Skip to content

Fix: secutiry #183

New issue
New issue
Open
Open
Fix: secutiry#183
@StephanUnfried

Description

@StephanUnfried
StephanUnfried
opened on Feb 25, 2018

HTMLClient:

  1. Change die top navigation (My Profile My Contexts My Resources My Groups) from a window.location model to a model that supports headers.
    /server/src/main/resources/webcontent/js/navigation.js
  2. When navigating add the authentication token to the header: headers : {"Authorization" : localStorage.getItem("token"),}
  3. In the corresponding rest interfaces and their corresponding helper classes use the token to identify the user and authenify him.
    org.openape.ui.velocity.controller.[name]
    org.openape.ui.velocity.requestHandler.[name]
    For authentication use our auth service
    /server/src/main/java/org/openape/server/auth/AuthService.java
  4. change the direct Database access, through DatabaseConnection.java, to a route through the usual rest interfaces. A get on the root path of each context rest interface returns a list of all (owned and public) contexts.

https://github.com/REMEXLabs/OpenAPE/tree/fixAminSectionAccess

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions