Here is the YML file configuration for Spring OAuth as well as the code that makes the POST call: YML: https://gist.github.com/bryantp/fbf2f5a46aa883588b6f5230cae5248f Code:

CVE-2016-4468 UAA SQL Injection Severity High Vendor Cloud Foundry Foundation Versions Affected - Cloud Foundry release v237 and earlier versions - UAA release v3.4.0 and earlier

Here is the UAA log file. https://gist.github.com/bryantp/75286fca304d9a0b3913ea05e293645a

Hi Nikhil, Generally the way to prevent individuals from reading VCAP_SERVICES is to give them a non-SpaceDeveloper role in that space, like SpaceAuditor. A SpaceDeveloper is the only role that can

wrote: Do you have logs from UAA? The UAA logs will sometimes tell you more about the response you received. Dan

Hello All, I am using Spring Cloud Security with OAuth2 and am having an issue related to it not passing the scopes around. I believe that I need to define an endpoint to retrieve information about a

The request to /oauth/authorize takes in a scope parameter where you can specify which scopes you want in your access token. That is what adding the scope in application.yml did. If you don't specify

The CF CLI team just cut 6.20.0. Binaries and link to release notes are available at: https://github.com/cloudfoundry/cli#downloads Route Services and Routes with Paths Route services can now be

Thanks! I am not sure if it makes a difference, but I can also specify the scope in the client config: https://gist.github.com/bryantp/4b3dadb17c620d301109859fd92c4539#file-application-yml-L16 The

So it looks like if the scope name starts with `uaa.` we ignore it at the time of app authorization. I will create a story in our backlog to investigate why that is the case. As a workaround if you

Hi, I have a service that is supported on Cloud Foundry through Java Buildpack. I am trying to make the values of my service in VCAP_SERVICES json hidden or private, so that its invisible using the

Hi all, Registration is open for the upcoming CF Summit Europe, and we have a limited number of free passes for contributors to the project. This code can be used by anyone that is a contributor to

There are 3 requests to /oauth/authorize. I have saved all 3 as HAR files. https://dl.dropboxusercontent.com/u/4177525/har-files.zip

Can you send me the full request to /oauth/authorize when you get to the authorization page? You should be able to find it in the Network tab. wrote:

Hi Piotr, Delete space will fail if there are associated resources. Nick -- Nicholas Calugar Product Manager - Cloud Foundry API Pivotal Software, Inc.

I don't have to modify the client registration YAMl do I? Here is it for brevity: https://gist.github.com/bryantp/359249dfe2a40860c3a6f5489f9924bd

I am not using a DB currently, everything is in memory. I usually just restart UAA to make the changes take effect.

I suspect that the client did not get updated with the uaa.admin scope. Can you check the database to see if the client has that scope? It would be in the oauth_client_details table. If it hasn't been

Hi Nicholas, what happens to applications if the recursive flag is not passed ? Will delete fail if there are apps in the space ? or will delete succeed ? in the latter case, what is the state of

Hi Colleagues, I have some concerns on the unique_id in the service metadata. 1. In the api docs http://apidocs.cloudfoundry.org/237/services/retrieve_a_particular_service.html it says unique_id -A