Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-11328 Add JAX-RS capabilities (Jersey)
  3. OFBIZ-12033

Separate login service for API calls

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • None
    • None
    • ALL COMPONENTS
    • None

    Description

      We're using userLogin service to authenticate users before generating auth tokens for REST API and GraphQL calls. However, we figured that a session is also getting created and returned in response which is defeating the purpose of having an API in place. Even though that session is not getting used anywhere when subsequent calls are made using the token, we still think it is an extra session lying around in tomcat's session cache. 
       
      Proposal is to implement a new basic userLogin service (basicAuthUserLogin) that would just do username/password matching and be done with it without ever calling request.getSession(). This will ensure that APIs are stateless and no session is generated.

      Attachments

        1. OFBIZ-12033.patch
          1 kB
          Rohit Koushal

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. OFBIZ-10047 Tomcat SSO

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Reopened

          Activity

            People

              mbrohl Michael Brohl
              gvasmatkar Girish Vasmatkar
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: