Verify spring security path

Labs64 / NetLicensing-Gateway

Labs64 NetLicensing / eCommerce gateway

https://netlicensing.io/wiki/gateway

Apache License 2.0

10 stars 4 forks source link

Verify spring security path #11

Closed r-brown closed 4 years ago

r-brown commented 4 years ago

In the spring security configuration https://github.com/Labs64/NetLicensing-Gateway/blob/master/src/main/resources/context/security.xml#L15 the path mycommerce/keygen points to a non-exisiting endpoint.

Is there any reason to define such path?
how the real path is protected then: https://github.com/Labs64/NetLicensing-Gateway/blob/master/src/main/java/com/labs64/netlicensing/gateway/util/Constants.java#L29

r-brown commented 4 years ago

Implementation is not acceptable. Which impact will be at the current integrations after this change? Test?!?!?!

yushkevich commented 4 years ago

Authentication must be provided for the mycommerce/codegen

send mycommerce request without authentication
send mycommerce request with the wrong authentication
send mycommerce request with the right authentication

r-brown commented 4 years ago

send mycommerce request with the right authentication

fails with HTTP401 - why?

Why do we need integration specific entry in the global spring-security configuration?

yushkevich commented 4 years ago

send mycommerce request with the right authentication (it was wrong screenshot)

yushkevich commented 4 years ago

Why do we need integration specific entry in the global spring-security configuration?

there is no reason

send mycommerce request without authentication

send mycommerce request with the wrong authentication

send mycommerce request with the right authentication