search

mitreid-connect / OpenID-Connect-Java-Spring-Server

An OpenID Connect reference implementation in Java on the Spring platform.
Other
1.47k stars 769 forks source link

OpenID-Connect-Java-Spring-Client #1427

Open Prabha2810 opened 5 years ago

Prabha2810 commented 5 years ago

Hi ,

I want the user must not be able to access any view page without a login. However its been happening .I have tried lots of code like hasRole concept but its not at all effective ... :(

What I am missing I dont know .. Do i need to see at server side ??? is there any way to handle it ? Please help ....

jricher commented 5 years ago

If you’re talking about inside your client application, using the MITREid Connect client library, then that’s a problem with your Spring Security configuration inside your app and is outside the scope of this project. If you’re talking about the MITREid Connect server, then there are several pages that the user can see when not logged in. This is by design and they do not leak sensitive information.

— Justin

On Sep 24, 2018, at 1:48 AM, Prabha2810 notifications@github.com wrote:

Hi ,

I want the user must not be able to access any view page without a login. However its been happening .I have tried lots of code like hasRole concept but its not at all effective ... :(

What I am missing I dont know .. Do i need to see at server side ??? is there any way to handle it ? Please help ....

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/1427, or mute the thread https://github.com/notifications/unsubscribe-auth/AAHej3Ze4WJ6qAmqiZSJ4MwJBk70KWIrks5ueHI7gaJpZM4W2F8L.