Forums de discussion
Securing JSON Services
Irmo Timmann, modifié il y a 6 années.
Securing JSON Services
New Member Publications: 7 Date d'inscription: 07/04/17 Publications récentes
Hello,
I am new to Liferay and have problems with the authentication. I successfully managed to set the Authentication method in Liferay to use an OpenAM server. So when users are trying to login, they get redirected to OpenAM, login there using 2 factor authentication and the session is correctly established with Liferay and they are logged in.
The problem I am facing is that I need an external App with secured access to the JSON services and I can't figure out how to prevent users from authenticating to the JSON service just using their basic credentials and without solving the 2 factor OpenAM challenge. What I want users to do is, authenticate with OpenAM before being able to use the JSON interface using the established session, SSO token etc.
Probably my Liferay portal configurations are wrong (started with a new Liferay 7.0.2 instance and new OpenAM server with Tomcat). Most of the configuration is still defailt and all token checks are enabled.
Summary: how can I use the SSO login security layer for the JSON services and prevent accessing them with basic authentication?
Any help is much appreciated. Thanks!
I am new to Liferay and have problems with the authentication. I successfully managed to set the Authentication method in Liferay to use an OpenAM server. So when users are trying to login, they get redirected to OpenAM, login there using 2 factor authentication and the session is correctly established with Liferay and they are logged in.
The problem I am facing is that I need an external App with secured access to the JSON services and I can't figure out how to prevent users from authenticating to the JSON service just using their basic credentials and without solving the 2 factor OpenAM challenge. What I want users to do is, authenticate with OpenAM before being able to use the JSON interface using the established session, SSO token etc.
Probably my Liferay portal configurations are wrong (started with a new Liferay 7.0.2 instance and new OpenAM server with Tomcat). Most of the configuration is still defailt and all token checks are enabled.
Summary: how can I use the SSO login security layer for the JSON services and prevent accessing them with basic authentication?
Any help is much appreciated. Thanks!
auth.public.paths=\
/activities/rss,\
\
/asset/get_categories,\
\
/document_library/find_file_entry,\
/document_library/find_folder,\
/document_library/get_file,\
\
/dynamic_data_lists/find_record,\
\
/dynamic_data_mapping/render_structure_field,\
\
/flags/edit_flag,\
\
/iframe/proxy,\
\
/image_gallery_display/find_folder,\
/image_gallery_display/find_image,\
\
/login/facebook_connect_oauth,\
\
/message_boards/find_category,\
/message_boards/find_message,\
/message_boards/find_thread,\
/message_boards/get_message_attachment,\
/message_boards/rss,\
\
/portal/comment/edit_discussion,\
/portal/comment/get_comments,\
/portal/emoticons,\
/portal/expire_session,\
/portal/extend_session,\
/portal/extend_session_confirm,\
/portal/json_service,\
/portal/license,\
/portal/logout,\
/portal/open_id_request,\
/portal/open_id_response,\
/portal/portlet_url,\
/portal/robots,\
/portal/session_click,\
/portal/session_tree_js_click,\
/portal/sitemap,\
/portal/status