Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-4425

OAuth 1.0 timestamp and nonces are not validated and the validation can not be customized

    XMLWordPrintableJSON

    Details

    • Estimated Complexity:
      Unknown

      Description

      It's possible to send multiple request with the same header. Actually it's a security violation.

      Specifically, the default OAuthValidator is created per-request - this is OK for validating that a given OAuth message contains the expected parameters and that the signature is correct, but the default nonces cache is lost after the validation is done. Additionally, it is not possible to customize the validation process

        Attachments

          Activity

            People

            • Assignee:
              sergey_beryozkin Sergey Beryozkin
              Reporter:
              evgeni_kisel Evgeni Kisel
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: