I'm trying to develop a javascript mobile app that will use a liferay portal jsonws api. I have a username and password. If I try a request using curl with basic auth I can access the resources, but I don't get a token in return, I get a cookie with a sessionid and I have to include username and password in every request. I've no control on the portal. How do I get the p_auth token?
我正在开发一个javascript移动应用程序,它将使用liferay portal jsonws api。我有用户名和密码。如果我用基本的auth来尝试一个使用curl的请求,我可以访问资源,但是我没有得到一个标记作为回报,我得到一个带有sessionid的cookie,我必须在每个请求中包含用户名和密码。我无法控制门户。如何获得p_auth令牌?
3 个解决方案
#1
0
Becareful, the parameter p_auth is used to prevent CSRF attack. You can obtain the value with this code:
因为参数p_auth是用来防止CSRF攻击的。您可以通过以下代码获得该值:
String pAuth = com.liferay.portal.security.auth.AuthTokenUtil.getToken(request);
TokenUtil is a part of the liferay core, so you must create a hook because the jsp must be in liferay directory, not in a plugin or a portlet because in other classpath you dont have acces to this object.
TokenUtil是liferay内核的一部分,所以您必须创建一个钩子,因为jsp必须在liferay目录中,而不是在插件或portlet中,因为在其他类路径中,您没有对该对象的acces。
#2
0
You can get the authentication token (p_auth) by using Liferay.authToken predefined variable.
您可以使用Liferay获得身份验证令牌(p_auth)。authToken预定义变量。
#3
0
You can use Liferay.authToken to get p_auth from client.
您可以使用Liferay。从客户端获得p_auth的authToken。
You may go to browser console and type Liferay.authToken to verify that the object is available.
您可以访问浏览器控制台和类型Liferay。authToken验证该对象是否可用。
I've used the same object for auth purpose where I was listing down results from JSONW service call. You can save the value in a variable and set anywhere per requirement. I found this the easiest way.
我使用相同的对象来进行auth目的,我在这里列出了JSONW服务调用的结果。您可以将值保存在一个变量中,并根据需要设置任何地方。我发现这是最简单的方法。
var pAuth = Liferay.authToken;
console.log(pAuth);
Hope this would be helpful :)
希望这对你有帮助
#1
0
Becareful, the parameter p_auth is used to prevent CSRF attack. You can obtain the value with this code:
因为参数p_auth是用来防止CSRF攻击的。您可以通过以下代码获得该值:
String pAuth = com.liferay.portal.security.auth.AuthTokenUtil.getToken(request);
TokenUtil is a part of the liferay core, so you must create a hook because the jsp must be in liferay directory, not in a plugin or a portlet because in other classpath you dont have acces to this object.
TokenUtil是liferay内核的一部分,所以您必须创建一个钩子,因为jsp必须在liferay目录中,而不是在插件或portlet中,因为在其他类路径中,您没有对该对象的acces。
#2
0
You can get the authentication token (p_auth) by using Liferay.authToken predefined variable.
您可以使用Liferay获得身份验证令牌(p_auth)。authToken预定义变量。
#3
0
You can use Liferay.authToken to get p_auth from client.
您可以使用Liferay。从客户端获得p_auth的authToken。
You may go to browser console and type Liferay.authToken to verify that the object is available.
您可以访问浏览器控制台和类型Liferay。authToken验证该对象是否可用。
I've used the same object for auth purpose where I was listing down results from JSONW service call. You can save the value in a variable and set anywhere per requirement. I found this the easiest way.
我使用相同的对象来进行auth目的,我在这里列出了JSONW服务调用的结果。您可以将值保存在一个变量中,并根据需要设置任何地方。我发现这是最简单的方法。
var pAuth = Liferay.authToken;
console.log(pAuth);
Hope this would be helpful :)
希望这对你有帮助