M
Michael Jacobs
Guest
Good, we are making headway. Just so we do not get caught up and confused in terminology and technology, allow me to expand on the example you and I showed. ( If you know this already just skip it ) The way that I interpret your example was from a client UI [browser] application where the actual dynamic page generation is being performed in the server side's Java web application. One example of this technology is Java Server Pages. In this scenario the client logs into the Java web application using its Spring Security stack (same as what we use in our REST services). The Spring Security framework supports tags that can be used during the generation of the dynamic [JSP] html page returned to the browser. Those Spring Security tags can be used to control the html page's content based on what is authorized by the Spring Security's client login. In contrast, the backend REST data services ( i.e. the OE REST service ) would be only be serving data content for the html pages running in the client browser [ or device ]. That REST service is also using Spring Security to ensure that even an authenticated UI page has access to the data. (The conventional server rule of never trusting a client until they prove who they are.) So now to your question (at last) The closest OE supports for a REST client would be OpenEdge Mobile ( an excellent choice, if I may say so ) and some low level REST client support that was scheduled for 11.5. Neither of which would use the Spring Security tag support as shown in your html page example. It is possible, in theory, that when using standard Spring Security you can authenticate to one web application ( as in the JSP UI ) and SSO onto other web applications in the same server. We have not physically proven, or disproven, that the theory works with our OE REST services. So far we've taken the keep-it-simple route and recommend that you distribute the UI and REST service(s) it uses in the same web application. In that way you can choose to login once and the authorizations apply equally to the UI pages (in the case where you are writing JSP dynamic html pages) and the REST services that provide the AppServer data source. Trawling the doc would be a good exercise to get started and more familiar with working in this environment, but this conversation has gone beyond what would be found in the OE docs. Feel free to continue asking questions and we'll help clarify as best we can. Please let me know if this is too much information or not in the direction you wish to follow. Mike J.
Continue reading...
Continue reading...