Re: Contact enquiry: Website enquiry: miltonio

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Contact enquiry: Website enquiry: miltonio

bradmacnz

Comments below:


On 02/06/17 07:32, Jakov  wrote:

Hi Brad,

 

Thank you very much for this info!

 

I guess we can use Basic auth with Cookie Auth together right ?

It happens automatically when using annotations, and is supported through the Resource API (see below)

We are using Resource api, and have a few problems for now.

 

  1. First directory to be seen should depend on logged in user, and our ResourceFactory gets called before any authentication.

This is a classic issue when using Milton. Milton is resource centric, so we get the resource and then use it for authentication and authorisation.

However, if you use annotations there is a simple option called early authentication. See the section "Pre, Early and Late Authentication" here:

http://milton.io/guide/02-implementation/01-annotations/



  1. Do you have any sample code for implementation of cookie authentication for resource API ?

All Milton examples use Basic authentication, and all annotations examples implicitly use cookie auth. You dont need to do anything special, just follow the annotations tutorial. If you want to use the Resource API its a bit harder, you need to implement DiscretePrincipal on the object returned by authentication, and your ResourceFactory must be able to look it up from the path you provide in the interface.

 

Tnx in advance,

 

Jakov

 

From: Brad McEvoy [[hidden email]]
Sent: Wednesday, May 31, 2017 10:07 PM

Subject: Re: Contact enquiry: Website enquiry: miltonio

 

Hi,

Most third party clients (eg Cyberduck, Bitkinex, etc) work with level 1, but most OS clients require Dav level 2 to function correctly. Windows has some support for level 1, but its not great.

However, the multiple PUT issue is a little different. That happens on Windows when you havent enabled cookie authentication. The simplest thing is to use annotations including @Authenticate, because the annotation based authentication framework is integrated with cookie authentication.

If you're using your own authentication (eg you're implementing SecurityManager or Resource.authenticate) then make sure your principal object implements DiscretePrincipal and can be located from your ResourceFactory.

Regards,

Brad

 

On 01/06/17 04:30, [hidden email] wrote:

Company

Neoinfo ltd

Contact form

/contactus

Hi, Can you please tell me do we need Enterprise Licence for using webdav with windows client ? We have a problem with PUT method called multiple times for single file. Is the enterprise licence solution for this ? What is the price for enterprise licence, per server per year ? Does this licence include any support ? Kind Regards, Jakov

 



_______________________________________________
Milton-users mailing list
[hidden email]
http://lists.justthe.net/mailman/listinfo/milton-users
Reply | Threaded
Open this post in threaded view
|

Re: Contact enquiry: Website enquiry: miltonio

Jakov Kondža

Hi Brad,

 

Thank you very much, but I still don't quite understand some security and compatibility things 😊

 

We have most of thing done and working with resource API, but from your answer it seems to me we should switch to annotations framework ?

 

 

 

Let me please explain our needs:

So we have a database with files and folders for a user.

Each user has HOME directory with files and folders under that folder, and this folder is different for each user (different id in database)

 

So to show user his HOME folder content we must know for which user it is needed.

 

Also, we need this to be compatible with windows webdav client, and run on non root context (for example http://localhost:8080/app/webdav).

We will be using it over SSL so basic auth is ok for us.

 

Also there will probably be a request to be used with MS Office, which as I understood should mean we would need Enterprise Edition.

 

 

Can you please advice us in which direction we should go to support all this ?

 

 

 

Lp,

Jakov

 

From: Brad McEvoy [mailto:[hidden email]]
Sent: Thursday, June 1, 2017 11:18 PM
To: milton-users <[hidden email]>
Subject: Re: Contact enquiry: Website enquiry: miltonio

 

Comments below:

 

On 02/06/17 07:32, Jakov  wrote:

Hi Brad,

 

Thank you very much for this info!

 

I guess we can use Basic auth with Cookie Auth together right ?

It happens automatically when using annotations, and is supported through the Resource API (see below)


We are using Resource api, and have a few problems for now.

 

  1. First directory to be seen should depend on logged in user, and our ResourceFactory gets called before any authentication.

 

This is a classic issue when using Milton. Milton is resource centric, so we get the resource and then use it for authentication and authorisation.

However, if you use annotations there is a simple option called early authentication. See the section "Pre, Early and Late Authentication" here:

http://milton.io/guide/02-implementation/01-annotations/



  1.  
  2. Do you have any sample code for implementation of cookie authentication for resource API ?


All Milton examples use Basic authentication, and all annotations examples implicitly use cookie auth. You dont need to do anything special, just follow the annotations tutorial. If you want to use the Resource API its a bit harder, you need to implement DiscretePrincipal on the object returned by authentication, and your ResourceFactory must be able to look it up from the path you provide in the interface.


 

Tnx in advance,

 

Jakov

 

From: Brad McEvoy [[hidden email]]
Sent: Wednesday, May 31, 2017 10:07 PM

Subject: Re: Contact enquiry: Website enquiry: miltonio

 

Hi,

Most third party clients (eg Cyberduck, Bitkinex, etc) work with level 1, but most OS clients require Dav level 2 to function correctly. Windows has some support for level 1, but its not great.

However, the multiple PUT issue is a little different. That happens on Windows when you havent enabled cookie authentication. The simplest thing is to use annotations including @Authenticate, because the annotation based authentication framework is integrated with cookie authentication.

If you're using your own authentication (eg you're implementing SecurityManager or Resource.authenticate) then make sure your principal object implements DiscretePrincipal and can be located from your ResourceFactory.

Regards,

Brad

 

On 01/06/17 04:30, [hidden email] wrote:

Company

Neoinfo ltd

Contact form

/contactus

Hi, Can you please tell me do we need Enterprise Licence for using webdav with windows client ? We have a problem with PUT method called multiple times for single file. Is the enterprise licence solution for this ? What is the price for enterprise licence, per server per year ? Does this licence include any support ? Kind Regards, Jakov

 

 


_______________________________________________
Milton-users mailing list
[hidden email]
http://lists.justthe.net/mailman/listinfo/milton-users
Reply | Threaded
Open this post in threaded view
|

Re: Contact enquiry: Website enquiry: miltonio

Jakov Kondža
In reply to this post by bradmacnz

Hi Brad,

 

I have another question 😊

 

I've managed to get preauthentication to work with resource API.

Now I have other problem, I need to use authentication to third party system over rest API

I get back access_token how can I use this to authenticate with milton.

Does Milton support token authentication and does it work with windows client ?

 

Thank you very much for help on this.

 

Kind Regards,

Jakov

 

From: Brad McEvoy [mailto:[hidden email]]
Sent: Thursday, June 1, 2017 11:18 PM
To: milton-users <[hidden email]>
Subject: Re: Contact enquiry: Website enquiry: miltonio

 

Comments below:

 

On 02/06/17 07:32, Jakov  wrote:

Hi Brad,

 

Thank you very much for this info!

 

I guess we can use Basic auth with Cookie Auth together right ?

It happens automatically when using annotations, and is supported through the Resource API (see below)


We are using Resource api, and have a few problems for now.

 

  1. First directory to be seen should depend on logged in user, and our ResourceFactory gets called before any authentication.

 

This is a classic issue when using Milton. Milton is resource centric, so we get the resource and then use it for authentication and authorisation.

However, if you use annotations there is a simple option called early authentication. See the section "Pre, Early and Late Authentication" here:

http://milton.io/guide/02-implementation/01-annotations/



  1.  
  2. Do you have any sample code for implementation of cookie authentication for resource API ?


All Milton examples use Basic authentication, and all annotations examples implicitly use cookie auth. You dont need to do anything special, just follow the annotations tutorial. If you want to use the Resource API its a bit harder, you need to implement DiscretePrincipal on the object returned by authentication, and your ResourceFactory must be able to look it up from the path you provide in the interface.


 

Tnx in advance,

 

Jakov

 

From: Brad McEvoy [[hidden email]]
Sent: Wednesday, May 31, 2017 10:07 PM

Subject: Re: Contact enquiry: Website enquiry: miltonio

 

Hi,

Most third party clients (eg Cyberduck, Bitkinex, etc) work with level 1, but most OS clients require Dav level 2 to function correctly. Windows has some support for level 1, but its not great.

However, the multiple PUT issue is a little different. That happens on Windows when you havent enabled cookie authentication. The simplest thing is to use annotations including @Authenticate, because the annotation based authentication framework is integrated with cookie authentication.

If you're using your own authentication (eg you're implementing SecurityManager or Resource.authenticate) then make sure your principal object implements DiscretePrincipal and can be located from your ResourceFactory.

Regards,

Brad

 

On 01/06/17 04:30, [hidden email] wrote:

Company

Neoinfo ltd

Contact form

/contactus

Hi, Can you please tell me do we need Enterprise Licence for using webdav with windows client ? We have a problem with PUT method called multiple times for single file. Is the enterprise licence solution for this ? What is the price for enterprise licence, per server per year ? Does this licence include any support ? Kind Regards, Jakov

 

 


_______________________________________________
Milton-users mailing list
[hidden email]
http://lists.justthe.net/mailman/listinfo/milton-users