OAuth2 does not define the token format. We have defined our own token format that transmits signed role-mapping metadata.
Check this out: http://docs.jboss.org/resteasy/docs/3.0-beta-4/userguide/html/oauth2.html#d4e1454 An "Oauth client" in skeleton key can be assigned a set of roles that it is allowed to assume. So, even though a specific user might have "admin" and "user" permissions, you can specify in the "oauth client" role mapping that the "oauth client" is only allowed to assume "user" permissions. Please read the linked documentation and get back to this list if you have more questions. FYI, because our OAuth2 code reuses and is built on top of JBoss's existing Security Domain APIs there's only so much flexibility that can be provided. In the future, I have plans to leverage the new IDM API in AS8 so that you can do more complex role mappings and OAuth2 scopes . Right now you're limited to what the documentation specifies. Please get back to me. I want to know if what we have is good enough for now, or if it is unusable. On 4/16/2013 9:17 AM, Doug Schnelzer wrote: > Thanks. As a follow up, I'd like to request a bearer token but limit > the Roles identified in the bearer token. I'm looking > at org.jboss.resteasy.example.oauth.ProductDatabaseClient. Would it be > right to look that the Access Token Scope to try and accomplish this. > What I'm trying to do is have a set of REST services protected using > the @RolesAllowed and a less sensitive role. Even though the Resource > Owner may have access to more sensitive roles, I don't wan the bearer > token being given to the client to have all of these roles. I'm working > my way through > org.jboss.resteasy.skeleton.key.servlet.ServletOAuthClient and mapping > to the OAuth2 spec, but would welcome any guidance pointing me in the > right direction. > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > > > > _______________________________________________ > Resteasy-users mailing list > Resteasy-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/resteasy-users > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/resteasy-users
