github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

restricted access to /authorize to ROLE_USER accounts, closes #892

pull/890/merge
Justin Richer 2015-08-21 10:20:15 -04:00
parent 22c05ec51b
commit 54d8d890e5
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
openid-connect-server-webapp/src/main/webapp/WEB-INF/user-context.xml
View File

@ -43,6 +43,7 @@
<security:http disable-url-rewriting="true" use-expressions="true">
<security:form-login login-page="/login" authentication-failure-url="/login?error=failure" authentication-success-handler-ref="authenticationTimeStamper" />
<security:intercept-url pattern="/authorize" access="hasRole('ROLE_USER')" />
<security:intercept-url pattern="/**" access="permitAll" />
<security:custom-filter ref="authRequestFilter" after="SECURITY_CONTEXT_FILTER" />
<security:logout logout-url="/logout" />

1
uma-server-webapp/src/main/webapp/WEB-INF/user-context.xml
View File

@ -125,6 +125,7 @@
<security:http disable-url-rewriting="true" use-expressions="true">
<security:form-login login-page="/login" authentication-failure-url="/login?error=failure" authentication-success-handler-ref="authenticationTimeStamper" />
<security:intercept-url pattern="/authorize" access="hasRole('ROLE_USER')" />
<security:intercept-url pattern="/**" access="permitAll" />
<security:custom-filter before="PRE_AUTH_FILTER" ref="externalAuthenticationFilter" />
<security:custom-filter ref="authRequestFilter" after="SECURITY_CONTEXT_FILTER" />