Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10794

API Explorer pages are still accessible after session timeout

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 14.0.0
    • Fix Version/s: None
    • Component/s: API descriptor, XUI
    • Labels:
    • Environment:
      OpenAM 14.0.0-SNAPSHOT Build 5bc2f25f66 (2017-March-01 00:32)
    • Rank:
      1|hzt1hb:

      Description

      After a session has terminated whilst using the API Explorer its pages are still accessible by two methods:

      1. Using the back and forward button on the browser
      2. Typing in the required URL
        1. or copying and pasting a URL from a different browser with an active session

      N.B.
      However, "Try it out!" on protected endpoints do fail:
      e.g.

      http://ec2-54-202-224-1.us-west-2.compute.amazonaws.com:8080/openam/XUI/#api/explorer/global-config/realms
      curl -X GET --header 'Accept: application/json' 'http://ec2-54-202-224-1.us-west-2.compute.amazonaws.com:8080/openam/json/global-config/realms?_queryFilter=true'
      

      results in:

      {
        "code": 401,
        "reason": "Unauthorized",
        "message": "Access Denied"
      }
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              AndrewVinall Andrew Vinall
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: