Announcement Announcement Module
No announcement yet.
OAuth2RestTemplate used to invoke unsecured method on webservice Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • OAuth2RestTemplate used to invoke unsecured method on webservice


    I have REST webservice and a website which is a client of the webservice. The webservice has some secured endpoints which i have secured using OAuth2 password grant. The website uses OAuth2RestTemplate when interacting with the webservice. The template is session scoped. I want all communication between the website and webservice to go via this template.

    Currently if i invoke an unprotected endpoint on the webservice (this is possible as the user can do a number of things on the website that doesnt require authentication) I get an exception as the template falls over when trying to get an access token.

    I dont want the website code to have to decide whether to use OAuth2RestTemplate or a normal Resttemplate depending on whether a public or a protected webservice endpoint is invoked.

    Do you have any suggestions on how I can go about achieving this?


  • #2
    You're not really supposed to use password grants for that kind of set up - the password shouldn't be revealed to the client and you can easily avoid that by using auth code grant. Is there a reason you don't want to do that?