W
wvdgraaf
Guest
my (simplified) code: Maybe somebody can point me to an error concerning the way I try to use authorization. The restDispatcher class handles all calls from the REST interface. So I also have dispatchPost, dispatchPut and dispatchDelete. They all do checklogin(picService) for authorization before executing the rest of the code. routine-level on error undo, throw. @openapi.openedge.export FILE(type="REST", executionMode="singleton", useReturnValue="false", writeDataSetBeforeImage="false"). using Progress.Lang.*. class restDispatcher: @openapi.openedge.export(type="REST", useReturnValue="false", writeDataSetBeforeImage="false"). method public void dispatchGet(picService as character, picHeaders as character, picRequest as character, output poiHttpStatus as integer, output pocResponse as longchar): if checklogin(picService) then do: /* rest of code */ end. end method. method private logical checklogin(picService): def var hCP as handle no-undo. hCP = session:current-request-info:GetClientPrincipal(). if valid-handle(hCP) then do: username = entry(1,hCP:qualified-user-id,"@"). /* check user authorization in application database */ return userIsAuthorized(picService,username). end. return false. end method. method privat logical userIsAuthorized(cFunction as char,cUser as char): return true. end method. end class.
Continue reading...
Continue reading...