Samples for OE REST Adapter Security and Authentication

  • Thread starter Thread starter Lieven Cardoen
  • Start date Start date
Status
Not open for further replies.
L

Lieven Cardoen

Guest
Instead of having a truckload of pdf's on REST (Web applications, security, eclipse tools, ...) I would really appreciate some simple helloworld examples on how to set up security, especially when AppServer needs to deal with Security instead of the Spring framework... From Donicello Lampe I got this answer in a support case: Hi Lieven, I can think of three options: 1) Using SSO support for REST Web applications (see page 299 of the "OpenEdge Application Server: Administration" documentation). 2) Using Single Point of Authentication security configurations (see page 336 of the "OpenEdge Application Server: Administration" documentation. 3) Use a standard username/password for the initial Spring Framework authentication and then call an AppServer procedure to perform the actual authentication. Some customers have implemented something like the following: ------------------------------ 1. The REST client authenticates itself against the Spring Framework in order to get a cookie (this cookie will need to be used for all subsequent calls to the REST Service until the client logs off). 2. The REST client then calls a login method on the AppServer (providing cookie, username and password). 3. If the user is authenticated successfully, the cookie ID and optionally the login time-stamp is stored in the database (login time-stamp can be used to timeout a session at some later point). 4. Each following AppServer call will automatically check if the cookie is still valid via the Spring Framework. ------------------------------ Option 1 and 2 are not very well documented, so I will need to setup a test environment to document the exact steps. I will get back to you once I have this information. As far as I know, there were no new authentication options for REST between 11.3 and 11.5. Will let you know if I do encounter something though. Examples for the three options would be very much appreciated. Projects in Eclipse can be easily zipped and imported. So OpenEdge could supply some of these projects for different REST Security and Authentication scenarios. Users could then import the eclipse project and if the project works with the default brokers and OE Web Servers, everything should be really smooth to set up and test. Kind regards, Lieven Cardoen

Continue reading...
 
Status
Not open for further replies.
Back
Top