Announcement Announcement Module
Collapse
No announcement yet.
sparklr2 admin endpoints restricted to POST? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • sparklr2 admin endpoints restricted to POST?

    After doing the OAuth dance in tonr/sparklr with "marissa", I try to access the admin endpoints (using Chrome/Simple REST Client) by passing her access token, like so:

    Code:
    GET http://localhost:8080/sparklr2/oauth/users/marissa/tokens
    Authorization: Bearer (token)
    and I get:

    Code:
    403 Forbidden
    {"error":"access_denied","error_description":"Access is denied"}
    but if I POST, I get the desired response.

    Code:
    200 OK
    [{"access_token":"(access-token)","token_type":"bearer","refresh_token":"(refresh-token)","expires_in":26603,"scope":"read","client_id":"client1"}]
    But the config states:

    Code:
    <intercept-url pattern="/oauth/users/.*"
    access="#oauth2.clientHasRole('ROLE_CLIENT') and (hasRole('ROLE_USER') or #oauth2.isClient()) and #oauth2.hasScope('read')"
    method="GET" />
    so how can this be?

  • #2
    Looks like a bug in the sample to me. It shouldn't accept POST requests at all on that endpoint (but it *was* only added as a demo and to help with integration testing). Fee free to open a JIRA ticket and send a pull request as well if you have time.

    Comment


    • #3
      OK thanks. I've opened SECOAUTH-318 to track this issue.

      Comment

      Working...
      X