[CXF-4341] AccessTokenService does not identify the authentication scheme - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.6
Fix Version/s: 2.6.1
Component/s: JAX-RS Security
Labels:
- oauth2

Estimated Complexity:
Novice

Description

Inside AccessTokenService when checking if the client is authenticated (method authenticateClientIfNeeded), the condition to find out the authentication scheme used by an already authenticated client compares to "Basic" and a value as "BASIC" evaluates it to false.

In my environment (tomcat 7 + jdk 1.6 + CXF 2.6.1 last snapshot), after SSL activation and added the following security constraint to oauth2 endpoint:

<security-constraint>
<web-resource-collection>
<web-resource-name>OAuth Services</web-resource-name>
<url-pattern>/services/oauth2/token</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>OAUTH2_USER</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>OAuth services</realm-name>
</login-config>

SecurityContext.getAuthenticationScheme() always returns "BASIC". Wouldn't be better to ignore upper/lower case?

Attachments

Activity

People

Assignee:: Sergey Beryozkin

Reporter:: Jordi Gerona

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 25/May/12 09:51

Updated:: 05/Jun/12 13:31

Resolved:: 25/May/12 11:08