[jira] [Resolved] (CXF-5569) OAuth AbstractAuthFilter and query parameters used for signing

Sergey Beryozkin (JIRA) Wed, 19 Feb 2014 09:39:13 -0800

     [ 
https://issues.apache.org/jira/browse/CXF-5569?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Sergey Beryozkin resolved CXF-5569.
-----------------------------------

       Resolution: Fixed
    Fix Version/s: 2.7.11
                   3.0.0-milestone2
         Assignee: Sergey Beryozkin

> OAuth AbstractAuthFilter and query parameters used for signing
> --------------------------------------------------------------
>
>                 Key: CXF-5569
>                 URL: https://issues.apache.org/jira/browse/CXF-5569
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS Security
>    Affects Versions: 2.7.10
>            Reporter: Jason Klapste
>            Assignee: Sergey Beryozkin
>            Priority: Minor
>             Fix For: 3.0.0-milestone2, 2.7.11
>
>
> In the AbstractAuthFilter the query (or body) parameters used for signing are 
> only those included in ALLOWED_OAUTH_PARAMETERS.
> But if I'm reading the RFC correctly, it looks are though ALL parameters 
> should be considered for signature generation.
> To support both backwards compatibility, can I suggest exposing the 
> ALLOWED_OAUTH_PARAMETERS to subclasses (either directly or via 
> getter/setters) along with a flag that can be set to automatically include 
> any and all parameters?



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

[jira] [Resolved] (CXF-5569) OAuth AbstractAuthFilter and query parameters used for signing

Reply via email to