Am basically trying to figure out how to do the Xero authentication as described here:
I can get the servlet to generate the tokens but not sure how to protect the servlet route and also how to get the returned tokens back into the cuba app. i.e. not sure how to do the authentication on a servlet (if it is possible?)
You should create this servlet in the web module of your project. Then register it and its mapping in the web.xml of the web module.
Regarding user authentication - I doubt that it is necessary.
If these endpoints are going to be called automatically by external system - then the protocol is fixed by the Xero, it’s low probably that they will be able to send more parameters to your system. The necessary authentication protection options should already be built into communication protocol.
Anyway, you can use:
filtering by IP address (of the external system that is going to send requests)
protection by basic auth (user and password).
or check IP address / user / password / token manually in the servlet itself, by reading request.getRemoteAddr() or one of request headers.
I guess the security is not too much of an issue now. And yes they would have to create an app with my servers address within xero anyway.
I implemented the GlobalEvents and have a call back to an admin screen with a popup to accept the generated token from Xero. Works like a charm and was rather simple to implement.
However, I do have one issue. Cuba seems to intercept the servlet address. e.g. localhost:8080/app/myservlet keeps getting redirected to localhost:8080/app/. The only way around this is to use a browser with history deleted. Not sure if you have any suggestions on how to resolve this? What I was trying to do was have a button inside of my cuba app that opens the servlet page to do the auth process.
My code i have tried (also tried just using a link)
I had tried that. But it seems the browser history needed to be deleted to get it to work.
The only other issue is that I am trying to build an add-on app component and I think the settings in web.xml of the app-component get overridden by the main parent app. Is there any way to set the precedence programmatically?