Re: How can i authorize a 'bot' to access my REST resource?

2017-02-09 Thread Martin Grigorov 
Hi,

I see two options:
1) if you use http client (like Apache HttpClient or Okio) then you can
login first and then go to the REST endpoint. Just make sure the client
preserves the cookies
2) remove @AuthorizeResource and use other means to protect it, e.g. Basic
Authentication. With Spring Security or Apache Shiro you can do this easily

Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov

On Thu, Feb 9, 2017 at 11:15 AM, Per Newgro  wrote:

> Hi,
>
> i've extended an org.wicketstuff.rest.resource.AbstractRestResource and
> mounted it in my WebApplication.
> Everything works so far.
>
> But i've annotated my Method with a role that shall be extracted from the
> session. I'm not quite sure how to
> 'login' my import command (CLI) as a user
>
> Has someone maybe a working example for authorized resource access?
>
> Thanks
> Per
>
> 
> @AuthorizeResource
> public class CRMDataImportResource extends 
> AbstractRestResource
> {
>
>   @SpringBean(name = "FullImport")
>   private DataImport dataImport;
>
>   public CRMDataImportResource() {
> super(new JsonWebSerialDeserial(
> new GsonObjectSerialDeserial()), new IRoleCheckingStrategy() {
>
> @Override
> public boolean hasAnyRole(Roles roles) {
>   CDISession session = CDISession.get();
>   return session.hasAnyRole(roles);
> }
> }
> );
> Injector.get().inject(this);
>   }
>
>   @MethodMapping(
> value = "/full",
> httpMethod = HttpMethod.POST)
>   @AuthorizeInvocation("CRMDataImport")
>   public String fullImport(@RequestBody DocumentBatch batch) throws
> Exception {
> return dataImport.fullImport(batch);
>   }
> }
> 
>
> -
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org
>
>

How can i authorize a 'bot' to access my REST resource?

2017-02-09 Thread Per Newgro 
Hi,

i've extended an org.wicketstuff.rest.resource.AbstractRestResource and mounted 
it in my WebApplication.
Everything works so far.

But i've annotated my Method with a role that shall be extracted from the 
session. I'm not quite sure how to
'login' my import command (CLI) as a user

Has someone maybe a working example for authorized resource access?

Thanks
Per


@AuthorizeResource
public class CRMDataImportResource extends 
AbstractRestResource {

  @SpringBean(name = "FullImport")
  private DataImport dataImport;

  public CRMDataImportResource() {
super(new JsonWebSerialDeserial(
new GsonObjectSerialDeserial()), new IRoleCheckingStrategy() {

@Override
public boolean hasAnyRole(Roles roles) {
  CDISession session = CDISession.get();
  return session.hasAnyRole(roles);
}
}
);
Injector.get().inject(this);
  }

  @MethodMapping(
value = "/full",
httpMethod = HttpMethod.POST)
  @AuthorizeInvocation("CRMDataImport")
  public String fullImport(@RequestBody DocumentBatch batch) throws Exception {
return dataImport.fullImport(batch);
  }
}


-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org