Authentication vs. Authorization

Test Sign in /login

*Add public User Id to a response header

Access to userService bean from Authentication filter to get User Detail info
1. add SpringApplicationContext.java (to access bean anywhere)
   and add its bean to main.java

2. add code under created token to include public user Id in header

3. implemnet getUser in service

4.finish filter

5. test signin with postman and check if there is userId in header



Customize login url which trigger user authentication

1. WebSecurity -> getAuthenticationFilter()



Implement Authorization filter
-Test Put with token header and publicID

Key : Authorization valu: headerstring + token
and url is users/publicId


1. Create AuthorizationFilter

When HTTP Request is made , doFilterInternal is triggered

2. add filter to webSecurity configure

3. test login and put request with authorization and not



Make REST API Stateless
remove http session from configure WebSecurity



Read Token Secret value from property file
1. add token to properties file
2. create AppProperites to read
3. modify security constant / two filters

test Get





Comments

Post a Comment

Popular posts from this blog

Portlet Edit Mode (Portlet preference) to replace Portlet configuration

Within the  EDIT  portlet mode, a portlet should provide content and logic that lets a user customize the behavior of the portlet Typically, portlets in  EDIT  portlet mode will set or update portlet preferences. Add the following properties to the MVCPortlet component annotation. "javax.portlet.portlet-mode=text/html;edit" "javax.portlet.init-param.edit-template=/edit.jsp" And then If you go into the grid button on the portlet, 'Preference' option will appear which redirects you to edit.jsp
Read more

GoGo Shell & What can be deleted in Liferay Instance

In Liferay Instance, remove 'state' in osgi & 'work' in tomcat to remove all histories. GoGoShell is for checking the current state of each jar files in modules. pen cmd as admin and type 'telnet localhost 11311' lb : list all the jar files with state stop 70 (jar file numner) / start 70 (uninstall 70 but for deletion, it would be better to delete jar file from module folder physically) )
Read more