[
https://issues.apache.org/jira/browse/CXF-4671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Beryozkin resolved CXF-4671.
-----------------------------------
Resolution: Won't Fix
Assignee: Sergey Beryozkin
We've agreed to explore the pre-authorized token option
> [OAuth2] Add option to not have user intervention
> -------------------------------------------------
>
> Key: CXF-4671
> URL: https://issues.apache.org/jira/browse/CXF-4671
> Project: CXF
> Issue Type: Wish
> Components: JAX-RS Security
> Affects Versions: 2.7.0
> Reporter: Steven Tippetts
> Assignee: Sergey Beryozkin
>
> I'm using the cxf oauth library as a cross domain, non-cookie way to protect
> my resource server endpoints. As such, I don't need the user to authorize
> access to any data. I know this isn't part of the OAuth 2 spec, but it would
> be very nice if there were a config setting that would skip the user
> authorization part.
> Currently, I'm extending RedirectionBasedGrantService and overriding
> startAuthorization like this:
> {code}
> @Override
> protected Response startAuthorization(MultivaluedMap<String, String> params) {
> super.startAuthorization(params);
> HttpSession session =
> getMessageContext().getHttpServletRequest().getSession();
> String sessionToken =
> (String)session.getAttribute(OAuthConstants.SESSION_AUTHENTICITY_TOKEN);
> params.add("session_authenticity_token", sessionToken);
> params.add("oauthDecision", "allow");
> return super.completeAuthorization(params);
> }
> {code}
> This works ok for me, but it would be nice if it were a part of the library.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
