I want to implement authentication with Picketlink in my application, but I am not using JPA (instead, I'm using JOOQ). Is there any way to acquire user data using generated daos?
I couldn't find it out by reading documentation or looking at quickstarts
Thanks for help in advance
Related
I have a naive question.
I am looking for some web application that implements Authentication and Authorization mechanism using api keys.
Example Case: Users authenticate themselves using an api key (apikey generation
mechanism is either GOOGLE or any other free service). The logic identify the user along
with the provided apikey and release resource access delegation accordingly]
For me the optimal case is to use Grails framework with oracle database.
Is there any web application for that?, otherwise how would I follow step by step to accomplish it?
I would do a search on the Grails plugin site for oauth plugins:
http://plugins.grails.org/
Look at what they offer, and maybe look at the code to see how you can extend them to get what you want.
I would also take a look at the Spring Security Rest plugin.
It really depends on authentication methods that you're using. I suppose in order to secure REST APIs, you can probably write a filter/interceptor to check against any third party auth that you desire. I reckon that you're probably having the idea of using JWT authentication for this, right?
I have a AngularJS/Web API/SQL Server application that currently uses token based authentication and authorization using the article outlined below:
JSON Web Token in ASP.NET Web API 2 using Owin
There has been a request to change this security mechanism to use Microsoft Identity. My initial research appears to suggest that JWT has more advantages as it can facilitate accessing multiple resource servers (single sign on scenario) and has a nice way of decoupling the different layers.
On the other hand, Identity is coupled with Entity framework (I use Dapper and do understand that I can write a custom provider) and it appears to be difficult to implement if your Web API is shared across multiple consumers (Web and Mobile app). But Microsoft recommends this framework for Authentication/Authorization. I ran into this article that helps implement it with AngularJS/Web API. Can someone help me understand if one is more favorable than the other and how? Thanks
Microsoft identity is not binded to entity framework you can write custom identity classes to use nhibernate & other O/R mappers
We have bunch of web applications which are secured using WIF and custom database authentication, currently we are in the process of building a RESTful public API. My question is whether we can use the existing WIF implementation to authenticate these new RESTFul service requesuts?
Thanks!
You can take a look at those two blog posts relating how to use WIF to secure an OData endpoint (which is REST on steroids):
http://blogs.msdn.com/b/astoriateam/archive/2011/01/20/oauth-2-0-and-odata-protecting-an-odata-service-using-oauth-2-0.aspx
http://blogs.msdn.com/b/astoriateam/archive/2011/01/21/connecting-to-an-oauth-2-0-protected-odata-service.aspx
I'll be in the process of integrating WIF with classic-REST and OData endpoints shortly, if you have any feedbacks, I'm interested.
Vincent-Philippe
REST services typically use different token formats from those supported by WIF out of the box (e.g. SWT vs SAML). You can extend WIF so it understands the appropriate token format. There are many examples that show how to do that.
See here for an example: http://zamd.net/2011/02/08/using-simple-web-token-swt-with-wif/
I want to create user authentication (login) and security page in jsf, that manages user access in my program.
I need a sample or tutorial about that - can you suggest or provide one?
If you are using Spring, you could take a look at Spring Security. It is a very flexible framework for user authentication:
http://static.springsource.org/spring-security/site/
For glassfish: https://blogs.oracle.com/foo/entry/mort_learns_jdbc_realm_authentication.
If you want to use form based authentication, read the security part of the jee6 tutorial.
I want to use authentication web services that is exposed by my legacy client. But I cannot copy those user information in to liferay database. Can any one help me to write a custom authentication service OR a hook/plugin to reuse my own implementation for authentication?
I want to use authentication web services that is exposed by my legacy client.
You need to implement Liferay's com.liferay.portal.security.auth.Authenticator class to use your own custom authenticator that would call your web services. This can be plugged into Liferay by adding the folliowing to portal-ext.properties: auth.pipeline.pre=[your classpath].
But I cannot copy those user information in to liferay database.
I believe that if you don't want to store your user data in Liferay you can also use auth.pipeline.enable.liferay.check=false in the portal-ext.properties file. Mind you, I'm trying to do the same right now and I'm not having much luck.
Good luck!
Ray
The information Ray you gave is correct, as a hint here: http://www.liferay.com/community/wiki/-/wiki/Main/Developing+a+Custom+Authentication+System is a good step by step tutorial which I do use for a similar approach.
regards
Johannes