Version 0.1
Security Vulnerabilities
- User credentials passed with every request.
- User credentials would have to be stored in the Client app perhaps as plain text.
- Once Client has access to User credentials , Client has full control over resources i.e. impersonate the User.
- User credentials are stored in the application database.
Version 0.2
Security Vulnerabilities
- Removed version 0.1 , 1-4 vulnerabilities.
Usage for MacOS:
Step 1 : cd ./run
Step 2 : Start keycloak server. Note you have to change the default realm directory on your host first. Open the file below to make the change.
Step 3 : Login to your auth server (username: admin , password: admin)
and create user,password for user , "user_id" attribute and associated UUID and scope.
More info inside script.
Step 4 : In a new terminal
Step 5 : . ./
scope should be "product:read" or "product:write" , as defined in resource server controller.
This can be configured by changing the controller java file.
Step 6 : echo $TOKEN to verify token is present
Step 7 : ./
Should see some data returned.
Comments welcome :