-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
IVIS-46: - Add tokens flow and access to protected resources in sdk r…
…outines chapter.
- Loading branch information
1 parent
1922684
commit 20b78fa
Showing
6 changed files
with
135 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
Access to protected resources | ||
============================= | ||
|
||
Prerequisites | ||
------------- | ||
|
||
* `Tokens flow <http://docs.ivis.se/en/latest/sdk/routines/tokens_flow.html>`_ | ||
|
||
You can limit access to specific urls, or some code areas on JSP page. iVIS provides SDK in both case. | ||
|
||
Both variants has optional parameter roles (String), it is comma separated list of roles that access give user access | ||
to protected resources. | ||
|
||
Filter | ||
------ | ||
|
||
Java config | ||
~~~~~~~~~~~ | ||
|
||
`BeansContext.java <http://docs.ivis.se/en/latest/sdk/routines/code/BeansContext.java>`_ | ||
|
||
.. literalinclude:: /sdk/routines/code/BeansContext.java | ||
:language: java | ||
:linenos: | ||
:lines: 39-54 | ||
|
||
XML config | ||
~~~~~~~~~~ | ||
|
||
You need write in web.xml following. | ||
|
||
.. code-block:: xml | ||
:linenos: | ||
<filter> | ||
<filter-name>ivisAuthorizedFilter</filter-name> | ||
<filter-class>imcode.services.filter.IvisAuthorizedFilter</filter-class> | ||
</filter> | ||
<filter-mapping> | ||
<filter-name>ivisAuthorizedFilter</filter-name> | ||
<url-pattern>/persons/*</url-pattern> | ||
<url-pattern>/pupils/*</ur l-pattern> | ||
<init-param> | ||
<param-name>roles</param-name> | ||
<param-value>ROLE_ADMIN,ROLE_DEVELOPER</param-value> | ||
</init-param> | ||
</filter-mapping> | ||
Tag | ||
--- | ||
|
||
To know if user login on JSP you can invoke special tag <ivis:authorized> with optional parameter role. | ||
|
||
.. code-block:: jsp | ||
:linenos: | ||
<%@taglib prefix="ivis" uri="ivis.sdk" %> | ||
<ivis:authorized> | ||
Information for authorized users | ||
</ivis:authorized> | ||
... | ||
<ivis:authorized roles="ROLE_ADMIN"> | ||
Information for authorized users in admin role | ||
</ivis:authorized> | ||
.. important:: | ||
|
||
You can use this two cases if you have permission to use method getCurrent user. | ||
After invoking Filter or tag in session persisted user object ("loggedInUser" key to parameter). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
Tokens flow | ||
=========== | ||
|
||
Prerequisites | ||
------------- | ||
|
||
* `Login <http://docs.ivis.se/en/latest/sdk/routines/login.html>`_ | ||
|
||
Need say few words how to use tokens flow. | ||
|
||
After login user in way described at `Login <http://docs.ivis.se/en/latest/sdk/routines/login.html>`_ | ||
in session placed | ||
`access token <http://docs.spring.io/spring-security/oauth/apidocs/org/springframework/security/oauth2/common/OAuth2AccessToken.html>`_. | ||
And also refresh token value from access token object put in cookie. | ||
|
||
.. important:: | ||
|
||
Cookie has expiration time defined. It is defined by value refresh token validity seconds, | ||
contact system administrator to know that. | ||
|
||
So tokens flow looks like | ||
|
||
#. Client app login user (access token -> session, refresh token -> cookie with with expiration time). | ||
#. If token is expired (IvisOAuth2Utils.isTokenGood(httpServletRequest) -> exchange refresh token from cookie (cookie key "refreshToken") to access token. | ||
#. If cookie does not exist -> login user again. | ||
|