github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Seems to be fixed! Added the "security:" prefix to the first http block in application-context. The compiler should have been catching that there was no matching for http w/o it, but it was just letting it through.

pull/59/head
Amanda Anganes 2012-04-16 12:23:23 -04:00
parent f0f339d45f
commit 67edc1c191
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
openid-connect-server/src/main/webapp/WEB-INF/spring/application-context.xml
View File

@ -23,8 +23,7 @@
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="springSecurityAuthenticationManager"/> <security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="springSecurityAuthenticationManager"/>
<!-- 4/11 AANGANES trying:remove "create-session="stateless"" from below statement --> <security:http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager"
<http pattern="/oauth/token" authentication-manager-ref="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security"> xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" /> <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
<anonymous enabled="false" /> <anonymous enabled="false" />
@ -32,7 +31,7 @@
<!-- include this only if you need to authenticate clients via request parameters --> <!-- include this only if you need to authenticate clients via request parameters -->
<custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" /> <custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" /> <access-denied-handler ref="oauthAccessDeniedHandler" />
</http> </security:http>
<security:http use-expressions="true" auto-config="true" pattern="/oauth/authorize" authentication-manager-ref="springSecurityAuthenticationManager"> <security:http use-expressions="true" auto-config="true" pattern="/oauth/authorize" authentication-manager-ref="springSecurityAuthenticationManager">
<security:intercept-url pattern="/oauth/authorize" access="hasRole('ROLE_USER')"/> <security:intercept-url pattern="/oauth/authorize" access="hasRole('ROLE_USER')"/>