[
https://issues.apache.org/jira/browse/CXF-5179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13746092#comment-13746092
]
Sergey Beryozkin commented on CXF-5179:
---------------------------------------
Hi Thorsten, I wonder if should keep UserSubject as is for now.
It also has a (optional) list of roles captured during the user authentication
if JAAS authenticator was used, and the roles may also change.
It appears to me that in both cases (end user changes its login name or an
admin changes its roles), the access token records using the affected
UserSubject need to be refreshed.
Using an optional id field will offer one option for keeping with the login
name changes (but not roles), but what concerns me a bit is that the CXF
runtime will 'lose' the current login name associated with the user, example,
if we decide to add some logging, example, OAuth2 filter will log say "Client
uses access token approved by someu...@gmail.com" while as it happens
'someu...@gmail.com' is not a valid login name any longer.
What do you think ?
> Add optional id field to UserSubject
> ------------------------------------
>
> Key: CXF-5179
> URL: https://issues.apache.org/jira/browse/CXF-5179
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 2.7.6
> Reporter: Thorsten Hoeger
> Priority: Minor
> Labels: OAuth2
> Attachments: 0001-adding-optional-user-id-to-UserSubject.patch
>
>
> As the user's login name my change over time it might be a good idea to
> assign a unique, non-changing user id. To reflect this within the auth module
> the class USerSubject needs an additional field.
> The OAuthContextUtils the may resolve the user's id.
> A patch implementing this improvement is attached.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
