D
danielb
Guest
We're currently implementing a public REST API, and are requiring it to be secured through OAuth. With WebSpeed, we were able to access all the HTTP headers for the request, and do custom validation/authentication/etc on those as required. However, with WebSpeed in PASOE, everything seems to come through fine except for the Authorization header (which carries the Bearer token for OAuth authentication). I can find articles online about accessing the Authorization header from within a Java servlet in Tomcat, so I guessing that it isn't Tomcat itself that is stripping the header, but something in PASOE, or the configuration itself. Has anyone had any luck getting the Authorization header available from within Webspeed, or implementing custom authentication modules within PASOE itself? It looks like we're stuck on Classic Webspeed until we can access this header. We can do obvious workarounds like using a custom header (X-CustomAuthentication), but that doesn't always play nicely with third-party applications.
Continue reading...
Continue reading...