Project

General

Profile

Revision d7c9d360

IDd7c9d360a01c477938ecb1fd56ddb16329f9f5d3
Parent 30ae7ce0
Child 30ca59d9

Added by Andreas Kohlbecker over 3 years ago

ref #6248 disabling authorization restriction on /manage/ as temp workaround

View differences:

cdmlib-remote/src/main/java/eu/etaxonomy/cdm/remote/config/OAuth2ServerConfiguration.java
58 58
            .and() // TODO do we need this?
59 59
                .requestMatchers()
60 60
                    .antMatchers(
61
                        "/manage/**",
61
                     //   "/manage/**",
62 62
                        "/user/**"
63 63
                        // "/oauth/users/**",
64 64
                        // "/oauth/clients/**")
......
71 71
                    //      or
72 72
                    //   org.springframework.security.access.expression.SecurityExpressionRoot
73 73
                    // - org.springframework.security.oauth2.provider.expression.OAuth2SecurityExpressionMethods
74
                    .antMatchers("/manage/**").access("#oauth2.clientHasRole('ROLE_CLIENT') or (!#oauth2.isOAuth() and hasRole('ROLE_ADMIN'))")
74
                  //  .antMatchers("/manage/**").access("#oauth2.clientHasRole('ROLE_CLIENT') or (!#oauth2.isOAuth() and hasRole('ROLE_ADMIN'))")
75 75
                    .antMatchers("/user/me").access("isAuthenticated()")
76 76
                    .regexMatchers("/user/.*|/user\\..*").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER_MANAGER')")
77 77

  

Also available in: Unified diff

Add picture from clipboard (Maximum size: 40 MB)