[SECOAUTH-363] OAuth2 responses due to an Exception do not contain the "Pragma: no-cache" header as per specification - Spring JIRA

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Trivial
Resolution: Complete
Affects Version/s: 1.0.0
Fix Version/s: 1.0.1
Component/s: OAuth 2
Labels:
- oauth2
- security

Description

The "Pragma: no-cache" header and value is not returned when an exception is thrown within the context of a TokenEndpoint instance. I suggest the DefaultWebResponseExceptionTranslator#handleOAuth2Exception should be modified to set this value.

I have worked around this by creating a bean that gets loaded after the "oauth2TokenEndpoint" bean, has a property that references the "oauth2TokenEndpoint" bean, and also has an "afterPropertiesSet" method implementation that sets the "oauth2TokenEndpoint" bean with a custom class that extends DefaultWebResponseExceptionTranslator. The custom class overrides the "translate" method to add this header and value into the super's returned result.

Attachments

Activity

People

Assignee:: Dave Syer

Reporter:: David Williams

Archiver:: Trevor Marshall

Dates

Created:: 30/Nov/12 7:06 PM

Updated:: 14/Dec/12 8:34 AM

Resolved:: 14/Dec/12 8:34 AM

Archived:: 09/Feb/23 11:22 PM