Results 1 to 3 of 3

Thread: granting token in password flow using group-based access

Threaded View

  1. Dec 2nd, 2012, 02:22 AM #1
    jrod
    jrod is offline Member
    Join Date
    Jul 2012
    Posts
    39

    Default granting token in password flow using group-based access

    From all the examples I've seen, it looks like the typical scenario in password flow is to always issue a token to an authenticated user and let subsequent requests to protected resources dictate whether the logged-in user is authorized to access them.

    I have a slightly different use case. How can I set it up in password flow so that only authenticated users in a certain role (i.e., LDAP group) would be granted a token? All other users (whether unauthenticated or unauthorized) would receive an error message.

    I will be supporting other flows (auth, client) so whatever solution posed here cannot override other flows. For example, a simple solution to my use case would be to change:

    Code:
    <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
    to:

    Code:
    <intercept-url pattern="/oauth/token" access="(my specific role)" />
    But then this would change the access pattern for non-password flows as well, which I don't want.

    Is it possible to have separate <http> blocks pointing to the same URL for different flows?
    Last edited by jrod; Dec 2nd, 2012 at 02:34 AM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules