...
User-authentication - this corresponds to a Selfcare use-case scenario. The authentication is done by validation username/password in the USERS table. An URL example for this scenario is (note grant_type=password value):
Code Block title Authorization URL https://host:port/appcontext/oauth/token?username=#myusername&password=#mypassword&grant_type=password
Code Block title CURL example CURL example: curl -v -X POST -u myclientid:myclientsecret http://host:port/appcontext/oauth/token -H "Accept: application/json" -d "grant_type=password&username=#myusername&password=mypassword" where: #myusername, #mypassword are taken from Users table myclientid, myclientsecret are taken from OAUTH_CLIENT_DETAILS table
Code Block title Angular example function login(credentials) { var data = 'username=' + encodeURIComponent(credentials.username) + '&password=' + encodeURIComponent(credentials.password) + '&grant_type=password&scope=read%20write&' + 'client_id=myclientid'; return $http .post('/oauth/token', data, { headers : { 'Content-Type' : 'application/x-www-form-urlencoded', 'Accept' : 'application/json', 'Authorization' : 'Basic ' + base64Service.encode('myclientid' + ':' + 'myclientsecret') } }).success( function(response) { //store the access token return response; }); } where: credentials.username, credentials.password are taken from Users table myclientid, myclientsecret are taken from OAUTH_CLIENT_DETAILS tableOperator-authentication - this correspnds to a Customecare use-case scenario. The authentication is done by validation username/password in the OPERATORS table. An URL example for this scenario is (note grant_type=cc_password value):
Code Block title Authorization URL https://host:port/appcontext/oauth/token?username=#myusername&password=#mypassword&grant_type=cc_password
Code Block title CURL example CURL example: curl -v -X POST -u myclientid:myclientsecret http://host:port/appcontext/oauth/token -H "Accept: application/json" -d "grant_type=cc_password&username=#myusername&password=mypassword" where: #myusername, #mypassword are taken from Operators table myclientid, myclientsecret are taken from OAUTH_CLIENT_DETAILS table
Trusted app-authentication - this corresponds to a "backend" use-case scenario. The authentication is done by validation username/password in the OAUTH_CLIENT_DETAILS table. An URL example for this scenario is (note grant_type=client_credentials value):
Code Block title Authorization URL https://host:port/appcontext/oauth/token?grant_type=client_credentials
Code Block title CURL example CURL example: curl -v -X POST -u myclientid:myclientsecret http://host:port/appcontext/oauth/token -H "Accept: application/json" -d "grant_type=client_credentials" where: myclientid, myclientsecret are taken from OAUTH_CLIENT_DETAILS table
Info title Attention! Use this scenario in a secure setup (both apps behind a firewall, where only access from the trusted app is allowed). The reason behind this is that the clientid and the client password are send using Base64 encription.
Info title Swagger To configure swagger to use this authentication scenario, an additional parameter has to be set in Properties.txt file:
rest.swagger.auth.flow=client_credentials
Authorization
Fine-grained access control is about limiting the access to specific resources, or even to limit the access to code blocks within a single resource. The current version of the REST app uses our own framework for this. The framework defines two abstract classes, whose implementations stand in a one-to-one relationship with a resource (an @Path annotated method). The two classes reflect the kind of questions/checks needed in the code.
...