I am building a Worklight 6.2 adapter that uses Java. I am also using authentication through custom login and authenticator Java code by implementing WorkLightAuthLoginModule and WorkLightAuthenticator. The authentication all works fine.
My adapter code is implemented in the getProtectedAssets static method of class com.myStuff.myClass and is called from the adapter implementation with
var returnval = com.myStuff.myClass.getProtectedAssets();
getProtectedAssets requires a username and password to connect to a back-end system. Currently I have those hard-coded in the method for testing, but I need to retrieve them from the Worklight session, presumably through the UserIdentity object I set in my custom login module's createIdentity method.
Is there some way to get access to the user identity from within the adapter Java code?
Use the WL.Server.getActiveUser() method.
More information about this method can be found here:
https://www-01.ibm.com/support/knowledgecenter/SSZH4A_6.0.0/com.ibm.worklight.help.doc/apiref/r_method_wl_server_getactiveuser.html?lang=en
Related
I'm using Vert.x for my web service, where a part of it required authorization. I've set an AuthenticationHandler (using the OAuth2 implementation from vertx-auth-oath2) to listen on the protected paths (lets say "/*") and it is correct called, sends a redirect to the authentication provider, which redirects back and then correctly to the real handler. This works fine.
But the next time we call the protected endpoint - it does the whole thing again. I see that in the abstract AuthenticationHandlerImpl class it checks if the context already has a user() and if so - will not run the actual auth handler, which is the behavior I need - but it obviously doesn't happen because every call is a new request with a new RoutingContext.
What is the "correct" way to retain the User object across requests, so that the auth handler will be happy?
I'm guessing it has something to do with session storage but I've never used that - up until now I was using a custom "API key" style solution, and I'm trying to do this "The Right Way(tm)" in this new project.
I'm using the latest Vert.x 4.3.5.
You will need CookieHandler and SessionHandler to store and handle session with user. This will work out of the box with provided vertx-auth-oath2.
Here is a simple example to get you started:
https://github.com/vert-x3/vertx-examples/blob/master/web-examples/src/main/java/io/vertx/example/web/auth/Server.java
I am writing a cloud function in java triggered by events in the Firebase RTDB.
The documentation for Firebase has not been extended to java yet.But is seems that context generally has the property auth. However for java this doesn't seems to be possible
I can only get resource like in the example below, timestamps and a couple of other properties, but not auth.
#Override
public void accept(String json, Context context) {
logger.info("Function triggered by change to: " + context.resource());
Is there maybe a different way to perform this in java ?
Thank you very much
When you have an HTTP functions, you can get the auth in the header. This auth authenticate the requester.
In your case, you have a background function, triggered by a Cloud Event. There is no authentication in this case. You have info in the context of the "requester" (the event emitter) but nothing about the "auth" itself.
I'm using Tomcat 8 and need to obtain the Subject outside of the LoginModule.
I've already tried:
Subject subject = Subject.getSubject(AccessController.getContext());
But that just returns null every time.
Anyone have any ideas?
I use a custom Principal that can contain a Subject, and have the JAAS login module set that as the Principal, then I use request.getUserPrincipal() to get it back inside the web-app, cast it to my custom class, and call getSubject().
I am trying to build a simple register/log-in system for an Android app, using Spring boot. I have a MySQL database in a virtual machine that contains a table with columns id, username, password. The Spring boot application contains the following classes; Account (the entity), AccountRepository (the repository), AppConfig (the configuration class) and Application (main class). My endpoint is /accounts. If I want to see what accounts are currently registered I simply go to http://<ip address>:8080/accounts for a JSON representation of the database.
I want to modify my Android program so that if a user tries to register an account, it first checks to see if the username is already registered. The problem is that I'm not able to reference a username in the web repository - I have to use the account ID (e.g. http://<ip address>:8080/accounts/2).
Is there a way to modify my Spring boot application to allow me to reference usernames directly rather than through their IDs? So rather than having my Android app looping over each database entry I can send a request to a URL such as http://<ip address>:8080/accounts/johnstone01 to see what response I get (if the response is 200 for instance then I know that the username already exists and consequently make the user choose a different username).
Highly appreciate any advice.
I suggest create POST request http://<ip address>:8080/accounts for creating account and make username checking inside. It might be MySQL-level checking using constraints.
As for separate checking of username existence I suggest to modify GET request by adding query parameter "username":
http://<ip address>:8080/accounts?username=johnstone01
in this case response will return array with only one record or will return empty array if such username does not exist.
I understand that you're making a REST API for your server. In this case the right way to do is to create an endpoint that will accept a POST request (e.g. POST http://:8080/accounts the post request will contain user informations).
From your app if someone tries to register a new account you'll send a POST request to the endpoint you defined with the information to create the new account. All the rest will happend in your service layer. It seems that you don't have one, it's ok for a small project, I guess the service code is in your controller. This mean your controller have the responsibility to check if the entity can be persisted and if yes, will do so.
In your repository just add a method that will accept as a parameter the username and return the entry for that username or null. This way your controller can request it, if it's null then it can persist the new entity and return a HTTP code 200 if not it should return a 409 Conflict code.
Your app then only have to check the return code to know what happend.
I've stumbled upon this piece of code:
public ServiceBuilder provider(Class<? extends Api> apiClass)
What does provider in this context mean?
edit:
This is the piece of code I found it in:
https://github.com/fernandezpablo85/scribe-java/blob/master/src/main/java/org/scribe/builder/ServiceBuilder.java
It's the name of the method. The method provider() returns a ServiceBuilder.
Here's a link to the Java Service Provider Interface.
What does provider in this context mean?
Seems this class is used with OAuth. And it's a way to make an unique way to use multiple login from various services.
Example:
Google: https://github.com/fernandezpablo85/scribe-java/blob/master/src/main/java/org/scribe/builder/api/GoogleApi.java
Facebook: https://github.com/fernandezpablo85/scribe-java/blob/master/src/main/java/org/scribe/builder/api/FacebookApi.java
Your method seems to be used to create an instance of there apis based on what you pass.
provider(FacebookApi.class)
for Facebook and so on. Then a Service is build using all the data.
By provider he means who provide the access token (and auth data)