hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-07 01:54:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

removing GET from allowed methods on authn/login controller endpoint

Browse Source
This commit is contained in:
James Creel
2018-05-12 11:53:53 -05:00
parent b60fecbb0a
commit 1d52ec86cd
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
dspace-spring-rest/src/main/java/org/dspace/app/rest/AuthenticationRestController.java
View File

@@ -84,13 +84,14 @@ public class AuthenticationRestController implements InitializingBean {
return authenticationStatusResource;
}
@RequestMapping(value = "/login", method = {RequestMethod.GET, RequestMethod.POST})
@RequestMapping(value = "/login", method = {RequestMethod.POST})
public ResponseEntity login(HttpServletRequest request, @RequestParam(name = "user", required = false) String user,
@RequestParam(name = "password", required = false) String password) {
//If you can get here, you should be authenticated, the actual login is handled by spring security
//see org.dspace.app.rest.security.StatelessLoginFilter
//If we don't have an EPerson here, this means authentication failed and we should return an error message.
log.info("\n\n***n\nGot Here\n\n***\n\n");
return getLoginResponse(request,
"Authentication failed for user " + user + ": The credentials you provided are not " +