...
User-authentication - this corresponds to a Selfcare use-case scenario. The authentication is done by validation username/password in the USERS table. An URL example for this scenario is (note grant_type=password value):
Code Block title Authorization URL https://host:port/appcontext/oauth/token?username=#myusername&password=#mypassword&grant_type=password
Code Block title CURL example CURL example: curl -v -X POST -u myclientid:myclientsecret http://host:port/appcontext/oauth/token -H "Accept: application/json" -d "grant_type=password&username=#myusername&password=mypassword" where: #myusername, #mypassword are taken from Users table myclientid, myclientsecret are taken from OAUTH_CLIENT_DETAILS table
Code Block title Angular example function login(credentials) { var data = 'username=' + encodeURIComponent(credentials.username) + '&password=' + encodeURIComponent(credentials.password) + '&grant_type=password&scope=read%20write&' + 'client_id=myclientid'; return $http .post('/oauth/token', data, { headers : { 'Content-Type' : 'application/x-www-form-urlencoded', 'Accept' : 'application/json', 'Authorization' : 'Basic ' + base64Service.encode('myclientid' + ':' + 'myclientsecret') } }).success( function(response) { //store the access token return response; }); } where: credentials.username, credentials.password are taken from Users table myclientid, myclientsecret are taken from OAUTH_CLIENT_DETAILS tableOperator-authentication - this correspnds to a Customecare use-case scenario. The authentication is done by validation username/password in the OPERATORS table. An URL example for this scenario is (note grant_type=cc_password value):
Code Block title Authorization URL https://host:port/appcontext/oauth/token?username=#myusername&password=#mypassword&grant_type=cc_password
Code Block title CURL example CURL example: curl -v -X POST -u myclientid:myclientsecret http://host:port/appcontext/oauth/token -H "Accept: application/json" -d "grant_type=cc_password&username=#myusername&password=mypassword" where: #myusername, #mypassword are taken from Operators table myclientid, myclientsecret are taken from OAUTH_CLIENT_DETAILS table
Trusted app-authentication - this corresponds to a "backend" use-case scenario. The authentication is done by validation username/password in the OAUTH_CLIENT_DETAILS table. An URL example for this scenario is (note grant_type=client_credentials value):
Code Block title Authorization URL https://host:port/appcontext/oauth/token?grant_type=client_credentials
Code Block title CURL example CURL example: curl -v -X POST -u myclientid:myclientsecret http://host:port/appcontext/oauth/token -H "Accept: application/json" -d "grant_type=client_credentials" where: myclientid, myclientsecret are taken from OAUTH_CLIENT_DETAILS table
Info title Attention! Use this scenario in a secure setup (both apps behind a firewall, where only access from the trusted app is allowed). The reason behind this is that the clientid and the client password are send using Base64 encription.
Authorization
Fine-grained access control is about limiting the access to specific resources, or even to limit the access to code blocks within a single resource. The current version of the REST app uses our own framework for this. The framework defines two abstract classes, whose implementations stand in a one-to-one relationship with a resource (an @Path annotated method). The two classes reflect the kind of questions/checks needed in the code.
...