ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Deepak Dixit (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OFBIZ-9833) Token Based Authentication
Date Sat, 24 Feb 2018 08:20:00 GMT

    [ https://issues.apache.org/jira/browse/OFBIZ-9833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16375398#comment-16375398
] 

Deepak Dixit commented on OFBIZ-9833:
-------------------------------------

Added a patch that we can used for generic way.

Added JWTManager class with following method:
 - getAuthenticationToken: It validate credential using userLogin service and if user is valid
it will call createJwt method to generate token.

 - validateToken: validate token, verify jwt signature, expiration time if token valid it
will return the custom claims from jwt token

 * createJwt: It will create jwtToken, we can pass expireTime else it will use 30 min as default
timeout.

Added new filter TokenFilter.java that will check if request has Bearer header
 * it will validate and if token is valid it will get user  login associated with it and
put it in session and send control to request handler for further action.
 * If token validation failed (request has token but validation falied)  it will return error
 * If request does not contains Bearer header then it will do noting simply return success.

Token can be used for various purpose along with authentication. As it can be used for email
links, anon user order view etc.

So added generic way to createJwt token for various use scenario.

 

 

> Token Based Authentication
> --------------------------
>
>                 Key: OFBIZ-9833
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9833
>             Project: OFBiz
>          Issue Type: New Feature
>          Components: framework
>            Reporter: Deepak Dixit
>            Assignee: Deepak Dixit
>            Priority: Major
>         Attachments: JSON Web Tokens.pdf, OFBIZ-9833-JWTManager.patch, OFBIZ-9833-external-server-test-example.patch,
OFBIZ-9833-external-server-test-example.patch, OFBIZ-9833-external-server.patch, OFBIZ-9833-external-server.patch,
OFBIZ-9833-external-server.patch, Token Based Authentication in Apache OfBiz.pdf, Token Based
Authentication.pdf, rfc7519.pdf
>
>
> Here is dev list discussion for token based authentication work:
> http://markmail.org/message/vyskeh2wujqpkbwg



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message