Tribune

Home » Liferay Portal » English » 3. Development

Vista Combinata Vista Piatta Vista ad Albero
Discussioni [ Precedente | Successivo ]
toggle
Aritz Galdos
JSON service with auth token
14 novembre 2012 8.08
Risposta

Aritz Galdos

Punteggio: Expert

Messaggi: 397

Data di Iscrizione: 15 maggio 2007

Messaggi recenti

Hi there!

I have some Android Apps developed which communicate with a Liferay server via JSON service. Every thing was working fine with 6.1.0 server.

But there is a new default propertie in the portal in 6.1.1 which is

1json.service.auth.token.enabled=true


If I turn it to false it keeps working fine (requires some minor changes in the URL inviking REST)

But this new p_auth token feature seems to be a more secure way to communicate since the real user and pass pair is not constantly traveling in the web. Instead, a calculated token attached to the session is used.

But here my problem. What is the way to obtain the p_auth token for the first time from a mobile device? (Or any other external platform) Did anyone handled with it?

Regards!!
Igor Beslic
RE: JSON service with auth token
21 novembre 2012 1.57
Risposta

Igor Beslic

LIFERAY STAFF

Punteggio: New Member

Messaggi: 5

Data di Iscrizione: 17 agosto 2011

Messaggi recenti

Hi Aritz,
my reply wont help you, but will give you brief info for the future.

We have OAuth plugin being under review and tests right now. It brings OAuth 1a Spec implementation and application developer portlets for managing consumer applications and its tokens. I'm not sure for exact release date but that would be prefered way to secure web services in the future.
Aritz Galdos
RE: JSON service with auth token
21 novembre 2012 2.01
Risposta

Aritz Galdos

Punteggio: Expert

Messaggi: 397

Data di Iscrizione: 15 maggio 2007

Messaggi recenti

Thanks a lot for your reply Igor,

Sounds great the OAuth thing. I will keep an eye on it.
Tomas Polesovsky
RE: JSON service with auth token
21 novembre 2012 2.57
Risposta

Tomas Polesovsky

LIFERAY STAFF

Punteggio: Liferay Master

Messaggi: 574

Data di Iscrizione: 13 febbraio 2009

Messaggi recenti

Hi Artitz,

In 6.1.1 we:
1, disabled anonymous access because it was a source of many sec. issues
2, added p_auth token as a CSRF protection when you are logged in using portal form/sso. It wasn't meant as a token that replaces credentials, although it looks very similar emoticon

So, when you use HTTP Basic auth. you don't need to use p_auth token because these 2 things are not related. From the other side of the coin, it won't help you only to send the token, you need to be authenticated against portal auth.pipeline/form.

The right question is - how to send credentials only once? emoticon Recently I found a hidden bug in Secure Filter that prevented using session together with Basic/Digest auth. If you are able to apply this fix then you should be able to send credentials only once per session.

-- tom +
Aritz Galdos
RE: JSON service with auth token
21 novembre 2012 4.55
Risposta

Aritz Galdos

Punteggio: Expert

Messaggi: 397

Data di Iscrizione: 15 maggio 2007

Messaggi recenti

Thank you Tomáš

You rock guys!
Juan Gonzalez
RE: JSON service with auth token
21 novembre 2012 8.03
Risposta

Juan Gonzalez

LIFERAY STAFF

Punteggio: Liferay Legend

Messaggi: 1907

Data di Iscrizione: 28 ottobre 2008

Messaggi recenti

Hola Aritz,

Here is a version with that patch already applied:

https://www.lcepatchers.org/downloads

You can download from github:

https://github.com/Liferay-Patchers-Community/liferay-portal/tree/6.1.1-ga2-patched
Rahul Rabhadiya
RE: JSON service with auth token
1 luglio 2013 3.23
Risposta

Rahul Rabhadiya

Punteggio: Junior Member

Messaggi: 57

Data di Iscrizione: 13 giugno 2013

Messaggi recenti

I am developing application for Android like liferay sync but with some custom implementation.. As I'm new to liferay, could anyone suggest api calls or some libraries that can be used to sign in and signup as well as other documents and media calls that can be useful for folders and file listing and getting images and videos..
Thanks in advance..
Aritz Galdos
RE: JSON service with auth token
1 luglio 2013 3.37
Risposta

Aritz Galdos

Punteggio: Expert

Messaggi: 397

Data di Iscrizione: 15 maggio 2007

Messaggi recenti

Hi Rahul Rabhadiya:

I started developing a lib Called Lifedroid it is not finished but it may help you with the concepts

Features:

  • Generic class for accessing Liferay via REST
  • Actual implementations of DLFileEntryRESTClient, DLFolderRESTClient, UserRESTClient
  • Easily, custom implementations can be done for custom Liferay entities created with Service Builder
  • Module to persist entities in local db (devices db, SQLite)


Nowadays, one of the most difficult tasks is handling synchronization, as many users can update their local DB (working disconnected) and then updates in devices an the server can collide in many many ways. I did son work on that but it is not finished.

As I said, DLFileEntryRESTClient, DLFolderRESTClient, UserRESTClient classes are implemented (for some of their methods). If you think it can be useful for you, feel free to use, modify and redistribute. Any recommendations and code contributions would be greatly appreciated.

Regards,
Aritz
Rajender Reddy Nagulapalle
RE: JSON service with auth token
17 gennaio 2014 14.52
Risposta

Rajender Reddy Nagulapalle

Punteggio: Junior Member

Messaggi: 33

Data di Iscrizione: 20 maggio 2011

Messaggi recenti

Hi All,
How may I do JSON service call with basic_auth token inside liferay from JavaScript. I am not sure how to get basic_auth token.