Comments (9)
@jroper Can you please guide on this.
from online-auction-java.
Hi @lakhina,
I was more thinking of form based login with cookies. online-auction already uses cookie based authentication, so all that's needed is to provide a login page, where the user can enter their username and password, and that should submit it to a controller that checks that the password is correct, and if it is, set the current user in the session to be that user.
Currently we already have this:
https://github.com/lagom/online-auction-java/blob/master/web-gateway/app/controllers/Main.java#L65
That's how login currently works, you simply pass in the user id, and it logs you in as that user id, which is fine for using the drop down to log in as a particular user, and as mentioned we want to continue to support that for demo purposes (of course, in a real world app you would never support that). But we should add a new login action that takes a form that contains the username and password, the action will then send the login request to the user service, which will look up the user for that username, and then check that the password is correct. If it is, it will return a success, and the action can then set the current user in the session. If it isn't, the user can be sent back to the form with an appropriate error. Does that make sense?
from online-auction-java.
@jroper As per I can understand in this way we will we will not be authenticating each REST call we make to the server. Please correct me if I am wrong.
from online-auction-java.
@lakhina we could if we add username/pwd on each call and create and setup new HeaderFilters
for each service.
but that would be wrong. It is a bad idea to have a username/password
pair in memory and send it on every request. Instead we should use some other form of authentication between services. But that is quite a big task.
This issue should only manage the authentication between the browser and the Play application. Once that is completed following @jroper's suggestion we can merge the PR and have a scenario where the perimeter application (play) is the only one requiring valid credentials and the internal communications (play-to-service or service-to-service) is considered trusted.
We can improve that later.
from online-auction-java.
@ignasi35 As we want both type of signin options available I will add username/password option in tool if server is started with particular additional parameter. Will that be fine?
from online-auction-java.
if that env var is set to true
we provide login screen and hide dropdown and vice versa
from online-auction-java.
Prefer a settings over an ENV_VAR. Also, I think it's best if we use a String
settings instead of a Boolean
. That will give as more freedom of movement when we want to implement other login alternatives: use-login="<[empty]|basic-form|OAUTH|fancy-stuff|other-fancy>"
from online-auction-java.
I personally don't think we should support both methods. I doubt if someone will configure it differently just for the sake of not using a login form. The intention is to have a demo app.
(my 2 cents)
from online-auction-java.
I personally don't think we should support both methods. I doubt if someone will configure it differently just for the sake of not using a login form. The intention is to have a demo app.(my 2 cents)
I've reconsidered. I agree to @renatocaval's statement.
from online-auction-java.
Related Issues (20)
- Logout causes (UI and logs) exception HOT 1
- event store uniqueness , saga ,optimistic ui updates HOT 1
- TransportException on home page HOT 2
- Nav controller initialization failure in Japan locale HOT 1
- InvalidQueryException: Cannot execute this query as it might involve data filtering and thus may have unpredictable performance. HOT 1
- sbt runAll raise errro Unknown CF HOT 1
- logback stacktrace (NPE) when running in devmode HOT 3
- Disable java serialization completely HOT 1
- Add integration tests on Bidding Service
- Add LO4K8s instructions (remove ConductR) HOT 1
- Upgrade Elasticsearch to 6.x
- Replace the deprecated JavaTestKit with current equivalent
- Search service api expects a request body for GET request
- Replace ReadSideTestDriver with testkit-provided
- Cleanup Service descriptor for SearchService
- Upgrade to Lagom 1.5 HOT 1
- Upgrade to JUnit 5
- Fine tune Kafka logger levels
- Setup mergify
- Setup probot-settings
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from online-auction-java.