Mar 7th, 2013, 07:44 AM
OAuth2RestTemplate used to invoke unsecured method on webservice
I have REST webservice and a website which is a client of the webservice. The webservice has some secured endpoints which i have secured using OAuth2 password grant. The website uses OAuth2RestTemplate when interacting with the webservice. The template is session scoped. I want all communication between the website and webservice to go via this template.
Currently if i invoke an unprotected endpoint on the webservice (this is possible as the user can do a number of things on the website that doesnt require authentication) I get an exception as the template falls over when trying to get an access token.
I dont want the website code to have to decide whether to use OAuth2RestTemplate or a normal Resttemplate depending on whether a public or a protected webservice endpoint is invoked.
Do you have any suggestions on how I can go about achieving this?
Mar 7th, 2013, 09:05 AM
You're not really supposed to use password grants for that kind of set up - the password shouldn't be revealed to the client and you can easily avoid that by using auth code grant. Is there a reason you don't want to do that?