Details

    • Type: Sub-Task
    • Status: Closed
    • Priority: Minor
    • Resolution: Completed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Developer

      To access JSON Web Services or JAX-RS endpoints, use RFC 6750 Bearer Token ** specification

      Example:

      curl http://localhost:8080/api/jsonws/user/get-current-user -H "Authorization: Bearer 17217d7a602932f64ec6c16d442bd73772591be10976dcaa7a3b4909a40bb"

      Implementation details

      There are 2 AuthVerifier implementations that verifies OAuth2 token and prepares authorization context to check the scopes

      • com.liferay.oauth2.provider.rest.internal.security.auth.verifier.OAuth2RestAuthVerifier
        1. Validates token expiration using  com.liferay.oauth2.provider.rest.spi.bearer.token.provider.BearerTokenProvider#isValid(com.liferay.oauth2.provider.rest.spi.bearer.token.provider.BearerTokenProvider.AccessToken)
        2. Initializes access token using com.liferay.oauth2.provider.scope.liferay.ScopeContext#setAccessToken so that later any call to com.liferay.oauth2.provider.scope.ScopeChecker can correctly validate the token scopes. OAuth2RestAuthVerifier is complement to ScopeChecker, both need to be in place for correct token and scope checks.
      • com.liferay.oauth2.provider.jsonws.internal.security.auth.verifier.JSONWSOAuth2AuthVerifier
        1. Validates token expiration using com.liferay.oauth2.provider.rest.spi.bearer.token.provider.BearerTokenProvider#isValid(com.liferay.oauth2.provider.rest.spi.bearer.token.provider.BearerTokenProvider.AccessToken)
        2. OAuth2 framework is integrated with SAP and assign SAPEntry names as scopes to tokens. For Service Builder based remote services portal checks access using Service Access Policies and we assign com.liferay.portal.kernel.security.service.access.policy.ServiceAccessPolicyThreadLocal#addActiveServiceAccessPolicyName based on granted SAPEntry scope names.

       

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Packages

                  Version Package