github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added "OPTIONS" option to /token filter with no auth, addresses #527

pull/576/head
Justin Richer 2014-01-21 20:54:01 -05:00
parent e9d4acfd03
commit df589b39df
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml
View File

@ -66,9 +66,11 @@
<security:http pattern="/token"
create-session="stateless"
authentication-manager-ref="clientAuthenticationManager"
entry-point-ref="oauthAuthenticationEntryPoint">
entry-point-ref="oauthAuthenticationEntryPoint"
user-expressions="true">
<security:intercept-url pattern="/token" access="IS_AUTHENTICATED_FULLY" />
<security:intercept-url pattern="/token" access="permitAll" method="OPTIONS" /> <!-- allow OPTIONS calls without auth for CORS stuff -->
<security:intercept-url pattern="/token" access="isAuthenticated()" />
<security:anonymous enabled="false" />
<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
<!-- include this only if you need to authenticate clients via request parameters -->