search

wso2 / product-apim

Welcome to the WSO2 API Manager source code! For info on working with the WSO2 API Manager repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
846 stars 785 forks source link

v4.0.0 Resources not defined doesn't restrict access to those endpoints. #11336

Closed DavidCGarcia89 closed 3 years ago

DavidCGarcia89 commented 3 years ago

Description:

If I have an API in NodeJS with the endpoints "/users" and "/data". Then in the API manager I create a new API and define the resource "/users". The I go to the devportal, I create an App with credentials to access the API. Then with postman I get the credentials of the App and send the request to the API created. I can access all the resources even if I didn't define all of them in the resource tab. In the version 3.2.0 I can only access to the ones I defined in the resources tab.

Steps to reproduce:

Affected Product Version:

4.0.0

Environment details (with versions):

DavidCGarcia89 commented 3 years ago

Solution:

You need to release a new Revision for the current version of the App.

If not it will get the default resources with the /*