Details

    • Type: Sub-Task
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Note: When it says "JAX-RS application" below, this also means the JSON-WS application. The latter is using the same concepts/infrastructure.

      oauth2-provider-api:

      Service Builder OAuth2 API + General configuration

      oauth2-provider-jsonws:

      JSONWS OAuth2 support. Registers ScopeFinder, ApplicationDescriptor,   ScopeDescriptor services for Service Access Policies entries with specific prefix (default is "OAUTH2_").

      oauth2-provider-rest:

      OAuth2 Provider JAX-RS application with REST endpoints that implement the OAuth2 grant flows.

      JAX-RS whiteboard features:

      • HttpMethodFeature and AnnotationFeature that enabled registration of  ScopeFinder services for JAX-RS applications
      • Provides DefaultBearerTokenProviderConfiguration for access token configuration (lifetime, size etc.)
      • Provides ConfigurableScopeCheckerFeature (and ConfigurableScopeCheckerFeatureConfiguration) which can apply scope checking based on JAX-RS request path patterns + HTTP verbs.

      Default OAuth2 SPI service impls:

      • BearerTokenProviderAccessor ( BearerTokenProviderAccessor)
      • DefaultBearerTokenProvider  ( BearerTokenProvider)

      Other services:

      • OAuth2RestAuthVerifier
        • Verifies and sets Access Tokens into  ThreadLocalScopeContextScopeChecker
          • Later used to check scopes by one of:
            • AnnotationContainerScopeCheckerContainerRequestFilter
            • HttpScopeCheckerContainerRequestFilter
            • ConfigurableContainerScopeCheckerContainerRequestFilter
        • Sets user in AuthVerifierResult according to the access token

      oauth2-provider-rest-spi:

      Providers SPI types:

      • BearerTokenProviderAccessor
      • BearerTokenProvider

      oauth2-provider-scope-api:

      The main scopes API used by applications that want to protect their resources using OAuth2. The module contains annotation types:

      • RequiresNoScope
      • RequiresScope

      And a programatic way to check scopes in apps via service reference:

      • ScopeChecker

      oauth2-provider-scope-impl:

      Implementations of API in oauth2-provider-scope-api and oauth2-provider-scope-liferay-api.

      Configuration:

      • BundlePrefixHandlerFactoryConfiguration
      • ConfigurableScopeMapperConfiguration

      Default SPI services implementations for oauth2-provider-scope-spi

      JAX-RS whiteboard features:

      • LiferayOAuth2OSGIFeature - Registers default services for each deployed JAX-RS application:
        • ApplicationDescriptor
        • ScopeDescriptor
        • AuthVerifier  (i.e. OAuth2RestAuthVerifier)

      oauth2-provider-scope-liferay-api:

      • The main API to the OAuth2 Provider. Implemented by oauth2-provider-scope-impl

      Including  ScopeLocatorImpl which is an implementation of ScopeLocator, and particularly noteworthy because it is the engine that takes all SPI implementations into account to produce the final OAuth2 scopes surface.

      Also ChunkScopeMatcherFactory, an implementation of ScopeMatcherFactory, is noteworthy because it implements out dot notation. i.e. requesting a scope named "everything" implicitly includes "everything.read"

      oauth2-provider-scope-spi:

      Provides SPI types relating to integrating scopes registered by JAX-RS applications.

      • ApplicationDescriptor- For providing descriptions of JAX-RS applications to display on UI
      • PrefixHandlerFactory - Builds instances of PrefixHandler that adds a prefix to [mappered] application scopes. To prevent them grouping into "global scopes"
      • ScopeDescriptor - To provide descriptions of of scopes registered by JAX-RS applications
      • ScopeFinder - To register scopes for JAX-RS applications
      • ScopeMapper - To change the scopes (rename or merge) scopes that are registered by JAX-RS applications
      • ScopeMatcherFactory - Builds instances of ScopeMatcher that enable scope X to be implied by scope Y

      oauth2-provider-service:

      Service Builder service implementation

      oauth2-provider-test:

      Integration tests

      oauth2-provider-web:

      The web UI for OAuth2 provider. Both admin and end-user UI

        Attachments

          Activity

            People

            • Assignee:
              id30721 id30721
              Reporter:
              id30721 id30721
              Participants of an Issue:
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:

                Packages

                Version Package