REST/Mobile Single Point of Authentication (SPA)

Posted by oscar.perez@aperosolutions.com on 06-Apr-2015 10:28

Hi All,

We are trying to implement Single Point of Authentication in our REST architecture. I have followed all the guidelines in either OE Documentation and OERealm-Draft Pdf, when I tried to GET any of the exposed resources, I can see in my AppServer log file that the proper methods in HybridRealm.cls are being called, User/Password are being validated correctly but yet I'm getting 403, Unauthorized response. 

I'm attaching my current files: appSecurity-basic-oerealm.xml and HybridRealm.cls for better information on how I have it setup.

It appears to be a Spring Role configuration problem but after few days trying, I haven't been able to figure it out.

Can any one please help ?

Thanks a lot.

Mobile - Forum
Posted by knavneet on 06-Apr-2015 11:13

Hi Oscar,
 
I think the problem is that you return the role with ROLE_ prefix.
 
Spring Security adds a prefix prefix to the value returned from the realm server class.
 
So, you must return PSCUser and not ROLE_PSCUser.
 
                when "ATTR_ROLES" then
/*                  retVal = "ROLE_PSCDebug".*/
                    retVal = "ROLE_PSCUser". /* Change this to PSCUser.*/
 
HTH,
 
Navneet
 
[collapse]
From: oscar.perez@aperosolutions.com [mailto:bounce-oscarperezaperosolutionscom@community.progress.com]
Sent: Monday, April 06, 2015 9:30 PM
To: TU.Mobile@community.progress.com
Subject: RE: [Technical Users - Mobile] REST/Mobile Single Point of Authentication (SPA)
 

Hi Paul,

Thanks for you quick answer. In my attached code, you can see I do return a numerical userid, I believe there should be something else. Any other ideas ?

Thanks

Oscar

Stop receiving emails on this subject.

Flag this post as spam/abuse.

[/collapse]

All Replies

Posted by Paul Koufalis on 06-Apr-2015 10:34

WIth the example class you must assign a value to _user._user-number so that the class can return a numerical userid or modify the class accordingly.

As an FYI, Peter Judge and I will be giving a 3 hour, hands-on workshop on OE REST Security at this year's PUG Challenge Americas in June. Go to pugchallenge.org for more details.

Posted by oscar.perez@aperosolutions.com on 06-Apr-2015 10:59

Hi Paul,

Thanks for you quick answer. In my attached code, you can see I do return a numerical userid, I believe there should be something else. Any other ideas ?

Thanks

Oscar

Posted by knavneet on 06-Apr-2015 11:13

Hi Oscar,
 
I think the problem is that you return the role with ROLE_ prefix.
 
Spring Security adds a prefix prefix to the value returned from the realm server class.
 
So, you must return PSCUser and not ROLE_PSCUser.
 
                when "ATTR_ROLES" then
/*                  retVal = "ROLE_PSCDebug".*/
                    retVal = "ROLE_PSCUser". /* Change this to PSCUser.*/
 
HTH,
 
Navneet
 
[collapse]
From: oscar.perez@aperosolutions.com [mailto:bounce-oscarperezaperosolutionscom@community.progress.com]
Sent: Monday, April 06, 2015 9:30 PM
To: TU.Mobile@community.progress.com
Subject: RE: [Technical Users - Mobile] REST/Mobile Single Point of Authentication (SPA)
 

Hi Paul,

Thanks for you quick answer. In my attached code, you can see I do return a numerical userid, I believe there should be something else. Any other ideas ?

Thanks

Oscar

Stop receiving emails on this subject.

Flag this post as spam/abuse.

[/collapse]

Posted by oscar.perez@aperosolutions.com on 06-Apr-2015 11:20

Naveneet,

You nailed it !!!!, that solved my problem. Thank you so much !!!!!.

This thread is closed