Skip to content

cobyrne-pivot/spring-auth-troubles

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
gradle/wrapper
gradle/wrapper
 
 
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
settings.gradle
settings.gradle
 
 

Repository files navigation

Auth Troubles

The app has an endpoint at /api/foo secured by basic auth and a page at /home secured by OAuth/OIDC.

You can

./gradlew bootRun

then some things work

curl -v http://localhost:8080/home # => 302, as expected
curl -v http://localhost:8080/api/foo # => 401, as expected
curl -v http://username:password@localhost:8080/api/foo # => 200, as expected
curl -v http://guest:password@localhost:8080/api/foo # => 403, as expected

but some things break confusingly

curl -v http://asdf:asdf@localhost:8080/api/foo # => 302 instead of 401
curl -v http://username:wrong@localhost:8080/api/foo # => 302 instead of 401

but if you comment out OktaWebConfiguration then the 401/403s we expect are returned.

You can also

./gradlew check

and see our assertions pass, even though we observe different behavior in real life.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages