Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/dogeared/stormpath-test
https://github.com/dogeared/stormpath-test
Last synced: about 18 hours ago
JSON representation
- Host: GitHub
- URL: https://github.com/dogeared/stormpath-test
- Owner: dogeared
- Created: 2015-11-24T00:10:19.000Z (almost 9 years ago)
- Default Branch: master
- Last Pushed: 2015-11-24T04:02:17.000Z (almost 9 years ago)
- Last Synced: 2024-04-15T13:19:46.198Z (7 months ago)
- Language: Java
- Size: 56.6 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# stormpath-test
Right now, Spring Security and Stormpath OAuth do not play nicely together :(. An upcoming release will resolve this. In the meantime, here's what you can do:
1. Disable Spring Security
Add the following to `application.properties`:
```
stormpath.spring.security.enabled = false
security.basic.enabled = false
```
2. Add a check in your controller for basic authentication or authorizaton rules
```
@RequestMapping("/greeting")
public Greeting greeting(HttpServletRequest req) {
Account account = AccountResolver.INSTANCE.getAccount(req);
if (account == null) { throw new ForbiddenException(); }
return new Greeting(counter.incrementAndGet(), String.format(template, account.getFullName()));
}
```
With this setup, Stormpath OAuth behaves as expected:
```
curl -X POST \
-H "Origin: http://localhost:8080" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=password&username=&password=" \
http://localhost:8080/oauth/token
```
This will return an access token:
```
{"access_token":"eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiI1MGMzMGQ4NC04YjE...","token_type":"Bearer","expires_in":259200}
```
You can then hit your protected endpoint using the access token:
```
curl -H "Authorization: Bearer " \
http://localhost:8080/greeting
```
This will return the response you are expecting:
```
{"id":1,"content":"Hello, m s!"}
```