留言板
How to add Authentication to Custom Rest on Liferay 7 CE
How to add Authentication to Custom Rest on Liferay 7 CE
Junior Member 帖子: 28 加入日期: 17-5-18 最近的帖子However it does not requires any authentication and I can access it without any authentication.
What should I do so that my custom rest application also goes through the liferay authentication mechanism.
Here is what I did
- Created a new Liferay Module of type "Rest". (Name of module is "test")
- Gave Application path as "/"
- Application is exposed by the relative URL - "/o/test/*"
Below are the details of application class and the configuration files
Application class looks like this
@ApplicationPath("/")
@Component(immediate = true, property = {"jaxrs.application=true"}, service = Application.class)
public class RestApplication extends Application {
/* some methods here */
}
src/main/resources/configuration/com.liferay.portal.remote.cxf.common.configuration.CXFEndpointPublisherConfiguration-cxf
contextPath=/test
authVerifierProperties=auth.verifier.PortalSessionAuthVerifier.urls.includes=*
src/main/resources/configuration/com.liferay.portal.remote.rest.extender.configuration.RestExtenderConfiguration-rest
contextPaths=/test
jaxRsServiceFilterStrings=(component.name=com.test.app.application.RestApplication)
jaxrs.applications.filters=(jaxrs.application=true)
I debugged the AuthVerifier code, and I found that in the class PortalSessionAuthVerifier, following code gets executed and it returns AuthVerifierResult with a state of State.NOT_APPLICABLE.
Since PortalUtil.getUser(request) returns as null.
AuthVerifierResult authVerifierResult = new AuthVerifierResult();
HttpServletRequest request = accessControlContext.getRequest();
User user = PortalUtil.getUser(request);
if ((user == null) || user.isDefaultUser()) {
return authVerifierResult;
}
I could only think of following option - Create a new AuthVerifer that extends from PortalSessionAuthVerifier. And then in case of null user, I would return a State of INVALID_CREDENTIALS instead of NOT_APPLICABLE.
I am not sure if that's the right way to do it.
Please provide me some suggestions on how can I add the liferay authentication to these custom REST Application.
RE: How to add Authentication to Custom Rest on Liferay 7 CE (答复)
Junior Member 帖子: 28 加入日期: 17-5-18 最近的帖子I was finally able to implement it in this way
- Wrote a custom Auth Verifier
@Component( immediate = true, property = { "auth.verifier.MyCustomAuthVerifier.urls.includes=*" } ) public class MyCustomAuthVerifier implements AuthVerifier{ // Custom code here // I check if user is logged in or not // If not logged in then I send an AuthVerifierResult with a state of INVALID_CREDENTIALS instead of NOT_APPLICABLE }
- Added Auth Verifier to my the CXF Endpoint configuration
contextPath=/test authVerifierProperties=auth.verifier.MyCustomAuthVerifier.urls.includes=*
- Added a custom Servlet Filter
@Component( immediate = true, property = { "servlet-context-name=", "servlet-filter-name=MyCustom Auth Filter", "url-pattern=/o/test/*" }, service = Filter.class ) public class MyCustomServletFilter implements Filter { // Custom code here // In the servlet filter, I check if for the State of AuthVerifierResult. // If State is not SUCCESS, I set the HTTP Response status as 401 (Unauthorized) }
RE: How to add Authentication to Custom Rest on Liferay 7 CE
New Member 发布: 1 加入日期: 17-3-14 最近的帖子RE: How to add Authentication to Custom Rest on Liferay 7 CE
New Member 帖子: 4 加入日期: 17-8-14 最近的帖子RE: How to add Authentication to Custom Rest on Liferay 7 CE
Liferay Legend 帖子: 1554 加入日期: 09-9-24 最近的帖子https://github.com/liferay/com-liferay-portal-workflow/tree/master/portal-workflow-rest
David Nebinger covered it in his blog:
https://web.liferay.com/web/user.26526/blog/-/blogs/rest-custom-context-providers
Basically you create a Custom Context Provider and return it in the getSingletons method of your Application. You can then use @Context User user to get the user. Works pretty well.
RE: How to add Authentication to Custom Rest on Liferay 7 CE
Junior Member 帖子: 28 加入日期: 14-12-8 最近的帖子Hello,
so quite some time has passed. Does Liferay provide out-of-the-box implementations for authentication for Custom Rest in the meantime? Maybe in the Enterprise version?
Ideally something like Service Guard for DXP would be great. Just writing an annotation like @RegularRole(“RegRole1”) on top of an endpoint seems pretty handy.
Thanks, Bernd
RE: How to add Authentication to Custom Rest on Liferay 7 CE
Junior Member 帖子: 25 加入日期: 17-8-17 最近的帖子The only thing i do every time is to set
"authVerifierProperties=auth.verifier.PortalSessionAuthVerifier.urls.includes=*"
Now i can just inject "@Context HttpServletRequest" in my rest methods and with "PortalUtil.getUser(request)" i can get the user. And "user.isDefaultUser()" tells if user is logged in.
You could also have an additional auth.verifier. In some cases a additionaly set the BasicAuthVerifier. Then your service can be used from within the portal but also from everywhere (as microservice). You hab only to authenticate via AuthHeader.