jdb/new-life-songs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implemented token-based API authentication.

Browse Source 
Replaced the ApiKey concept with ephemeral tokens. Users and apps obtain a
token by authenticating the user credentials (to be implemented). The service
then generates a temporary token that is stored by the client and sent with
every request using the `Authorization-Token` header. The server verifies this
token to recognize and authenticate the request. With an authenticated user,
the server can use the user's role to authorize requests.

This implementation uses JSR 250 SecurityContext and security annotations.
This commit is contained in:
Jonathan Bernard
2015-03-02 21:20:25 -06:00
parent 38e0432c1e
commit 83a0f7275c
9 changed files with 141 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/main/sql/create-db.sql
View File

@ -46,15 +46,18 @@ CREATE TABLE IF NOT EXISTS performances (
FOREIGN KEY (song_id) REFERENCES songs (id));
DROP TABLE IF EXISTS api_keys;
CREATE TABLE IF NOT EXISTS api_keys (
key VARCHAR(32) NOT NULL,
description VARCHAR(256) NOT NULL,
PRIMARY KEY (key));
DROP TABLE IF EXISTS users;
CREATE TABLE IF NOT EXISTS users (
id SERIAL,
username VARCHAR(64),
pwd VARCHAR(80));
username VARCHAR(64) UNIQUE NOT NULL,
pwd VARCHAR(80),
role VARCHAR(16) NOT NULL,
PRIMARY KEY (id));
DROP TABLE IF EXISTS tokens;
CREATE TABLE IF NOT EXISTS tokens (
token VARCHAR(64),
user_id INTEGER NOT NULL,
expires TIMESTAMP NOT NULL,
PRIMARY KEY (token),
FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE);