Fórum

JSON service with auth token

thumbnail
Aritz Galdos, modificado 11 Anos atrás.

JSON service with auth token

Expert Postagens: 416 Data de Entrada: 15/05/07 Postagens Recentes
Hi there!

I have some Android Apps developed which communicate with a Liferay server via JSON service. Every thing was working fine with 6.1.0 server.

But there is a new default propertie in the portal in 6.1.1 which is

json.service.auth.token.enabled=true


If I turn it to false it keeps working fine (requires some minor changes in the URL inviking REST)

But this new p_auth token feature seems to be a more secure way to communicate since the real user and pass pair is not constantly traveling in the web. Instead, a calculated token attached to the session is used.

But here my problem. What is the way to obtain the p_auth token for the first time from a mobile device? (Or any other external platform) Did anyone handled with it?

Regards!!
thumbnail
Igor Beslic, modificado 11 Anos atrás.

RE: JSON service with auth token

New Member Postagens: 17 Data de Entrada: 17/08/11 Postagens Recentes
Hi Aritz,
my reply wont help you, but will give you brief info for the future.

We have OAuth plugin being under review and tests right now. It brings OAuth 1a Spec implementation and application developer portlets for managing consumer applications and its tokens. I'm not sure for exact release date but that would be prefered way to secure web services in the future.
thumbnail
Aritz Galdos, modificado 11 Anos atrás.

RE: JSON service with auth token

Expert Postagens: 416 Data de Entrada: 15/05/07 Postagens Recentes
Thanks a lot for your reply Igor,

Sounds great the OAuth thing. I will keep an eye on it.
thumbnail
Tomáš Polešovský, modificado 11 Anos atrás.

RE: JSON service with auth token

Liferay Master Postagens: 676 Data de Entrada: 13/02/09 Postagens Recentes
Hi Artitz,

In 6.1.1 we:
1, disabled anonymous access because it was a source of many sec. issues
2, added p_auth token as a CSRF protection when you are logged in using portal form/sso. It wasn't meant as a token that replaces credentials, although it looks very similar emoticon

So, when you use HTTP Basic auth. you don't need to use p_auth token because these 2 things are not related. From the other side of the coin, it won't help you only to send the token, you need to be authenticated against portal auth.pipeline/form.

The right question is - how to send credentials only once? emoticon Recently I found a hidden bug in Secure Filter that prevented using session together with Basic/Digest auth. If you are able to apply this fix then you should be able to send credentials only once per session.

-- tom +
thumbnail
Aritz Galdos, modificado 11 Anos atrás.

RE: JSON service with auth token

Expert Postagens: 416 Data de Entrada: 15/05/07 Postagens Recentes
Thank you Tomáš

You rock guys!
thumbnail
Juan Gonzalez P, modificado 11 Anos atrás.

RE: JSON service with auth token

Liferay Legend Postagens: 3089 Data de Entrada: 28/10/08 Postagens Recentes
Hola Aritz,

Here is a version with that patch already applied:

https://www.lcepatchers.org/downloads

You can download from github:

https://github.com/Liferay-Patchers-Community/liferay-portal/tree/6.1.1-ga2-patched
thumbnail
Rahul Rabhadiya, modificado 10 Anos atrás.

RE: JSON service with auth token

Junior Member Postagens: 57 Data de Entrada: 14/06/13 Postagens Recentes
I am developing application for Android like liferay sync but with some custom implementation.. As I'm new to liferay, could anyone suggest api calls or some libraries that can be used to sign in and signup as well as other documents and media calls that can be useful for folders and file listing and getting images and videos..
Thanks in advance..
thumbnail
Aritz Galdos, modificado 10 Anos atrás.

RE: JSON service with auth token

Expert Postagens: 416 Data de Entrada: 15/05/07 Postagens Recentes
Hi Rahul Rabhadiya:

I started developing a lib Called Lifedroid it is not finished but it may help you with the concepts

Features:

  • Generic class for accessing Liferay via REST
  • Actual implementations of DLFileEntryRESTClient, DLFolderRESTClient, UserRESTClient
  • Easily, custom implementations can be done for custom Liferay entities created with Service Builder
  • Module to persist entities in local db (devices db, SQLite)


Nowadays, one of the most difficult tasks is handling synchronization, as many users can update their local DB (working disconnected) and then updates in devices an the server can collide in many many ways. I did son work on that but it is not finished.

As I said, DLFileEntryRESTClient, DLFolderRESTClient, UserRESTClient classes are implemented (for some of their methods). If you think it can be useful for you, feel free to use, modify and redistribute. Any recommendations and code contributions would be greatly appreciated.

Regards,
Aritz
thumbnail
Rajender Reddy Nagulapalle, modificado 10 Anos atrás.

RE: JSON service with auth token

Junior Member Postagens: 33 Data de Entrada: 21/05/11 Postagens Recentes
Hi All,
How may I do JSON service call with basic_auth token inside liferay from JavaScript. I am not sure how to get basic_auth token.