Skip to content
/ spring-oauth-userinfo Public

when using UserInfoTokenServices and its resttemplate is configured with AuthorizationCodeAccessTokenProvider and also with ClientCredentialsAccessTokenProvider then there's possibility to add whatever token and you will bypass security.

2 stars 0 forks Branches Tags Activity
Star
Notifications

bilak/spring-oauth-userinfo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

spring-oauth-userinfo-api

spring-oauth-userinfo-api

 
 

spring-oauth-userinfo-uaa

spring-oauth-userinfo-uaa

 
 

.gitignore

.gitignore

 
 

pom.xml

pom.xml

 
 

readme.md

readme.md

 
 

Repository files navigation

to reproduce:

  • start both applications
  • in command line execute curl -H 'Authorization: Bearer whatever' localhost:8080/hello (now you can see hello world)

then remove this line and repeat previous steps (you should not be able to see hello world).

About

when using UserInfoTokenServices and its resttemplate is configured with AuthorizationCodeAccessTokenProvider and also with ClientCredentialsAccessTokenProvider then there's possibility to add whatever token and you will bypass security.

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages