taverna-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Dunlop <ianwdun...@gmail.com>
Subject Re: Taverna Player Portal User login Authentication
Date Fri, 02 Sep 2016 19:31:22 GMT
Hello

There is also the option of org.apache.http.legacy for the old android 3.x
version that they deprecated. It always surprised me that there isn't a
nice standard easy way to do all this auth in android.

Cheers

Ian

On 2 Sep 2016 3:15 pm, "Stian Soiland-Reyes" <stain@apache.org> wrote:

No more HTTPClient? Buhu.. but what about proper handling of headers,
caching and authentication.. thanks, Android!

(BTW - there's a  "HttpClient for Android 4.3.5 (GA)" -
https://hc.apache.org/downloads.cgi )


so then

   urlConnection.setRequestProperty("Accept", "application/json");

   Authenticator.setDefault(new Authenticator() {
     protected PasswordAuthentication getPasswordAuthentication() {
       return new PasswordAuthentication(username, password.toCharArray());
     }
   });


should work?  (Note that the above ugly code would leak the portal
username/password to ANY URL connection done later within the JVM/app!
 You could in theory do Authenticator.setDefault(null) but that would
then not be thread-safe)

On 2 September 2016 at 14:45, Ian Dunlop <ianwdunlop@gmail.com> wrote:
> Hello,
>
> When Larry did the auth for the tav mobile app he used basic auth using
the
> code you can find here
> https://github.com/apache/incubator-taverna-mobile/blob/
4daa91d3f42b5a4474303fd39c7a7ec1483cebff/app/src/main/java/
org/apache/taverna/mobile/fragments/workflowdetails/
WorkflowdetailFragment.java#L686
>
> The hardest part was figuring out how to base 64 encode the params because
> Rails and Java seemed to do it diferently - see the end of
> https://github.com/apache/incubator-taverna-mobile/blob/
4daa91d3f42b5a4474303fd39c7a7ec1483cebff/app/src/main/java/
org/apache/taverna/mobile/fragments/workflowdetails/
WorkflowdetailFragment.java#L688
>
> @Stian Android removed http client a while ago and recommended using
> HttpURLConnection instead
> https://developer.android.com/reference/java/net/HttpURLConnection.html
>
> I wouldn't mess around with form submission since you can use a more API
> based login in the portal.
>
> Cheers,
>
> Ian
>
> On 2 September 2016 at 14:02, Stian Soiland-Reyes <stain@apache.org>
wrote:
>
>> On 2 September 2016 at 13:17, Sagar <kumarsagar15795@gmail.com> wrote:
>>
>> > I am integrating taverna player portal in taverna mobile.
>> > I am getting error on user login to taverna player portal
>> >
>> > I can log in it by using this code by replacing email and password to
>> your
>> > email and password
>> >
>> > curl -X POST -H "Accept: application/json" -H "Cache-Control: no-cache"
>> -H
>> > "Content-Type: application/x-www-form-urlencoded" -d
>> 'user[email]=*email*
>> > &user[password]=*password*&user[remember_me]=0&commit=Sign in' "
>> > http://139.59.28.12:3000/users/sign_in"
>> >
>> > i am getting
>> > {"status":"406","error":"Not Acceptable"}
>> > for correct credential
>> >
>> >
>> > I am getting
>> > {
>> >   "error": "Invalid email or password."
>> > }
>> > for incorrect credential
>> >
>> > if I remove Accept header then I am getting  200 Status Code for both
the
>> > correct and incorrect credential.
>> >
>> > So how can I distinguish between correct and incorrect credential?
>>
>>
>> The simple answer is to include that Accept header and then check for
>> HTTP/1.1 401 Unauthorized :)
>>
>> It should be quite easy to do that using HTTPClient.
>>
>>
>> I think you can also use basic authentication instead of submitting
>> the form, as the error includes:
>>
>> WWW-Authenticate: Basic realm="Application"
>>
>> However it seems using /users/sign_in you still HAVE to do an empty
>> POST (as GET has no JSON representation), e.g.
>>
>> curl -v -H "Accept: application/json" -X POST -d "" --anyauth --user
>> fred:s3cret http://139.59.28.12:3000/users/sign_in
>>
>>
>>
>>
>> I think the proper answer is that the HTTP status response to the
>> browser (Accept: text/html or no Accept at all) is technically wrong
>> (it's not 200 OK) - but probably on purpose by Rails, because you
>> don't want a 401 basic authenticatoin login dialog popping up when you
>> have a nice HTML form.
>>
>> I could not find any of the code doing /user/sign_in in
>> https://github.com/myGrid/taverna-player-portal/tree/
>> master/app/controllers
>> or https://github.com/myGrid/taverna-player/tree/master/
>> app/controllers/taverna_player
>> - perhaps Rob or Finn knows how this is handled?
>>
>>
>> --
>> Stian Soiland-Reyes
>> Apache Taverna (incubating), Apache Commons
>> http://orcid.org/0000-0001-9842-9718
>>



--
Stian Soiland-Reyes
Apache Taverna (incubating), Apache Commons
http://orcid.org/0000-0001-9842-9718

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message