remove authz service check for refresh requests (AthenZ#511)

cb-oath · Jul 6, 2018 · ab0637d · ab0637d
1 parent 16d3176
commit ab0637d
Showing 1 changed file with 0 additions and 7 deletions.
diff --git a/servers/zts/src/main/java/com/yahoo/athenz/zts/ZTSImpl.java b/servers/zts/src/main/java/com/yahoo/athenz/zts/ZTSImpl.java
@@ -2355,13 +2355,6 @@ public Identity postInstanceRefreshRequest(ResourceContext ctx, String domain,
 
         Principal principal = ((RsrcCtxWrapper) ctx).principal();
 
-        // verify that this is not an authorized service principal
-        // which is only supported for get role token operations
-
-        if (isAuthorizedServicePrincipal(principal)) {
-            throw forbiddenError("Authorized Service Principals not allowed", caller, domain);
-        }
-
         String fullServiceName = domain + "." + service;
         final String principalName = principal.getFullName();
         boolean userRequest = false;