...
| Code Block | ||
|---|---|---|
| ||
function login(credentials) {
var data = 'username=' +
encodeURIComponent(credentials.username) +
'&password=' +
encodeURIComponent(credentials.password) +
'&grant_type=password&scope=read%20write&' +
'client_id=myclientid';
return $http
.post('/oauth/token',
data,
{
headers : {
'Content-Type' : 'application/x-www-form-urlencoded',
'Accept' : 'application/json',
'Authorization' : 'Basic ' +
base64Service.encode('myclientid' + ':' + 'myclientsecret')
}
}).success(
function(response) {
//store the access token
return response;
});
}
where:
credentials.username, credentials.passwordare taken from Users table
myclientid, myclientsecret are taken from OAUTH_CLIENT_DETAILS table |
Authorization
Fine-grained access control is about limiting the access to specific resources, or even to limit the access to code blocks within a single resource. The current version of the REST app uses our own framework for this. The framework defines two abstract classes, whose implementations stand in a one-to-one relationship with a resource (an @Path annotated method). The two classes reflect the kind of questions/checks needed in the code.
...