Permalink
Browse files

SECOAUTH-318: Add denyAll() catch all to token admin endpoints

  • Loading branch information...
1 parent a6febe6 commit 2e1eb036261ede6d29ff33c0ee2fa24e6bca9ca6 @dsyer dsyer committed Dec 24, 2012
@@ -34,6 +34,7 @@
method="GET" />
<intercept-url pattern="/oauth/clients/.*"
access="#oauth2.clientHasRole('ROLE_CLIENT') and #oauth2.isClient() and #oauth2.hasScope('read')" method="GET" />
+ <intercept-url pattern="/**" access="denyAll()"/>
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
<expression-handler ref="oauthWebExpressionHandler" />
@@ -132,7 +132,7 @@ public void testTokenNotGrantedIfSecretNotProvided() throws Exception {
assertEquals(HttpStatus.UNAUTHORIZED, e.getStatusCode());
List<String> values = tokenEndpointResponse.getHeaders().get("WWW-Authenticate");
assertEquals(1, values.size());
- assertEquals("Basic realm=\"sparklr2/client\"", values.get(0));
+ assertTrue(values.get(0).contains("Basic realm=\"sparklr2/client\""));
}
}

0 comments on commit 2e1eb03

Please sign in to comment.