I am using XavaPro and would like to expose a simple REST API using HttpServlet. How will the client access REST API with XavaPro security in place? If login is needed, what is the proper way to do automated login?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You should have a REST service to do the login, this service should get the user/password and return a token. In all subsequent REST calls you should send that token.
To do the login you can call the User XavaPro class, however XavaPro does not generate any token for you. You should write the logic to generate the token and associate it to the user, maybe with expire time, maybe saving it in a table.
Then when you get the next API calls, you can verify if it is logged (if the token is in your table and it is not expired). Then you can get the users, and use the User/Role/Rights classes in XavaPro to determine if that call is correct. That is, if the call is to modify a Customer, you could verify if that user has the rights to modify in the Customer module, for example.
The above guide is not something specific of OpenXava or XavaPro, so they are a common way to solve this issue. Therefore you can get help for do it in any documenatino about REST service or asking to an AI.
Help others in this forum as I help you.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am using XavaPro and would like to expose a simple REST API using HttpServlet. How will the client access REST API with XavaPro security in place? If login is needed, what is the proper way to do automated login?
Hi Rommel,
You should have a REST service to do the login, this service should get the user/password and return a token. In all subsequent REST calls you should send that token.
To do the login you can call the User XavaPro class, however XavaPro does not generate any token for you. You should write the logic to generate the token and associate it to the user, maybe with expire time, maybe saving it in a table.
Then when you get the next API calls, you can verify if it is logged (if the token is in your table and it is not expired). Then you can get the users, and use the User/Role/Rights classes in XavaPro to determine if that call is correct. That is, if the call is to modify a Customer, you could verify if that user has the rights to modify in the Customer module, for example.
The above guide is not something specific of OpenXava or XavaPro, so they are a common way to solve this issue. Therefore you can get help for do it in any documenatino about REST service or asking to an AI.
Help others in this forum as I help you.