Hi Hans,

This is now implemented/fixed with commit8545cfe
<https://github.com/apache/ofbiz-plugins/commit/8545cfebb2193bead7d06bd8e8cdb5108d24b209>
 .

Best,
Girish
HotWax Systems


On Tue, Sep 29, 2020 at 5:26 PM Hans Bakker <h.bak...@antwebsystems.com>
wrote:

> Hi Girish, thanks for your prompt reply,
>
> the login map need to be filled when the related token is available, what
> is currently not the case.
>
> Not sure if this is directly related to the Auth=false parameter, you know
> that better,
>
> Regards, Hans
> On 9/29/20 4:20 PM, Girish Vasmatkar wrote:
>
> Hi Hans
>
> Since you specifically mentioned about groovy service, I would think it is
> true for other services as well.
>
> It would possibly be happening, if the service itself is declared with
> auth=false, so no token check is happening and hence userLogin is not
> retrieved from the token.
> Can you confirm if this is the case? The userLogin is added to the service
> call before delegating the service call to dispatcher after jwt has been
> verified. But in case of auth=false, services, auth is bypassed and hence
> userLogin is not set.
>
> I guess the key here is to bypass token validation if, and only if, the
> Authorization header is absent, otherwise perform validation. I had a
> discussion about this with Jacopo as well and here is what can be done
> (applicable for */services *endpoint ) -
>
> If auth=false and *Authorization* header is *present*, validate token and
> return error if invalid. Else set userLogin in context and delegate the
> call to dispatcher.
> If auth=false and *Authorization* header is *absent, *just call the
> service. The service will be executed *without* userLogin in context.
>
> I will try to work on this change in the next couple days.
>
> Best,
> Girish
> HotWax Systems
>
>
>
>
>
>
>
>
>
>
>
> Best,
> Girish
> HotWax Systems
>
>
>
>
>
>
>
>
> On Tue, Sep 29, 2020 at 6:20 AM Hans Bakker <h.bak...@antwebsystems.com>
> wrote:
>
>> Hi Girish,
>>
>> thanks for your last email, that is working now too....
>>
>> however....another question,
>>
>> If i call a service using the token i obtained earlier, i see that the
>> userLogin map in the groovy service I called, is null
>>
>> can you set the login map to the userLogin of the token that was used so
>> we know who the user is?
>>
>> Thanks, Hans
>>
>>
>>

Reply via email to