[
https://issues.apache.org/jira/browse/OFBIZ-9833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16663875#comment-16663875 ]
Jacques Le Roux commented on OFBIZ-9833:
----------------------------------------
If nobody disagree I'll commit Deepak's patch tomorrow morning. I need it before committing OFBIZ-10307.
As Jacopo suggested in [a Jira comment at OFBIZ-10307|
https://s.apache.org/B6F8]
{quote}As regards the mechanism to store the token secret key, a plain text file may be enough initially because the file can be secured by properly assigning grants using the operating system (e.g. similarly to what is done in every production setup for the entityengine.xml); in a second phase we could consider to leverage the Java Key Store that is also used by the "catalina" component to store certificates.
{quote}
we can later consider using a stronger way to store the secret key used to generate the JWT. At least another option has been suggested by Nicolas in a comment just above. There are other possibilities to store the secret key. After committing, this I'll start a discussion in the dev ML in order to get a consensus about the OOTB solution we will eventually use.
> Token Based Authentication
> --------------------------
>
> Key: OFBIZ-9833
> URL:
https://issues.apache.org/jira/browse/OFBIZ-9833> Project: OFBiz
> Issue Type: New Feature
> Components: framework
> Reporter: Deepak Dixit
> Assignee: Deepak Dixit
> Priority: Major
> Attachments: JSON Web Tokens.pdf, OFBIZ-9833-JWTManager.patch, Token Based Authentication in Apache OfBiz.pdf, Token Based Authentication.pdf, rfc7519.pdf
>
>
> Here is dev list discussion for token based authentication work:
>
http://markmail.org/message/vyskeh2wujqpkbwg--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Locked
