAUTH_PARAMETERS.
> But if I'm reading the RFC correctly, it looks are though ALL parameters should be considered for signature generation.
> To support both backwards compatibility, can I suggest exposing the ALLOWED_OAUTH_PARAMETERS to subclasses (either directly or via getter/setters) along with a flag that can be set to automatically include any and all parameters?
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)