I'm trying to create a rest-service using basic-authentication (+ ssl in production).
In the appSecurity-basic-local.xml file I've enabled the "OEClientPrincipal"-section:
<b:bean id="OEClientPrincipalFilter" class="com.progress.rest.security.OEClientPrincipalFilter" >
<b:property name="enablecp" value="true" />
<b:property name="domain" value="rest" />
<b:property name="roles" value="sample" />
<b:property name="authz" value="false" />
<b:property name="expires" value="600" />
<b:property name="accntinfo" value="true" />
<b:property name="properties" >
<b:map>
<b:entry key="prop-1" value="string1"/>
<b:entry key="prop-2" value="string2"/>
</b:map>
</b:property>
<b:property name="ccid" value="true" />
<b:property name="anonymous" value="true" />
</b:bean>
Indeed, in the appserver's activate hook, I get a sealed CP containing the correct domain name.
When I try to execute a "set-db-client", I get an error (corrupt cp (16385)). Which seems logical since I've never entered the domain's passphrase anywhere(except in the db).
Does anybody have an idea where I can enter this info? Or, how to solve this?
Using 11.3
The Domain's access code can be added using a property to the OEClientPrincipalFilter bean:
<b:property name="key" value="xxxx" />
The value of the property can one of :
a) a clear-text string (what you may want to use in development mode for debugging)
b) an encoded string (what you may want to use in a production mode for security)
The encoded string follows the same pattern used for passing encoded passwords to things like -U, client-principal:initialize(), etc. To generate the encoded string first run
$DLC/bin/genpassword -password "clear-text-password"
It will produce a hex-binary encoded string. Next, append the hex-binary encode string to "oech1::" to get the 'key' property's value.
example:
$DLC/bin/genpassword -password "password"
20333c34252a2137
<b:property name="key" value="oech1::20333c34252a2137" />
It's working now. And it wasn't even complicated :-)
Did you get this from the Openedge manuals?
Anyway: Many thanks!
Sad to say, I could not find the information in the OpenEdge documentation set. I happen to know because I wrote the stuff and know where the sources live. Perhaps this problem will be corrected later.
Luck!