Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Protect oxTrust apis by UMA #803
Instead of 2 and 4 we can use more modern OOP/CDI based solution like:
In this annotation interceptor method can get from request Authorization header and call RPT endpoint to get list of allowed permissions, validate them and allow or not execute intercepted method.
In oxService there is annotation @secure which you can use as reference. I can write prototype if needed.