[security-dev] Resteasy 3.0-beta-2 released with OAuth2 support

Anil Saldhana Anil.Saldhana at redhat.com
Thu Feb 21 11:33:37 EST 2013


PicketLink3 - I want to at least have the OAuth2 building blocks.  
JBossAS/RESTEasy wiring can happen in RESTEasy.

Do you care if the core OAuth object structure is in RESTEasy or not?

Analogously, SAML object model sits inside PL3.  All the 
bindings/container stuff is an external project (PL Container Bindings 
that is an extra jar).

When is RESTEasy3 planned?  Rough dates?

On 02/21/2013 08:58 AM, Bill Burke wrote:
> I'm not married to where the code lives, but I'm leaning towards it
> being a Resteasy project as its something I want to promote and maintain
> as a solution in the overall REST architecture.
>
> On 2/20/2013 11:31 AM, Anil Saldhana wrote:
>> I will be working with Bill to streamline our OAuth implementation.  I
>> dont care if OAuth stays in RESTEasy or PicketLink as long as our users
>> have support for OAuth from JBoss community.
>>
>> On 02/20/2013 09:55 AM, Bruno Oliveira wrote:
>>> 'kk what's the plan for PicketLink use amber
>>> (https://github.com/picketlink/picketlink/tree/master/oauth/src/main/java/org/picketlink/oauth/amber)
>>> or Bill's implementation?
>>>
>>> Or both?
>>>
>>> --
>>> "The measure of a man is what he does with power" - Plato
>>> -
>>> @abstractj
>>> -
>>> Volenti Nihil Difficile
>>>
>>> On Wednesday, February 20, 2013 at 12:26 PM, Anil Saldhana wrote:
>>>
>>>> Hi Bruno,
>>>>    I think that is the usecase for implicit grant type in OAuth2.  It
>>>> is used when the client cannot save any secrets or tokens such as
>>>> Javascript applications.
>>>>
>>>> Regards,
>>>> Anil
>>>>
>>>> On 02/20/2013 05:42 AM, Bruno Oliveira wrote:
>>>>> Hi Anil,
>>>>>
>>>>> Are you thinking in something like this?
>>>>> https://developers.google.com/accounts/docs/OAuth2#clientside
>>>>>
>>>>> If yes, makes sense.
>>>>>
>>>>>
>>>>> --
>>>>> "The measure of a man is what he does with power" - Plato
>>>>> -
>>>>> @abstractj
>>>>> -
>>>>> Volenti Nihil Difficile
>>>>>
>>>>> On Tuesday, February 19, 2013 at 11:05 PM, Anil Saldhana wrote:
>>>>>
>>>>>> I am unsure if "implicit" usecase implies insecure. All it does is
>>>>>> avoids the intermediate
>>>>>> authorization code grant step. It is useful for Javascript applications
>>>>


More information about the security-dev mailing list