Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-4666

[OAuth2] securityContext problem on createSubject

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.7
    • 2.6.4, 2.7.1
    • JAX-RS Security
    • None
    • Unknown

    Description

      This is probably just ignorance on my part, but when I override the createSubject method in the RedirecationBasedGrantService.java file, the securityContext parameter that is passed in is of type AbstractHTTPDestination$2. This parameter contains my authentication token, but I don't know how to get at it, so I'm having to go to the SecurityContextHolder to get the context instead of just using the parameter.

      I'm just using standard Spring authentication, so it seems like many other people would also have AbstractHTTPDestination$2 as the security type, which causes roles to be missed in the OAuthUtils.createSubject method.

      I'm sure I missed some details so please let know your questions and thanks for your help.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            sergey_beryozkin Sergey Beryozkin
            tippettssh Steven Tippetts
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment