Secure the webapp REST API

toast-tk / toast-tk-engine

The core automation framework for your acceptance tests

http://toast-tk.io

Other

12 stars 5 forks source link

Secure the webapp REST API #75

Closed skokaina closed 7 years ago

skokaina commented 8 years ago

Update the REST API to control the access through JWT tokens With no token, the access won't be authorized (401)

skokaina commented 8 years ago

Faire une clé statique comme parametre de conf.

skokaina commented 8 years ago

issue #73 updated and merged into master

skokaina commented 8 years ago

Exception to be considered for: POST /susbcribe controllers.AgentController.subscribe() GET /socket/stream controllers.AgentController.registerFrontWebsocketService(token: Option[String]) POST /record controllers.AgentController.publishRecordedAction() POST /login controllers.Application.login()

skokaina commented 8 years ago

We should use SCALAINTERCEPTORS and avoid moving async calls to synchronized ones following the use of Authenticated actions: https://www.playframework.com/documentation/2.3.x/ScalaInterceptors

skokaina commented 7 years ago

Code being reviewed using interceptor and annotations

skokaina commented 7 years ago

delivered on branch 75-secure-rest-api-sk