<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
In this block access intercept is set to permitAll: <span style="color: rgb(51, 51, 51); font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; line-height: 16px; white-space: pre; background-color: rgb(255, 255, 255);"><</span><span class="pl-ent" style="box-sizing: border-box; color: rgb(99, 163, 92); font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; line-height: 16px; white-space: pre; background-color: rgb(255, 255, 255);">security</span><span class="pl-ent" style="box-sizing: border-box; color: rgb(99, 163, 92); font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; line-height: 16px; white-space: pre; background-color: rgb(255, 255, 255);">:</span><span class="pl-ent" style="box-sizing: border-box; color: rgb(99, 163, 92); font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; line-height: 16px; white-space: pre; background-color: rgb(255, 255, 255);">intercept-url</span><span style="color: rgb(51, 51, 51); font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; line-height: 16px; white-space: pre; background-color: rgb(255, 255, 255);">
</span><span class="pl-e" style="box-sizing: border-box; color: rgb(121, 93, 163); font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; line-height: 16px; white-space: pre; background-color: rgb(255, 255, 255);">pattern</span><span style="color: rgb(51, 51, 51); font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; line-height: 16px; white-space: pre; background-color: rgb(255, 255, 255);">=</span><span class="pl-s" style="box-sizing: border-box; color: rgb(24, 54, 145); font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; line-height: 16px; white-space: pre; background-color: rgb(255, 255, 255);"><span class="pl-pds" style="box-sizing: border-box;">"</span>/**<span class="pl-pds" style="box-sizing: border-box;">"</span></span><span style="color: rgb(51, 51, 51); font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; line-height: 16px; white-space: pre; background-color: rgb(255, 255, 255);">
</span><span class="pl-e" style="box-sizing: border-box; color: rgb(121, 93, 163); font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; line-height: 16px; white-space: pre; background-color: rgb(255, 255, 255);">access</span><span style="color: rgb(51, 51, 51); font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; line-height: 16px; white-space: pre; background-color: rgb(255, 255, 255);">=</span><span class="pl-s" style="box-sizing: border-box; color: rgb(24, 54, 145); font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; line-height: 16px; white-space: pre; background-color: rgb(255, 255, 255);"><span class="pl-pds" style="box-sizing: border-box;">"</span>permitAll<span class="pl-pds" style="box-sizing: border-box;">"</span></span><span style="color: rgb(51, 51, 51); font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; line-height: 16px; white-space: pre; background-color: rgb(255, 255, 255);">
/></span>
<div>What mechanism is used to protect this EP? </div>
<div><br>
</div>
<div>Thanks,</div>
<div>Zhanna</div>
<div><br>
<div>
<div>
<div>On Aug 20, 2015, at 9:47 AM, Justin Richer <<a href="mailto:jricher@MIT.EDU">jricher@MIT.EDU</a>> wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
As it says in the paragraph of documentation that you quoted below, it’s protected the same way that the rest of the UI is protected. This is handled in the main <security:http> block in user-context.xml.
<div class=""><br class="">
</div>
<div class=""> — Justin</div>
<div class=""><br class="">
<div>
<blockquote type="cite" class="">
<div class="">On Aug 20, 2015, at 9:45 AM, Zhanna Tsitkov <<a href="mailto:tsitkova@mit.edu" class="">tsitkova@mit.edu</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<font color="#232323" class="">Hi,</font>
<div class=""><font color="#232323" class="">According to the documentation for <span style="background-color: rgb(255, 255, 255); line-height: 18px; white-space: pre;" class="">configure method of
</span> <span class="pl-en" style="line-height: 18px; white-space: pre; background-color: rgb(255, 255, 255); box-sizing: border-box;">AuthorizationServerConfigurer
</span><span class="pl-k" style="line-height: 18px; white-space: pre; background-color: rgb(255, 255, 255); box-sizing: border-box;">interface</span><span style="line-height: 18px; white-space: pre; background-color: rgb(255, 255, 255);" class="">
</span></font></div>
<div class=""><span style="color: rgb(51, 51, 51); font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 12px; line-height: 18px; white-space: pre; background-color: rgb(255, 255, 255);" class="">"</span></div>
<br class="">
<table class="tab-size js-file-line-container highlight" data-tab-size="8" style="box-sizing: border-box; border-collapse: collapse; border-spacing: 0px; tab-size: 8; color: rgb(51, 51, 51); font-family: Helvetica, arial, nimbussansl, liberationsans, freesans, clean, sans-serif, 'Segoe UI Emoji', 'Segoe UI Symbol'; font-size: 13px; line-height: 18px; background-color: rgb(255, 255, 255); position: static; z-index: auto;">
<tbody style="box-sizing: border-box;" class="">
<tr style="box-sizing: border-box;" class="">
<td id="LC32" class="js-file-line blob-code-inner blob-code" style="box-sizing: border-box; padding: 0px 10px; position: relative; vertical-align: top; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 12px; white-space: pre; overflow: visible; word-wrap: normal;">
<br class="">
</td>
</tr>
<tr style="box-sizing: border-box;" class="">
<td id="L33" class="blob-num js-line-number" data-line-number="33" style="box-sizing: border-box; padding: 0px 10px; width: 50px; min-width: 50px; white-space: nowrap; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 12px; vertical-align: top; text-align: right; border-style: solid; border-color: rgb(238, 238, 238); border-width: 0px 1px 0px 0px; cursor: pointer; -webkit-user-select: none;">
</td>
<td id="LC33" class="js-file-line blob-code-inner blob-code" style="box-sizing: border-box; padding: 0px 10px; position: relative; vertical-align: top; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 12px; white-space: pre; overflow: visible; word-wrap: normal;">
<span class="pl-c" style="box-sizing: border-box; color: rgb(150, 152, 150);">* The /oauth/authorize endpoint also needs to be secure, but that is a normal user-facing endpoint and should be</span></td>
</tr>
<tr style="box-sizing: border-box;" class="">
<td id="L34" class="blob-num js-line-number" data-line-number="34" style="box-sizing: border-box; padding: 0px 10px; width: 50px; min-width: 50px; white-space: nowrap; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 12px; vertical-align: top; text-align: right; border-style: solid; border-color: rgb(238, 238, 238); border-width: 0px 1px 0px 0px; cursor: pointer; -webkit-user-select: none;">
</td>
<td id="LC34" class="js-file-line blob-code-inner blob-code" style="box-sizing: border-box; padding: 0px 10px; position: relative; vertical-align: top; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 12px; white-space: pre; overflow: visible; word-wrap: normal;">
<span class="pl-c" style="box-sizing: border-box; color: rgb(150, 152, 150);">* secured the same way as the rest of your UI, so is not covered here. The default settings cover the most common</span></td>
</tr>
<tr style="box-sizing: border-box;" class="">
<td id="L35" class="blob-num js-line-number" data-line-number="35" style="box-sizing: border-box; padding: 0px 10px; width: 50px; min-width: 50px; white-space: nowrap; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 12px; vertical-align: top; text-align: right; border-style: solid; border-color: rgb(238, 238, 238); border-width: 0px 1px 0px 0px; cursor: pointer; -webkit-user-select: none;">
</td>
<td id="LC35" class="js-file-line blob-code-inner blob-code" style="box-sizing: border-box; padding: 0px 10px; position: relative; vertical-align: top; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 12px; white-space: pre; overflow: visible; word-wrap: normal;">
<span class="pl-c" style="box-sizing: border-box; color: rgb(150, 152, 150);">* requirements, following recommendations from the OAuth2 spec, so you don't need to do anything here to get a</span></td>
</tr>
<tr style="box-sizing: border-box;" class="">
<td id="L36" class="blob-num js-line-number" data-line-number="36" style="box-sizing: border-box; padding: 0px 10px; width: 50px; min-width: 50px; white-space: nowrap; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 12px; vertical-align: top; text-align: right; border-style: solid; border-color: rgb(238, 238, 238); border-width: 0px 1px 0px 0px; cursor: pointer; -webkit-user-select: none;">
</td>
<td id="LC36" class="js-file-line blob-code-inner blob-code" style="box-sizing: border-box; padding: 0px 10px; position: relative; vertical-align: top; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; font-size: 12px; white-space: pre; overflow: visible; word-wrap: normal;">
<span class="pl-c" style="box-sizing: border-box; color: rgb(150, 152, 150);">* basic server up and running.</span></td>
</tr>
</tbody>
</table>
<div class="">"</div>
<div class="">In MitreID Connect it looks like this EP is not explicitly protected. How it is done? </div>
<div class="">Thanks,</div>
<div class="">Zhanna</div>
</div>
_______________________________________________<br class="">
mitreid-connect mailing list<br class="">
<a href="mailto:mitreid-connect@mit.edu" class="">mitreid-connect@mit.edu</a><br class="">
<a href="http://mailman.mit.edu/mailman/listinfo/mitreid-connect">http://mailman.mit.edu/mailman/listinfo/mitreid-connect</a><br class="">
</div>
</blockquote>
</div>
<br class="">
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</body>
</html>