Authentication vs. Authorization

Test Sign in /login

*Add public User Id to a response header

Access to userService bean from Authentication filter to get User Detail info
1. add SpringApplicationContext.java (to access bean anywhere)
   and add its bean to main.java

2. add code under created token to include public user Id in header

3. implemnet getUser in service

4.finish filter

5. test signin with postman and check if there is userId in header



Customize login url which trigger user authentication

1. WebSecurity -> getAuthenticationFilter()



Implement Authorization filter
-Test Put with token header and publicID

Key : Authorization valu: headerstring + token
and url is users/publicId


1. Create AuthorizationFilter

When HTTP Request is made , doFilterInternal is triggered

2. add filter to webSecurity configure

3. test login and put request with authorization and not



Make REST API Stateless
remove http session from configure WebSecurity



Read Token Secret value from property file
1. add token to properties file
2. create AppProperites to read
3. modify security constant / two filters

test Get





Comments

Post a Comment

Popular posts from this blog

How to include CSS, JS and Image in Liferay Portlet JSP

Image
In Init.jsp,  add the following plug-ins to enable CSS and JS to be loaded inside a portlet. <%-- CSS, JS --%> <link href="/o/contact-us-portlet/css/portlet-main.css" rel="stylesheet" /> <script src="/o/contact-us-portlet/js/portlet-main.js"></script> The path starting with /o/(portlet-name)/  is automatically appended to main url (ex. localhost:8080/o/..) /o/(portlet-name)/  represents resources/META-INF/resources One thing to keep in mind is that the above initialization should be done after <liferay-theme:defineObjects /> <portlet:defineObjects /> I DO NOT KNOW WHY ... In view.jsp. can get path through request src="<%=request.getContextPath()%>/images/form-icon.png" Prerequisite: In bnd.bnd Web-ContextPath: /contact-us-portlet  should be set . ------------------------------------------------------------------------- Today's trouble sh...
Read more

GoGo Shell & What can be deleted in Liferay Instance

In Liferay Instance, remove 'state' in osgi & 'work' in tomcat to remove all histories. GoGoShell is for checking the current state of each jar files in modules. pen cmd as admin and type 'telnet localhost 11311' lb : list all the jar files with state stop 70 (jar file numner) / start 70 (uninstall 70 but for deletion, it would be better to delete jar file from module folder physically) )
Read more