Versions Compared

Old Version 75

changes.mady.by.user Sergey Beryozkin

Saved on

compared with

New Version 76

changes.mady.by.user Sergey Beryozkin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

AuthorizationCodeGrantService is easier to put where the application endpoints are. It can be put alongside AccessTokenService, but ideally an SSO based authentication solution will be also be deployed, for the end user to avoid signing in separately several times (see more in it below). Here is an example of AuthorizationCodeGrantService and ImplicitGrantService being collocated with the application endpoint:

Code Block
xml
xml
<bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
  <property name="dataProvider" ref="oauthProvider"/>
</bean>

<bean id="implicitService" class="org.apache.cxf.rs.security.oauth2.services.ImplicitGrantService">
  <property name="myApp"dataProvider" ref="oauthProvider"/>
</bean>

<bean id="jaxrsService" class="org.myapp.MyAppMyService"/>

<jaxrs:server id="appServer" address="/myapp">
   <jaxrs:serviceBeans>
      <ref bean="myAppjaxrsService"/>
      <ref bean="authorizationService"/>
      <ref bean="implicitService"/>
   </jaxrs:serviceBeans>
</jaxrs:server>

AuthorizationCodeGrantService listens on a relative "/authorize" path so in this case its absolute address will be something like "http://localhost:8080/services/myapp/authorize". This address and that of AccessTokenService will be used by third-party clients.

ImplictGrantService listens on a relative "/authorize-implicit" path

AuthorizationCode and Implicit Services on the same relative path

As has already been mentioned in the previous section,  AuthorizationCodeGrantService and ImplictGrantService listen on two different relative paths: "/authorize" and "/authorize-implicit". Having both services available at different addresses may not always be preferred though. If preferred, one can use AuthorizationService 'container' service:

Code Block
xml
xml
<bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
  <property name="dataProvider" ref="oauthProvider"/>
</bean>

<bean id="implicitService" class="org.apache.cxf.rs.security.oauth2.services.ImplicitGrantService">
  <property name="dataProvider" ref="oauthProvider"/>
</bean>

<util:list id="servicesList">
  <ref bean="authorizationService"/>
  <ref bean="implicitService"/>
</util:list>

<bean id="oauth2Service" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationService">
    <property name="services" ref="servicesList"/>
</bean>

<bean id="jaxrsService" class="org.myapp.MyService"/>

<jaxrs:server id="appServer" address="/myapp">
   <jaxrs:serviceBeans>
      <ref bean="jaxrsService"/>
      <ref bean="oauth2Service"/>
   </jaxrs:serviceBeans>
</jaxrs:server>

See this application context for another example.

Third Party Client Authentication

...