Rest login interception

avi.fatal · December 3, 2018, 5:43am

Hi,

I want to bring more data about the user when he logs in, Especially in order to save extra request. how is that possible?

    {
        "access_token": "1df4f7b1-8930-4e38-aade-b74132989fa0",
        "token_type": "bearer",
        "refresh_token": "727b3107-4799-4153-96c2-f14d9120970c",
        "expires_in": 43199,
        "scope": "rest-api",
        /// Extra data
        "email" : "test@test.com",
        "last_order" : "bla bla"
    }

What is the appropriate way to check if the user still loggedin?
I need to change the screen once the user is disconnected. how often can I check that?

Thanks

gorbunkov · December 5, 2018, 7:38am

Hi,

You can use the TokenEnhancer for that:

Create your TokenEnhancer implementation. It must extend com.haulmont.restapi.auth.CubaTokenEnhancer. You may use CubaTokenEnhancer as an example.
Create a rest-dispatcher-spring.xml file
Register it in web-app-properties:

cuba.restSpringContextConfig = +com/company/yourproject/rest-dispatcher-spring.xml

In the rest-dispatcher-spring.xml register your version of token enhancer:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">

    <bean id="tokenEnhancer" class="com.company.myproject.web.sys.MyRestTokenEnhancer"/>

</beans>

In what screen do you want to perform these checks? In the screen of some external app that communicates with the CUBA app using the REST API?

avi.fatal · December 5, 2018, 11:40am

Hi,

Works perfect! thanks
yes. in the website, I want to check when the page loads if the user is loggedin or not. or maybe you think of an alternative for that (its a single page app based on angular).

Thanks

minaev · December 7, 2018, 9:30am

yes. in the website, I want to check when the page loads if the user is loggedin or not. or maybe you think of an alternative for that (its a single page app based on angular).

The best practice is not to check it explicitly but instead implement reaction on unauthorized response (When using expired token REST API returns 401 Unauthorized).

If you really need explicit check then you can expose some service method or implement it via custom controller