Hi,
I am trying to access custom controller without token,
I am calling a custom controller to get the active token for user login id Ex: “anonymousAccessUser” it will give me if there is any active token in the database which is not expired for this user and if no active token present in the database then I am creating a new token and returning the response back which is working perfect.
But I want to access this API(custom controller) without passing any oAuth token. Below is the code for your reference please help me to correct the thing where i am making mistake
portal-security-spring.xml
<security:http pattern="/rest/myapi/**" create-session="stateless" entry-point-ref="oauthAuthenticationEntryPoint" xmlns="http://www.springframework.org/schema/security"> <intercept-url pattern="/rest/myapi/**" access="true"/> <anonymous enabled="true"/> <csrf disabled="true"/> <cors configuration-source-ref="cuba_RestCorsSource"/> <custom-filter ref="resourceFilter" before="PRE_AUTH_FILTER"/> <custom-filter ref="cuba_AnonymousAuthenticationFilter" after="PRE_AUTH_FILTER"/> </security:http>
My custom controller
@RestController
@RequestMapping("/myapi")
public class MyController {
@GetMapping("/getUserTokenDetails")
public String getUserTokenDetails() {
try {
String userLogin = "anonymousAccessUser"; //user created with this login id
UserTokenDTO tokenDetails = utilityService.getAnonymousToken(userLogin); //calling service method which returns active token for this user
if(tokenDetails == null){
//generating new token if no active token found in databse
OAuthTokenIssuer.OAuth2AccessTokenResult tokenResult = oAuthTokenIssuer.issueToken(userLogin,
messageTools.getDefaultLocale(), Collections.emptyMap());
OAuth2AccessToken accessToken = tokenResult.getAccessToken();
return accessToken.getValue();
} else {
//return existing active token
return tokenDetails.getAccess_token();
}
} catch (Exception ex) {
return "No active token found"+ex;
}
}
Service bean method to return active token if any
@Override
public UserTokenDTO getAnonymousToken(String userLogin) throws Exception{
String query = "SELECT ACCESS_TOKEN_VALUE, EXPIRY, AUTHENTICATION_KEY, USER_LOGIN FROM SYS_REST_API_TOKEN "
+ " WHERE USER_LOGIN = '"+ userLogin +"' AND EXPIRY > CURRENT_TIMESTAMP "
+ " ORDER BY EXPIRY DESC ";
Map<String, String> params = new HashMap<>();
log.debug("Executing query : "+query);
List<UserTokenDTO> userTokenList = entityManagerService.getUserTokenDetails(query, params);
return userTokenList.isEmpty() ? null : userTokenList.get(0);
}
When i run this API it says "java.lang.SecurityException: No security context bound to the current thread"
I feel when we are calling service method getAnonymousToken(String userLogin) it is asking for token.