Skip to main content

Home/ SoftwareEngineering/ Group items tagged authentication

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

Access Tokens and Types - Facebook Developers - 0 views

developers.facebook.com/...access-tokens-and-types

Facebook login authentication AccessToken FacebookAPI

shared by kuni katsuya on 27 Mar 13 - No Cached
  • Access Tokens and Types
  • Access Tokens
  • random string that provides temporary, secure access to Facebook APIs
  • ...27 more annotations...
  • token identifies a User, App or Page session and provides information about granted permissions
  • Types
  • User Access
  • generated in the login flow when a
  • Facebook Pages
  • on behalf of a user
  • use this token to perform API calls
  • Page Access
  • used to
  • manage
  • user grants permissions to an app
  • user who is the
  • App Secret or an App Access token should never be included in any code that could be accessed by anyone other than a developer of the app
  • must grant an extended permission called
  • manage_pages
  • use this type of token to make API calls
  • on behalf of a page
  • unique to each page, admin and app
  • App Access
  • useful to modify app settings, create and manage test users or read App Insights data
  • use app tokens to publish or delete content
  • on behalf of a user
  • unique to each app
  • Security Best Practices
  • extremely important that an App Secret is not compromised
  • Page admin
  • App Access Tokens should only be used directly from your app's servers in order to provide the best security
kuni katsuya

Extending Access Tokens - Facebook Developers - 0 views

developers.facebook.com/...extending-tokens

Facebook login authentication AccessToken FacebookAPI

shared by kuni katsuya on 27 Mar 13 - No Cached
  • Extending Access Tokens
  • validity period of about 1 to 2 hours
  • server-side login flow
  • ...14 more annotations...
  • automatically get long-lived user access tokens
  • refreshes and extends each time the user triggers the login flow
  • Extending
  • client-side
  • user access tokens
  • response from this endpoint will include the
  • exchange this token for a longer-lived one
  • passing it to the /oauth endpoint from your server
  • grant_type parameter of fb_exchange_token
  • /oauth/access_token
  • grant_type=fb_exchange_token
  • fb_exchange_token=SHORT_LIVED_ACCESS_TOKEN
  • by default you'll receive a short-lived token that is only valid for 1-2 hours
  • long-lived access token
kuni katsuya

DaliCore: Wiki: Dalicore-social - Java.net - 0 views

java.net/...Dalicore-social

authentication SocialNetwork DaliCore tutorial

shared by kuni katsuya on 27 Mar 13 - No Cached
kuni katsuya

tiainen: Easy OAuth using DaliCore and Glassfish: the service provider - 0 views

tiainen.sertik.net/...ng-dalicore-and-glassfish.html

authentication OAuth DaliCore SocialNetwork

shared by kuni katsuya on 27 Mar 13 - No Cached
  • Easy OAuth using DaliCore and Glassfish: the service provider
  • CDI configuration
  • use CDI to inject a reference to the UserBean and the OAuthBean
  • ...2 more annotations...
  • JPA configuration
  • dalicore-oauth persistently stores its request and access tokens, its users and its list of service consumers
kuni katsuya

Fetching Client IP Address and Header information in JBoss AS7 access log « J... - 0 views

middlewaremagic.com/jboss

jbossas7 AccessLog

shared by kuni katsuya on 11 Oct 12 - No Cached
  • Fetching Client IP Address and Header information in JBoss AS7 access log
  • “org.apache.catalina.valves.AccessLogValve”
  • More informations about this Valve can be found in the following link: http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html#Access_Log_Valve
  • ...10 more annotations...
  • Some of the useful patterns
  • %h - Remote host name (or IP address if resolveHosts is false)
  • %a - Remote IP address
  • %u - Remote user that was authenticated (if any), else '-'
  • %r - First line of the request (method and request URI)
  • %s - HTTP status code of the response
  • %b - Bytes sent, excluding HTTP headers, or '-' if zero
  • %S - User session ID
  • %t - Date and time, in Common Log Format
  • %m - Request method (GET, POST, etc.)
  • kuni katsuya on 11 Oct 12
     
    "/subsystem=web/virtual-server=default-host/access-log=configuration:add(pattern="%h %l %u %t "%r" %s %b %{User-Agent}i %{JSESSIONID}c")"
kuni katsuya

HttpServletRequest (Java EE 6 ) - 0 views

docs.oracle.com/...HttpServletRequest.html

java security authentication authorization SessionManagement HttpSession session SessionLifeCycle

shared by kuni katsuya on 04 Oct 12 - No Cached
  • kuni katsuya on 04 Oct 12
     
    "getSession(boolean create)"
kuni katsuya

Chapter 10. Integration with CDI - 0 views

www.graniteds.org/...graniteds.ee6cdi.html

graniteds cdi integration

shared by kuni katsuya on 15 May 12 - No Cached
  • GraniteDS provides out-of-the-box integration with CDI via the Tide API
  • Integration with CDI
  • fully supports serialization of JPA entities from and to your Flex application, taking care of lazily loaded associations
  • ...3 more annotations...
  • GraniteDS also integrates with container security for authentication and role-based authorization
  • granite-cdi.jar
  • JBoss 6 and GlassFish v3
kuni katsuya

JdbcRealm (Apache Shiro :: Core 1.1.0 API) - 0 views

127.0.0.1/...JdbcRealm.html

security ApacheShiro Realm JdbcRealm

shared by kuni katsuya on 03 Sep 12 - No Cached
  • Class JdbcRealm
  • Realm that allows authentication and authorization via JDBC calls
  • subclassed and the appropriate methods overridden. (usually doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken), getRoleNamesForUser(java.sql.Connection,String), and/or getPermissions(java.sql.Connection,String,java.util.Collection)
kuni katsuya

This is Stuff: Apache Shiro Part 2 - Realms, Database and PGP Certificates - 0 views

meri-stuff.blogspot.ca/...art-2-realms-database-and.html

security ApacheShiro Realm database

shared by kuni katsuya on 09 Aug 12 - No Cached
  • Apache Shiro Part 2 - Realms, Database and PGP Certificates
  • move user account data to database
  • give users an option to authenticate themselves via PGP certificates
  • ...9 more annotations...
  • log in options: log in with user name/password and log in with certificate
  • how to create custom realm and how to handle multi-realm scenario
  • account credentials and access rights are stored in database. Stored passwords are hashed and salted.
  • Authorization
  • If the realm wishes to do also authorization, it has to implement Authorizer interface. Each Authorizer method takes principal as parameter and checks either role(s) or permission(s)
  • Permissions are supplied either as strings or as permission objects
  • use WildcardPermissionResolver to convert strings into permission objects
  • connect application to database and create tables to store all user account data
  • replace IniRealm with realm able to read from database and salt passwords.
‹ Previous 21 - 40 of 51 Next ›
Showing 20 items per page