Authentication by token
146 views
Skip to first unread message
Елизавета Невоструева
Jan 28, 2015, 1:13:31 AM1/28/15
to hippo-c...@googlegroups.com
Hello) I have some questions) I develop 2 associated apps) There is authentication via Spring Security in first and site (Hippo CMS) in another. Can I authenticate and authorize in Hippo via HTS Security by OAuth token which is received from first app? How can i do this?
Brian Snijders
Jan 28, 2015, 6:45:35 AM1/28/15
to hippo-c...@googlegroups.com
You can also use Spring Security in the HST, by means of the HST Spring Security Plugin:
http://hst-springsec.forge.onehippo.org/
Using Spring Security, you can set up Hippo as an OAuth2 consumer, assuming your first app is an OAuth2 Auth Server.http://hst-springsec.forge.onehippo.org/
2015-01-28 7:13 GMT+01:00 Елизавета Невоструева <e.nevo...@gmail.com>:
Hello) I have some questions) I develop 2 associated apps) There is authentication via Spring Security in first and site (Hippo CMS) in another. Can I authenticate and authorize in Hippo via HTS Security by OAuth token which is received from first app? How can i do this?
--
Hippo Community Group: The place for all discussions and announcements about Hippo CMS (and HST, repository etc. etc.)
To post to this group, send email to hippo-c...@googlegroups.com
RSS: https://groups.google.com/group/hippo-community/feed/rss_v2_0_msgs.xml?num=50
---
You received this message because you are subscribed to the Google Groups "Hippo Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hippo-communi...@googlegroups.com.
Visit this group at http://groups.google.com/group/hippo-community.
For more options, visit https://groups.google.com/d/optout.
--
Met vriendelijke groet,
Brian Snijders
Software Engineer
http://about.me/briansnijders
Finalist - open IT oplossingen
Rotterdam - Eindhoven - Maarssen
http://www.finalist.nl
Telefoon 088 217 08 43
Mobiel 06 455 40 083
Brian Snijders
Software Engineer
http://about.me/briansnijders
Finalist - open IT oplossingen
Rotterdam - Eindhoven - Maarssen
http://www.finalist.nl
Telefoon 088 217 08 43
Mobiel 06 455 40 083
Елизавета Невоструева
Jan 28, 2015, 7:38:48 AM1/28/15
to hippo-c...@googlegroups.com
I used this way, but for me it isn't good. I don't want use Spring Security in HTS, I want to synchronize my 2 apps. For example, I send some information from HTS to my app, which find a user with such information, and send to HTS result (token) after searching received information. HTS via HTS Security
bring to a conclusion authentication and authorization after receive token.
среда, 28 января 2015 г., 14:45:35 UTC+3 пользователь brian написал:
bring to a conclusion authentication and authorization after receive token.
среда, 28 января 2015 г., 14:45:35 UTC+3 пользователь brian написал:
Woonsan Ko
Jan 28, 2015, 10:20:29 AM1/28/15
to hippo-c...@googlegroups.com
That sounds like a typical SSO integration case.
For example, users are authenticated on /site application, and if they
visit /cms application, then /cms application could allow access based
on some token (post/get parameter for example).
If it is similar to this, then there's an example project for cms sso
integration:
- https://github.com/woonsanko/hippo-cas-integration-demo
In the project, /cms application is integrated with an external CAS
server. So, by having additional servlet filters in /cms, it is
asserting the CAS token and create user session to allow access.
Could it give you some hints?
Regards,
Woonsan
Boston - 745 Atlantic Ave, 8th Floor, Boston MA 02111
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
For example, users are authenticated on /site application, and if they
visit /cms application, then /cms application could allow access based
on some token (post/get parameter for example).
If it is similar to this, then there's an example project for cms sso
integration:
- https://github.com/woonsanko/hippo-cas-integration-demo
In the project, /cms application is integrated with an external CAS
server. So, by having additional servlet filters in /cms, it is
asserting the CAS token and create user session to allow access.
Could it give you some hints?
Regards,
Woonsan
> --
> Hippo Community Group: The place for all discussions and announcements
> about Hippo CMS (and HST, repository etc. etc.)
>
> To post to this group, send email to hippo-c...@googlegroups.com
> RSS:
> https://groups.google.com/group/hippo-community/feed/rss_v2_0_msgs.xml?num=50
> ---
> You received this message because you are subscribed to the Google
> Groups "Hippo Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to hippo-communi...@googlegroups.com
> <mailto:hippo-communi...@googlegroups.com>.
> Hippo Community Group: The place for all discussions and announcements
> about Hippo CMS (and HST, repository etc. etc.)
>
> To post to this group, send email to hippo-c...@googlegroups.com
> RSS:
> https://groups.google.com/group/hippo-community/feed/rss_v2_0_msgs.xml?num=50
> ---
> You received this message because you are subscribed to the Google
> Groups "Hippo Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to hippo-communi...@googlegroups.com
> Visit this group at http://groups.google.com/group/hippo-community.
> For more options, visit https://groups.google.com/d/optout.
--
w....@onehippo.com www.onehippo.com
> For more options, visit https://groups.google.com/d/optout.
--
Boston - 745 Atlantic Ave, 8th Floor, Boston MA 02111
Amsterdam - Oosteinde 11, 1017 WT Amsterdam
US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
Reply all
Reply to author
Forward
0 new messages