[
https://issues.apache.org/jira/browse/CXF-4675?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13510414#comment-13510414
]
Sergey Beryozkin commented on CXF-4675:
---------------------------------------
That is a reasonable argument for the case where a user subject creation has to
be customized. The question remains though, whose responsibility it is to get
the subject capturing the info about the authenticated user or client identity
? IMHO it is out of scope for the data provider, otherwise where is the limit
between what the runtime does and what the provider does ? For your custom
provider it may make sense, for others could be an extra implementation issue...
I may be wrong of course :-). If we see that in some cases the internal info
that OAuthDataProvider may have can indeed help with properly creating a
customized UserSubject then it can be reviewed - I'd probably introduce some
other interface... Hmm... May be I can do it now....
> Move createUserSubject from RedirectionBasedGrantService to the
> OAuthDataProvider
> ---------------------------------------------------------------------------------
>
> Key: CXF-4675
> URL: https://issues.apache.org/jira/browse/CXF-4675
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 2.7.0
> Reporter: Steven Tippetts
>
> I'm having to extend RedirectionBasedGrantService and consequently
> ImplicitGrantService in order to override createUserSubject. Would it be
> possible to move createUserSubject to the OAuthDataProvider?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
