JSON Web Token with REST Security


# JWT (JSON Web Token)

One of the main features of REST API is statelessness which means the server does not keep any client state (every HTTP Request happens in complete isolation), and this is where security issues arise as session for authentication and security is not used.


Instead, REST API uses arbitrary tokens to authenticate clients. As one of the standard for creating tokens, JSON Web Token is used to authenticate on the web in general, not only for REST services. It pass the identity of authenticated users and carry all the user's claims, such as authorization data.








Single Sign On is one of examples of JWT

* Liferay DXP uses OAuth 2.0 which is also token-based authentication.





References


Comments

Post a Comment

Popular posts from this blog

GoGo Shell & What can be deleted in Liferay Instance

In Liferay Instance, remove 'state' in osgi & 'work' in tomcat to remove all histories. GoGoShell is for checking the current state of each jar files in modules. pen cmd as admin and type 'telnet localhost 11311' lb : list all the jar files with state stop 70 (jar file numner) / start 70 (uninstall 70 but for deletion, it would be better to delete jar file from module folder physically) )
Read more

Portlet Edit Mode (Portlet preference) to replace Portlet configuration

Within the  EDIT  portlet mode, a portlet should provide content and logic that lets a user customize the behavior of the portlet Typically, portlets in  EDIT  portlet mode will set or update portlet preferences. Add the following properties to the MVCPortlet component annotation. "javax.portlet.portlet-mode=text/html;edit" "javax.portlet.init-param.edit-template=/edit.jsp" And then If you go into the grid button on the portlet, 'Preference' option will appear which redirects you to edit.jsp
Read more