[jira] [Commented] (OFBIZ-9833) Token Based Authentication

    [ https://issues.apache.org/jira/browse/OFBIZ-9833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16375398#comment-16375398 ]

Deepak Dixit commented on OFBIZ-9833:
-------------------------------------

Added a patch that we can used for generic way.

Added JWTManager class with following method:
 - getAuthenticationToken: It validate credential using userLogin service and if user is valid it will call createJwt method to generate token.

 - validateToken: validate token, verify jwt signature, expiration time if token valid it will return the custom claims from jwt token

 * createJwt: It will create jwtToken, we can pass expireTime else it will use 30 min as default timeout.

Added new filter TokenFilter.java that will check if request has Bearer header
 * it will validate and if token is valid it will get user  login associated with it and put it in session and send control to request handler for further action.
 * If token validation failed (request has token but validation falied)  it will return error
 * If request does not contains Bearer header then it will do noting simply return success.

Token can be used for various purpose along with authentication. As it can be used for email links, anon user order view etc.

So added generic way to createJwt token for various use scenario.

 

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)