[jira] [Commented] (UNOMI-15) Use token to authenticate third party servers and secure login events

Thomas Draier (JIRA) Wed, 03 Feb 2016 05:35:57 -0800

    [ 
https://issues.apache.org/jira/browse/UNOMI-15?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15130391#comment-15130391
 ]


Thomas Draier commented on UNOMI-15:
------------------------------------

A list of "restricted events" is set in  the blueprint configuration - these 
events cannot be posted by a standard client :

        <property name="restrictedEventTypeIds">
            <set>
                <value>login</value>
                <value>facebookLogin</value>
                <value>sessionCreated</value>
                <value>sessionReassigned</value>
                <value>profileUpdated</value>
                <value>ruleFired</value>
            </set>
        </property>

Configuration file org.apache.unomi.thirdparty.cfg allows to specify 
identification key, and the restricted events that are allowed for this server :

thirdparty.jahia.key=670c26d1cc413346c3b2fd9ce65dab41
thirdparty.jahia.ipAddresses=127.0.0.1,::1
thirdparty.jahia.allowedEvents=login,download

Third party server should put its "key" in the "X-Unomi-Peer" header.


> Use token to authenticate third party servers and secure login events
> ---------------------------------------------------------------------
>
>                 Key: UNOMI-15
>                 URL: https://issues.apache.org/jira/browse/UNOMI-15
>             Project: Apache Unomi
>          Issue Type: Bug
>            Reporter: Thomas Draier
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (UNOMI-15) Use token to authenticate third party servers and secure login events

Reply via email to