You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by bu...@apache.org on 2012/09/21 14:47:25 UTC
svn commit: r832687 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-oauth2.html

Author: buildbot
Date: Fri Sep 21 12:47:25 2012
New Revision: 832687

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/jax-rs-oauth2.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jax-rs-oauth2.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-oauth2.html (original)
+++ websites/production/cxf/content/docs/jax-rs-oauth2.html Fri Sep 21 12:47:25 2012
@@ -407,7 +407,7 @@ Headers: 
 
 <h4><a shape="rect" name="JAX-RSOAuth2-MAC"></a>MAC</h4>
 
-<p>CXF 2.6.2 supports MAC tokens as specified in the latest <a shape="rect" class="external-link" href="http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-05" rel="nofollow">MAC Access Authentication draft</a>. MAC tokens offer an option for clients to demonstrate they 'hold' the token secret issued to them by AccessTokenService.<br clear="none">
+<p>CXF 2.6.2 supports MAC tokens as specified in the latest <a shape="rect" class="external-link" href="http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01" rel="nofollow">MAC Access Authentication draft</a>. MAC tokens offer an option for clients to demonstrate they 'hold' the token secret issued to them by AccessTokenService.<br clear="none">
 It is recommended that AccessTokenService endpoint issuing MAC tokens enforces a two-way TLS for an extra protection of the MAC token data returned to clients.</p>
 
 <p>The following code fragment shows how a <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java">MacAccessToken</a> utility class can be used to create MAC tokens:</p>
@@ -454,11 +454,11 @@ Headers: {
 
 Payload: 
 
-{<span class="code-quote">"access_token"</span>:<span class="code-quote">"5b5c8e677413277c4bb8b740d522b378"</span>, <span class="code-quote">"token_type"</span>:<span class="code-quote">"mac"</span>, <span class="code-quote">"secret"</span>=<span class="code-quote">"1234568"</span>, algorithm=<span class="code-quote">"hmac-sha-1"</span>}
+{<span class="code-quote">"access_token"</span>:<span class="code-quote">"5b5c8e677413277c4bb8b740d522b378"</span>, <span class="code-quote">"token_type"</span>:<span class="code-quote">"mac"</span>, <span class="code-quote">"mac_key"</span>=<span class="code-quote">"1234568"</span>, <span class="code-quote">"mac_algorithm"</span>=<span class="code-quote">"hmac-sha-1"</span>}
 </pre>
 </div></div>
 
-<p>Note that 'access_token' is the MAC key identifier, 'secret' - MAC key.</p>
+<p>Note that 'access_token' is the MAC key identifier.</p>
 
 <p><a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.java">MacAccessTokenValidator</a> has to be registered with OAuthRequestFilter for validating the incoming MAC tokens. This validator can get a reference to custom <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/NonceVerifier.java">NonceVerifier</a> with CXF possibly shipping a default implementation in the future.</p>
 
@@ -490,13 +490,13 @@ GET /calendar HTTP/1.1
 Host: localhost
 Accept: application/xml
 Authorization: MAC id=<span class="code-quote">"5b5c8e677413277c4bb8b740d522b378"</span>,
-                   nonce=<span class="code-quote">"273156:di3hvdf8"</span>,
+                   nonce=<span class="code-quote">"di3hvdf8"</span>,
                    mac=<span class="code-quote">"W7bdMZbv9UWOTadASIQHagZyirA="</span>
-                   ext=<span class="code-quote">"12345678"</span> 
+                   ts=<span class="code-quote">"12345678"</span> 
 </pre>
 </div></div>
 
-<p>where 'ext' attribute is used to pass a timestamp value.</p>
+<p>where 'ts' attribute is used to pass a timestamp value.</p>
 
 <h3><a shape="rect" name="JAX-RSOAuth2-AccessTokenValidationService"></a>AccessTokenValidationService </h3>
 <p>The  <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidationService.java">AccessTokenValidationService</a> is a CXF specific OAuth2 service for accepting the remote access token validation requests. Typically, OAuthRequestFilter (see on it below) may choose to impersonate itself as a third-party client and will ask AccessTokenValidationService to return the information relevant to the current access token, before setting up a security context. More on it below.</p>