Results 1 to 7 of 7

Thread: Zimbra auth Token in my own service

  1. #1
    Join Date
    Jun 2011
    Posts
    13
    Rep Power
    4

    Default Zimbra auth Token in my own service

    Hello everybody,

    I was wondering if I can use the token to authenticate a user in my own application.

    Basicly I have a Zimlet which should connect to a REST-Webservices which is protected (with Spring Security). To access this webservice the user needs the same credentials as for the zimbra server. So I thought perhaps I can use the Zimbra-auth-token to authenticate the user in the webapp. Unfortunately I couldn't find any information about this topic. I hope someone has a suggestion

    Thanks
    Christian

    Ps I'm not sure if this is the right sub-forum
    Last edited by chrissi86; 10-12-2012 at 01:17 PM.

  2. #2
    Join Date
    Oct 2009
    Location
    Tokyo
    Posts
    113
    Rep Power
    6

    Default

    Hi

    I think there are several ways to do that.

    One is that your own web app send SOAP/HTTP AuthRequest with the zimbra auth token to Zimbra Server and make them check if that is valid or not.

    Or

    You can implement AuthToken validation logic in your own web app.
    protected ZimbraAuthToken(String encoded) method in com.zimbra.cs.account.ZimbraAuthToken.java
    looks the validation logic.
    So maybe you can copy that or use that function.

  3. #3
    Join Date
    Jun 2011
    Posts
    13
    Rep Power
    4

    Default

    Thank you for your response

    Unfortunately I had many other things to do in the last weeks. So I can try your ideas only now. Probably I will look in the source code to see how the developers have implemented the AuthToken validation and then decide which alternative I take.

    Many greetings
    Christian

  4. #4
    Join Date
    Jun 2011
    Posts
    13
    Rep Power
    4

    Default activate authentication in httplistener

    Now I have downloaded the source code of the relevant classes and I understand the main part.
    Accidentally I find the blog posting from Vishal Mahajan about zimbra server extensions here. It was very interesting because it was exactly what I was looking for. The advantage would be that I do not have to use a proxy for the ajax of my zimlet. Now I was wandering if it would be possible to activate an authentication for my httpListener with less effort.

    Thank you very much
    Christian

    Should I open a new topic in another forum?

  5. #5
    Join Date
    Oct 2009
    Location
    Tokyo
    Posts
    113
    Rep Power
    6

    Default

    Oh, then your own app can be on Zimbra's web application server(Jetty).
    I assumed that your own app is on your own farm, which is built on your own web application server.

    Now you have source code, so you can see LoginTag class in com.zimbra.cs.taglib.tag.
    ZMailbox mbox = ZMailbox.getMailbox(options);
    This line is doing some things including authentication.
    So you can copy that or you can look into ZMailbox picking up some of them.

  6. #6
    Join Date
    Jun 2011
    Posts
    13
    Rep Power
    4

    Default

    I first thaught that I have to host it on an external Server but I did not know what is all possible with zimbra (I did not exactly know server extensions) and so it is easier to connect the zimlet with my http-service.
    I have looked at the LoginTag but I found a solution which is a little bit more elegant. With the ExtensionDispatcherServlet (which you need for register the service) you can get the authToken of the actual request. And with this token you can see if the user has authorization (or not).

    Code:
     AuthToken token =ExtensionDispatcherServlet.getAuthTokenFromHttpReq(req, false);
    I think this is enough for me at first. The Taglib is perhaps a little bit too complicated for this purpose.

    Thank you very much yutaka. A good community around a project is so helpful
    Christian

    Ps. How can I mark this thread as "[SOLVED]"?
    Last edited by chrissi86; 10-12-2012 at 01:23 PM.

  7. #7
    Join Date
    Oct 2009
    Location
    Tokyo
    Posts
    113
    Rep Power
    6

    Default

    I also looked into your solution.

    I have never tried before. But looks like it works for you.
    And you are absolutely right that it is more elegant than mine!!

    It is great to have a discussion here with you.

    BTW, I do not know how to make this "[solved]".

    Thank you

Similar Threads

  1. validity of auth token
    By arpitamunjal in forum Developers
    Replies: 16
    Last Post: 08-31-2012, 01:12 PM
  2. [SOLVED] URGENT HELP - Auth Token set to "0"
    By Sir Bob in forum Administrators
    Replies: 1
    Last Post: 05-10-2010, 08:38 AM
  3. Logging in using DelegateAuth auth token
    By Cyso in forum Developers
    Replies: 0
    Last Post: 03-23-2010, 07:07 AM
  4. Replies: 0
    Last Post: 02-01-2010, 06:02 AM
  5. Idle time auth token counter reset
    By msmcknight in forum Administrators
    Replies: 1
    Last Post: 08-21-2009, 02:43 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •