Paul C. Bryan wrote:
>
> Good catch, thanks. I've checked-in a fix to the trunk.
>
Wow, that was quick, you guys don't mess around :)
I have a question about oAuth and Jersey. In the
http://wikis.sun.com/display/Jersey/OAuth wiki an example is given for
applying oAuth at a per-service level.
We have a use-case in which we need to apply oAuth to all service calls, in
other words, at the application level. The authentication mechanism is very
simple: essentially a token, nonce, timestamp and hash verified with a
private key shared manually in advance.
The wiki page recommends using server filters for securing groups of
resources. Is it possible to implement a Provider or similar in order to
secure all service calls as described above, within Jersey? I'm not familiar
with OpenSSO or ServletFilters and it looks fairly involved to set up, so
I'd just like to know if there's a simpler solution.
Thanks again,
Dirk
--
View this message in context: http://n2.nabble.com/oAuth-HMAC-SHA1-implementation-bug-tp3506009p3511853.html
Sent from the Jersey mailing list archive at Nabble.com.