Hi Hans, This is now implemented/fixed with commit8545cfe <https://github.com/apache/ofbiz-plugins/commit/8545cfebb2193bead7d06bd8e8cdb5108d24b209> .
Best, Girish HotWax Systems On Tue, Sep 29, 2020 at 5:26 PM Hans Bakker <h.bak...@antwebsystems.com> wrote: > Hi Girish, thanks for your prompt reply, > > the login map need to be filled when the related token is available, what > is currently not the case. > > Not sure if this is directly related to the Auth=false parameter, you know > that better, > > Regards, Hans > On 9/29/20 4:20 PM, Girish Vasmatkar wrote: > > Hi Hans > > Since you specifically mentioned about groovy service, I would think it is > true for other services as well. > > It would possibly be happening, if the service itself is declared with > auth=false, so no token check is happening and hence userLogin is not > retrieved from the token. > Can you confirm if this is the case? The userLogin is added to the service > call before delegating the service call to dispatcher after jwt has been > verified. But in case of auth=false, services, auth is bypassed and hence > userLogin is not set. > > I guess the key here is to bypass token validation if, and only if, the > Authorization header is absent, otherwise perform validation. I had a > discussion about this with Jacopo as well and here is what can be done > (applicable for */services *endpoint ) - > > If auth=false and *Authorization* header is *present*, validate token and > return error if invalid. Else set userLogin in context and delegate the > call to dispatcher. > If auth=false and *Authorization* header is *absent, *just call the > service. The service will be executed *without* userLogin in context. > > I will try to work on this change in the next couple days. > > Best, > Girish > HotWax Systems > > > > > > > > > > > > Best, > Girish > HotWax Systems > > > > > > > > > On Tue, Sep 29, 2020 at 6:20 AM Hans Bakker <h.bak...@antwebsystems.com> > wrote: > >> Hi Girish, >> >> thanks for your last email, that is working now too.... >> >> however....another question, >> >> If i call a service using the token i obtained earlier, i see that the >> userLogin map in the groovy service I called, is null >> >> can you set the login map to the userLogin of the token that was used so >> we know who the user is? >> >> Thanks, Hans >> >> >>