Skip to content
/ spring-oauth-userinfo Public

when using UserInfoTokenServices and its resttemplate is configured with AuthorizationCodeAccessTokenProvider and also with ClientCredentialsAccessTokenProvider then there's possibility to add whatever token and you will bypass security.

3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bilak/spring-oauth-userinfo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
spring-oauth-userinfo-api
spring-oauth-userinfo-api
 
 
spring-oauth-userinfo-uaa
spring-oauth-userinfo-uaa
 
 
.gitignore
.gitignore
 
 
pom.xml
pom.xml
 
 
readme.md
readme.md
 
 

Repository files navigation

to reproduce:

  • start both applications
  • in command line execute curl -H 'Authorization: Bearer whatever' localhost:8080/hello (now you can see hello world)

then remove this line and repeat previous steps (you should not be able to see hello world).

About

when using UserInfoTokenServices and its resttemplate is configured with AuthorizationCodeAccessTokenProvider and also with ClientCredentialsAccessTokenProvider then there's possibility to add whatever token and you will bypass security.

Resources

Readme
Activity

Stars

3 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages