BOLA: Error accessing vehicle that I should have access to #3
Description
API1:2023 Broken Object Level Authorization
Step 2: The secure way
After setting Postman's environment to Secure, I was able to successfully authenticate against the Custom Authorization Server and generate the bearer_token using OAuth 2.0 protocol. Then, I pasted the bearer_token into the variable of the same name.
When I try to enumerate getting a vehicle from http://localhost:9091/api/v1/vehicles/{vehicle_id}, e.g. http://localhost:9091/api/v1/vehicles/1
I get the following error:
{
"timestamp": "2025-08-10T19:03:03.765+00:00",
"status": 400,
"error": "Bad Request",
"message": "Method parameter 'vehicleIdentifier': Failed to convert value of type 'java.lang.String' to required type 'java.util.UUID'; Invalid UUID string: 1",
"path": "/api/v1/vehicles/1"
}
I get the same error with vehicle 2 & 3.