PASOE: How to enable anonymous user access with OAuth2 login model?


Article Number000088708
EnvironmentProduct: OpenEdge
Version: 11.7.2
OS: All supported platfoms
Other: Progress AppServer for OpenEdge, PASOE
Question/Problem Description
How to enable anonymous user with OAuth2 login model?
Despite setting the right URL access control in oeablSecurityJwt.csv, anonymous users can't access resources. 
Unauthenticated users trying to access any resource with OAuth2 experience an authorization error.
Steps to Reproduce
Clarifying Information
Using the OAuth2 login model.
The oeablSecurityJwt.csv configuration file has been modified so some of the resources can be accessed without requiring OAuth2 authentication (ie anonymous user):
For instance to allow access to the web/ folder to all users (including unauthenticated ones) the oeablSecurityJwt.csv has been modified as follows: 
<intercept-url pattern="/web/**" access="permitAll()"/>

Error Message<oauth>
An Authentication object was not found in the SecurityContext
Defect/Enhancement Number
Setting URL access control in oeablSecurityJwt.csv must be completed with a change in WEB-INF/spring/enableOAuth2ResourceServer.xml to enable anonymous user access.
  1. Stop the PASOE instance
  2. Edit webapps/<app name>/WEB-INF/spring/enableOAuth2ResourceServer.xml
  3. Identify the URL access control section you aim to enable anonymous user access and change:
<anonymous enabled="false" />
<anonymous enabled="true" />

Last Modified Date4/20/2018 9:16 AM

The origins of the information on this site may be internal or external to Progress Software Corporation (“Progress”). Progress Software Corporation makes all reasonable efforts to verify this information. However, the information provided is for your information only. Progress Software Corporation makes no explicit or implied claims to the validity of this information.

Any sample code provided on this site is not supported under any Progress support program or service. The sample code is provided on an "AS IS" basis. Progress makes no warranties, express or implied, and disclaims all implied warranties including, without limitation, the implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample code is borne by the user. In no event shall Progress, its employees, or anyone else involved in the creation, production, or delivery of the code be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample code, even if Progress has been advised of the possibility of such damages.

Was this article helpful?


Your feedback is appreciated.

Please tell us how we can make this article more useful. Please provide us a way to contact you, should we need clarification on the feedback provided or if you need further assistance.

Characters Remaining: 1025