I'm a little baffled. I'm using ACL, and I have a Spring controller, with two public methods:
@RequestMapping(value="{id}", method = RequestMethod.DELETE, consumes = "application/json")
...
Type: Posts; User: eve; Keyword(s):
Expressions-Based Access Control: @PostFilter not called, @PreAuthroize fine.
I'm a little baffled. I'm using ACL, and I have a Spring controller, with two public methods:
@RequestMapping(value="{id}", method = RequestMethod.DELETE, consumes = "application/json")
...
Thanks palapura for the explanation (Yes,...
Thanks palapura for the explanation (Yes, /services is where my "photo" equivalent API lives). As I understand now, if I'm not using SpringSecuirty oAuth client-side, I shouldn't expect to get...
Ah ha! That makes perfect sense. Thanks for...
Ah ha! That makes perfect sense. Thanks for explaining that. I switched to stateless for the API and now I'm getting a proper 401 Unauthorized error when I run the test, and the same message as I see...
Securing REST with OAuth2: Authentication object was not found in the SecurityContext
I have an existing REST API (Apache CXF), which I am trying to secure using oAuth2. I'm going to have to re-write the API in Spring anyway (I need ACL and new endpoints), but initially I just want to...