...
Table of Contents |
---|
Introduction
New:
- OAuth2 module now depends on CXF cxf-rt-rs-security-jose module with the utility code in place to support a number of OAuth2 features depending on JOSE
- CXF 3.0.0-milestone2 makes it simpler to encrypt the token and other OAuth2 server model state
- OAuthDataProvider has a new revokeToken() method added to support the client-driven token revocation
- AccessTokenValidationService has been enhanced to ensure the validation can proceed only if the authenticated Principal is available.
- OAuthRequestInterceptor has been added to make it easier for non-JAXRS endpoints to use OAuth2 tokens
CXF provides the implementation of OAuth 2.0. See also the JAX-RS OAuth page for information about OAuth 1.0.
...
Starting from CXF 2.7.7 an audience parameter is supported during the client token requests.
OAuthJSONProvider
org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider is a JAX-RS MessageBodyWriter which supports returning ClientAccessToken and OAuthError representations to the client in a JSON format required by OAuth2 spec. It is also a JAX-RS MessageBodyReader that is used by client OAuthClientUtils (see below) to read the responses from AccessTokenService.
Register it as a provider with a JAXRS AccessTokenService endpoint.
Alternatively, if you prefer, a custom MessageBodyWriter implementation can be registered instead.
AccessTokenValidationService
...